We're updating the issue view to help you get more done. 

Take folder permissions into account when using assets in the Preside Admin

Description

It is possible to deny or grant access to Asset folders in the Preside admin for user groups. This works fine in the Asset Manager UI itself.
However if using assets anywhere else in the admin, those folder permissions seem to not be evaluated.
This means that even though a user group might not have access to a folder in the Asset Manager (in fact not even being able to see that folder), this folder still shows up when searching for assets / attachments in the rich editor as well as if using the asset picker form control anywhere. The user is able to pick and use any of the available assets/docs/images.

For example an easy workaround (aka hack) for a user that does not have access to documents in a folder would be to just create a simple page in the site tree, add a link in the rich editor to that document in there and then use that link to download it.

It would be highly appreciated if the permissions would be evaluated in all places in the backend where assets can be used.

Environment

Status

Assignee

Nelson Chuah

Reporter

Jan Jannek

Accepted

Yes

Fix versions

Affects versions

10.8.81
10.9.0

Priority

High