This is an issue to follow up on the good point that micbar brought up in #1227706: Add a file entity access API.


In version 7.x-2.0-unstable4 the file_delete function has been replaced with the api function file_delete_multiple, which avoids unwanted validation and usage checking.
If a user has the permission to delete files, we cannot restrain him from deleting files used in nodes. He only gets a notice "(in use)" from the delete confirm form.

Couldn't we add another permission, e.g. "delete files in use" and check file_usage_list if a user doesn't have this permission?


Dave Reid’s picture

I don't really think this makes sense?