ajax - How to disable drag-and-drop upload function in Media Library?

Does any one knows a valid/standard way to disable drag and upload when accessing the media library in the admin area? In order to make this sense to you, I'm building a multisite and user of sub-site cannot upload media files but they can view.

I can remove their capability 'upload_file' but that would completely remove the media experience.

So far this is what I've got:

add_action('admin_init','disable_drag_upload');
function disable_drag_upload() {

    wp_deregister_script( 'wp-plupload' );
}

.. but that would skip the media library content.

Does any one knows a valid/standard way to disable drag and upload when accessing the media library in the admin area? In order to make this sense to you, I'm building a multisite and user of sub-site cannot upload media files but they can view.

I can remove their capability 'upload_file' but that would completely remove the media experience.

So far this is what I've got:

add_action('admin_init','disable_drag_upload');
function disable_drag_upload() {

    wp_deregister_script( 'wp-plupload' );
}

.. but that would skip the media library content.

• ajax
• javascript
• uploads
• media

Share Improve this question edited Aug 1, 2022 at 16:30 Jesse Nickles 73577 silver badges1919 bronze badges asked Jul 16, 2015 at 4:53 DbxDbx 3144 bronze badges 4

• 1 If a user can not upload files, you shouldn't give him/her upload_file capability. I think that is a must, not an option. Then you can create a custom page to display the media files, nothing stop you, but a user with a capability that he/she can not perform is actually a very bad approach; it can give more headache than happiness; who knows when any other piece of code based on capabilities and will cause conflicts with your intention. I hope you understand my point. – cybmeta Commented Jul 16, 2015 at 7:07
• @cybmeta Thanks for the great insights! This seems to be the proper way to deal with my situation as it would give the network peace of mind that no-one can bypass uploading files. As long as none of the plugins installed skipped checking the capability. It did also justify the 'upload_file' as it stands by its name. – Dbx Commented Jul 16, 2015 at 8:18
• But I wouldn't consider that approach for now as it needs more time in development, considering there are a lot of areas affecting the removal of upload_file, means customizing them all. That's the standard approach but not practical as it would take re-inventing what's already been designed. It's worth suggesting to the core to add something like view_file capability though, but until that time wp_handle_upload_prefilter provides a valid way atm. – Dbx Commented Jul 16, 2015 at 8:29
• Sorry, but again I don't agree with you; a view_file capability for media files (similar to read for posts) is worthless. Actually, in WordPress environment, all media files can be read and viewed by any one because the file URL is publicly accessible. – cybmeta Commented Jul 16, 2015 at 10:38

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Instead of removing upload script you can make the upload error out if the user does not have admin privileges. Like this-

function tomjn_only_upload_for_admin( $file ) {
    if ( ! current_user_can( 'manage_options' ) ) {
        $file['error'] = 'You can\'t upload images without admin privileges!';
    }
    return $file;
}
add_filter( 'wp_handle_upload_prefilter', 'tomjn_only_upload_for_admin' );

For other possible way please follow this answer- https://wordpress.stackexchange.com/a/105558/59760