Wordpress-android: Contributors shouldn't be allowed to upload media

It seems it's again possible to enqueue a media for upload even when the user doesn't have permissions to upload media files. @planarvoid Do you think this issue could be related to some of the changes you did to the media picker?

Do you think this issue could be related to some of the changes you did to the media picker?

I don't think so @malinajirka. The changes we did are still behind a flag and haven't actually touched the upload logic (only the media picker). The video you posted even uses the system media picker, not our version.

Thanks to both of you for raising this issue and for checking the details about the system vs app media picker!

I'd like to do some additional testing on this one:

• Check other roles in addition to contributor.
• Check various types of site.
• Test uploads from Media vs Editor.
• Decide whether the broken "delete failed media" action should be filed as a separate issue.

We made some progress here.

See https://github.com/WordPress/gutenberg/pull/26531
And https://github.com/wordpress-mobile/WordPress-FluxC-Android/pull/1739
The last part of this solution is that we need to make changes to the iOS side of things.

I tested this today using WPAndroid 16.9-rc-1 and found that I was unable to upload media when logged in as a contributor. I checked the Media Library and found I can see images previously uploaded on the site but I was not offered the option to upload an image from that screen.

^{Tested with WPAndroid 16.9-rc-1 on Pixel 3 Android 11.}

Ideally, I think we should be handling blocks the same way the media library does—we should not offer the option to add media or files if the logged-in user role does not have rights to add those things.

Closing in favor of continuing the discussion at https://github.com/wordpress-mobile/gutenberg-mobile/issues/3259.