Hi,
in the dbimages plugin of the TinyMCE Plugin there is a file is_allowed.php where you can restrict upload.
In case, when TinyMCE’s folder is not protected with HTTP Authorisation, you should require is_allowed() function to return
TRUEif user is authorised,FALSE- otherwise. This is intended to protect upload script, if someone guesses it’s url.
Is there a way to restrict upload to certain OJS roles in that file? For Versions 2.4.8 and 3.
best,
Carola