Posted by budda on April 13, 2011 at 3:51pm
3 followers
| Project: | FileField |
| Version: | 6.x-3.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
A private site with content access denied to anonymous users has a problem when the filefield is used on a user profile registration form.
The ahah upload fails with HTTP error 0 because the access control on the form field checks:
<?php
556 function filefield_edit_access($type_name, $field_name) {
557 if (!content_access('edit', content_fields($field_name, $type_name))) {
558 return FALSE;
559 }
560 // No content permissions to check, so let's fall back to a more general permission.
561 return user_access('access content') || user_access('administer nodes');
562 }
?>user_access('access content') will return FALSE.
WOuld be nice if the module could cater for this case, without having to hook_menu_alter the access callback out.
Comments
#1
You know I've always thought that check was a bit funny. I think it predates my maintainership.
How about we just do this?
<?phpfunction filefield_edit_access($type_name, $field_name) {
return content_access('edit', content_fields($field_name, $type_name));
}
?>
#2
I've committed this patch to loosen up our access control slightly. If a module wants to deny view or editing access they can implement hook_field_access() and set the same permissions through that hook. FileField shouldn't be making assumptions about which permissions allow users to edit/view a field.
#3
Automatically closed -- issue fixed for 2 weeks with no activity.
#4
Excellent. Thanks for the speedy turn around.