By Steve Dondley on

I've got content that I restrict access to via the taxonomy_access module. Only certain roles can view content in the private category I've created. However, if a node in this category has a file attachment, anybody who has permission to view attachments can download it.

Has this problem been solved by anyone? Is there a way to easily stop this from happening?

Comments

matteo’s picture

matteo commented

Hi,
look at this post.
It is a simple hack to upload.module that makes it follow permissions set in node_access table.
In my case, my access module works based on roles, but the change I made is transparent to how you protect the node, but you must use standard node_access permissions control.
Try it and let me know. It works with 4.5

Matteo

Steve Dondley’s picture

Steve Dondley commented

Thanks for the help! I'll definitely install that patc when I get a chance and report back.

Steve Dondley’s picture

Steve Dondley commented

Easy change. Thanks.

Rosamunda’s picture

Rosamunda commented

Hi there!
Can you please post the patched file somewhere? maybe at the upload.module project page ... because the link gives me a Not Found Page...

BTW, I´ve installed the 4.7 version... hope it works there... but your hack seems to be exactly what I was looking for!
Thanks in advance!!!!!!

Rosamunda