Upload module and multiple user roles
ebeyrent - December 19, 2007 - 17:57
| Project: | Drupal |
| Version: | 5.5 |
| Component: | upload.module |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I'm having an issue where I have a custom content type, and file uploads are enabled for this content type. Only users of a specific role can create this content type, and the file upload is restricted to PDF files.
However, I am able to upload the full gamut of allowed file types. I traced the issue back to the upload module:
<?php
if ($error['extension'] == $user_roles) {
form_set_error('upload', t('The selected file %name can not be attached to this post, because it is only possible to attach files with the following extensions: %files-allowed.', array('%name' => $file->filename, '%files-allowed' => $extensions)));
$valid = FALSE;
}
?>This code is failing because the user has two roles at this point: authenticated user and my custom user role. I can easily patch the module, but since it's core, I'd rather not have to do that.
Has anyone got any advice for dealing with this issue?
#1
User 1 can always upload any file type.
#2
Perhaps I was not clear.
This is not for user 1. This is for EVERY user of a specific role.
My site has multiple roles:
standard user
admin user
etc
Anyone who is one of these roles is ALSO an authenticated user, giving them two roles. Does this clear up the confusion?
#3
Is anyone looking at this?
#4
#5
The problem really is one of weights. In my application, I have several user roles:
standard user
partner
admin
A user who has the standard user role might also have the partner role. The standard user cannot upload files, but the parter role can upload pdf files. In the following code:
<?php$user_roles = count($user->roles);
$valid = TRUE;
if ($error['extension'] == $user_roles) {
form_set_error('upload', t('The selected file %name can not be attached to this post, because it is only possible to attach files with the following extensions: %files-allowed.', array('%name' => $file->filename, '%files-allowed' => $extensions)));
$valid = FALSE;
}
elseif ($error['uploadsize'] == $user_roles) {
form_set_error('upload', t('The selected file %name can not be attached to this post, because it exceeded the maximum filesize of %maxsize.', array('%name' => $file->filename, '%maxsize' => format_size($uploadsize))));
$valid = FALSE;
}
elseif ($error['usersize'] == $user_roles) {
form_set_error('upload', t('The selected file %name can not be attached to this post, because the disk quota of %quota has been reached.', array('%name' => $file->filename, '%quota' => format_size($usersize))));
$valid = FALSE;
}
?>
What this code (upload.module, lines 443-459) is doing is comparing the number of roles to the number of errors. Because my user has two roles, and only one of the roles can upload a pdf file, $user_roles = 2, but $error['extension'] = 1. Therefore, the upload is never seen as invalid.
I understand that there is a role weights module, and perhaps that needs to be rolled into core, and/or upload needs to respect it.
#6
Probably a duplicate of:
http://drupal.org/node/155425
#7
It's not even remotely close to the issue I am reporting. Issue 155425 refers to disk quotas. I'm talking about file types. What makes you think the two are related??
#8
Really - forgive me for being frustrated - but I even went and pointed out the code where I think the error is happening, along with the reason why I think the error is happening. The code is comparing the number of errors to the number of roles a user has. Not only does this not makes sense to me, but it makes no sense how you can read what I wrote and think this has something to do with the size of the file being uploaded.