30 users with access to 30 different files and only able access thier files? how do i do this?

dc35 - June 18, 2008 - 18:38

I am creating a new site that will have about 30 different users that will need to access content and files that have to be set for their eyes only.

In basic terms, user A needs to access content and files only viewable to user A, User B can not see user A's files and so on.

I'm at a loss on how to set this level of permissions up with out it becoming a total nightmare. please advise.

» Login or register to post comments

For Drupal 5 use Content Access

bestknight - June 18, 2008 - 18:54

For drupal 5 this could be resolved using the Content Access module.

For the content type to be regulated set the View Edit and Delete permissions to author only. If the users are not going to create their own content use Authorship module to set as author the desired user at node creation or amendment.

Or use the ACL module in conjuction with Content Access to select per user access and leave the author as is.

Solution is for Drupal 5, not Drupal 6.

Probably the simplest way to

WorldFallz - June 18, 2008 - 19:00

Probably the simplest way to do this would be the http://drupal.org/project/user_permissions module.

Keep in mind though, to implement truly private files, you'll have to use the private file system which has it's down set of side effects (or use something like http://drupal.org/project/private_upload which doesn't have a d6 version yet).

EDIT: you might want to also look at http://drupal.org/project/imce which can enforce specific folders/quotas for files (this won't address the problem of files being publicly accessible via the URL if not using the private file system though).

===
"Give a man a fish and you feed him for a day.
Teach a man to fish and you feed him for a lifetime." -- Lao Tzu
"God helps those who help themselves." -- Benjamin Franklin
"Search is your best friend." -- Worldfallz

> I'm at a loss on how to

-Anti- - June 18, 2008 - 19:26

> I'm at a loss on how to set this level of permissions up without it
> becoming a total nightmare. please advise.

The IMCE module can automatically create a private directory for each user to upload
to. As admin you could also have permission to use and manage their directories. IMCE
allows you to limit the file and folder sizes. You can also set-up shared directories by role.

I don't know about the content. I think you'd basically need a role for each user, and
then use a module like 'node privacy by role'. I suppose that if you wanted to use the
core 'upload module' instead of IMCE, by securing the nodes by role, you'd also secure
their attachments. I'm sure you'll get better advice about that soon though.

Edit: sorry, I started writing and got called away for a while, which is why the post appears
to ignore what worldfallz wrote.

Just to clarify-- IMCE does

WorldFallz - June 19, 2008 - 15:36

Just to clarify-- IMCE does not create truly private folders--- yes, they can be restricted to a specific user (in other words, each user can only upload to the folder associated with their userid), BUT (and that's a big but) they are still relative to the "files" directory. if you're using the public file system it doesn't matter what node permissions you enforce, anyone with the URL can go directly to the file by typing the URL in the address bar of the browser.

To have truly private files, you need to use the private_upload module I link above or drupal's private file system settings (which include moving the "files" directory to something outside of your public_html structure). However, using drupal's private file system has some side effects like the fact that images will be served privately as well (which could have performance implications) and the color module used by some theme's won't work as well as conflicts with several other modules.

You should understand the implications of public vs private files in drupal before making a decision. If you have the desire, there are also some threads on hybrid public/private setups which require apache configuration. Searching d.o. with "public private files" will yield many links worth reading (also, using the same words with "site:drupal.org' in a google search box will do the same search with google when the d.o. search box has been throttled away).

Hey i also need the same type

pankajshr_jpr - March 17, 2009 - 21:21

Hey i also need the same type of thing, i want admin to upload different files to each user, that can be seen to only that user , and there are around 1000 users, then the setting roles for each user would be difficult(and managing so many roles would be difficult) does any other way out here ?

With IMCE, you'd only have

-Anti- - March 18, 2009 - 08:08

With IMCE, you'd only have two 'roles': the drupal default auth role, and an IMCE 'profile' for auth users.
Each folder is created automatically the first time the user opens the IMCE file-browser.
After that, you'd be able to upload files to their folders either using ftp or IMCE.

However, the situation you describe is a lot of work, and I don't think there is an easy way to manage it.
Is this a school or university?

_

WorldFallz - March 18, 2009 - 14:33

Actually, IMCE will allow you to have different settings for each role your site has. You can also specify an allowed directory that is mapped to the user that other users will not be able to see (through IMCE anyway). You'll probably have to add some apache rewrite foo to deny access to those directories directly via the browser.

Another option is the filefield and, optionally, the filefield_paths modules-- which allow for extensive customization via tokens.

__{Don't be a Help Vampire - read and abide the forum guidelines.

If you find my assistance useful, please pay it forward to your fellow drupalers.}