A Flexinode's "file" field allows anybody to view and download files which were attached to an instance of a Flexinode content type.

This patch implements two bits of access control.

When a user is viewing the Flexinode node which contains a 'file' field, the Flexinode content-type access permission is checked before the URL to the file is even displayed in the node body.

When downloading the file via Drupals private files URL (), the flexinode_file_download() hook now checks what flexinode content-type is associated with the file, and then if the user actually has permissions to download the file.

CommentFileSizeAuthor
#2 file_access_permissions.patch2.42 KBbudda

Comments

budda’s picture

budda
Primary language English
Location Cheshire
commented

Attempt to re-post my flexinode patch

budda’s picture

budda
Primary language English
Location Cheshire
commented
StatusFileSize
new file_access_permissions.patch2.42 KB

Finally, attached the patch i hope.