Closed (fixed)
Project:
Media Manager
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
10 Feb 2009 at 03:53 UTC
Updated:
5 Mar 2009 at 14:30 UTC
Currently, in mmedia_nodes.module, the function mmedia_nodes_view() displays a link to the file attached to a media_document.
this code:
// we display through a presenter the media as it's derivative
$node->content['media-form-preview'] = array(
'#value' => mapi_display($filename, $profile),
'#weight' => -15,
);
should be modified to:
if (user_access('view attached media')) {
// we display through a presenter the media as it's derivative
$node->content['media-form-preview'] = array(
'#value' => mapi_display($filename, $profile),
'#weight' => -15,
);
}
I have made this modification locally and it does not allow a user to see the file attachment link unless the user has the permission.
Comments
Comment #1
rhys commentedThe 'view attached media' is from the mmedia_attach module.
This would cause a cross permissions problem.
Do you mean that it has to be changed in the mmedia_attach NOT to show the media if the permissions are not view attached media?
Comment #2
rhys commentedI did make a modification in mmedia_attach.module within the hook_link() section.
The updated CVS has within it the following change (note the added user_access('view attached media') for checking
the permissions as they should be before the links are displayed).
Comment #3
somebodysysop commentedIf this section controls the visibility of the link in a media_document node, then yes, this is it.
Problem is that I'm not entirely sure where that link comes from. I only know that making the change I made prevents it from being displayed in the media_document node, which is what I was looking for.
Comment #4
rhys commentedThis is actually a problem where a media_document didn't have the ability for access permissions. This has been added to the mmedia_nodes.module file in the CVS.
This should make it easier to fine tune the permission for the user roles.