By baumer1122 on

Here is my current setup:
1. flexinode.module is used so I can display the attachments in the teaser (rather than viewing the full node for the link)
2. simple_access.module to make some nodes private, but files uploaded are only "hidden" in the files directory, if someone guessed the name, they could download it.

filemanager.module + attachment.module appears to support private files, but does not display the attachment in the teaser.

I am trying to figure out how to attack this problem. Patch flexinode or attachment? Any suggestions on where to start?

Comments

venkat-rk’s picture

venkat-rk commented

Do you want to display the attachment in the teaser or hide it?

baumer1122’s picture

baumer1122 commented

Attachments should always be displayed in the teaser, but private attachments would only be accesible to authenticated users.

tostinni’s picture

tostinni commented

Private attachment of attachment module are not private in the idea of protected against users who wanted to dl it....
If you're user is able to guess the filename, for me it's far easy when attachment are set to private to try them by id number.

Maybe you can have a look at this little fix it may resolve your problem : http://drupal.org/node/30468

baumer1122’s picture

baumer1122 commented

looks like private files are available in the filemanager api, but not used in attachment.module.

Stupid questions...
If the private file is stored outside of the web directory root, how are they served to users? How is access managed? Would using a web protected .htaccess directory be a better solution?

tostinni’s picture

tostinni commented

Have a look at http://drupal.org/node/25889#comment-34115

And for your question, private files have to be stored inside the web directory root and look at the thread for a little more explanations ;)

baumer1122’s picture

baumer1122 commented

Thanks tostinni!
This is what I am looking for: http://drupal.org/node/30468

Now I if implement that in filemanager, how do I get attachment.module to show the actual attachment in the teaser instead of just a link to the full node? I could only get this working with flexinode. Is it easier/better to build this feature into attachment.module or hook flexinode.module into the filemanager api?

tostinni’s picture

tostinni commented

Look at this function in attachment.module, in the view case you have :

// If this is not a teaser add our attachment list to the end of the body

if (!$teaser) {
  $node->body .= '<br /><a name="attachments"></a>' . theme('attachments', $node);
}

Just comment out the if test and attachments should appears in teaser.
A little option to select if attachment have to appear or not should be cleaner...

baumer1122’s picture

baumer1122 commented

OK, around line 35 in attachment.module, I commented out the if. Looks like this now:

      // If this is not a teaser add our attachment list to the end of the body
    //  if (!$arg && _attachment_countvisible($node)>0) {
        $node->body .= '<br /><a name="attachments"></a>' . theme('attachments', $node);
     // }

Same results however, attachment does not show up in teaser. Any other thoughts?

baumer1122’s picture

baumer1122 commented

Should look like this:

// If this is not a teaser add our attachment list to the end of the body
if (!$arg && _attachment_countvisible($node)>0) {
$node->body .= '<br /><a name="attachments"></a>' . theme('attachments', $node);
 }
else { //this is a teaser add the attachment list to the end of the teaser
 $node->teaser .= '<br /><a name="attachments"></a>' . theme('attachments', $node);
}
venkat-rk’s picture

venkat-rk commented

I knew I had this somewhere, but it took a bit of searching to find it. Here is code for displaying attachments in the teasers:
http://drupal.org/node/24067#comment-41505

I don't know if it will work in 4.6, though.

For making the attachments inaccessible, try this:
http://drupal.org/node/38039#comment-69583

A combination of the two might do the trick for you and you don't even have to deal with the complexities of flexinode and filemanager, leave alone coding.

tostinni’s picture

tostinni commented

Hi ramdak5000, have a look at the issue I mentionned in this thread : http://drupal.org/node/30468
The use of taxonomy access may not make totally private the files ;)

venkat-rk’s picture

venkat-rk commented

Thanks, tostinni, for that thread. But, surely, Bonobo's method (without taxonomy_access) works? I was actually referring to that.

tostinni’s picture

tostinni commented

I just had a look to upload module and it seems that it provide a private way to store files. I didn't remind this so that's why I posted my doubts.
For what I've seen it seems to works fine, but as I reminded, private method of attachment is not private (as secure) as I explained it above.

I hope I was clear ;)

Rosamunda’s picture

Rosamunda commented

After all this conversation (as my mother´s tongue isn´t english I didn´t get this stuff quite well), can I use upload module to attach files that are private (as in secure), and only certain roles can access it?

Is there a way to hack the upload module instead of trying anything else? (I´ve used it and upload module seems to be far easier...).

Thanks in advance!!

Rosamunda