Home » Forums » Support » Converting to Drupal

Access control ...say whut?

·
tananaBrian - March 12, 2009 - 06:11

Hi,

I'm new to Drupal and have struggled through enough to get an initial web site up and running (http://www.glacierboats.com), but have a question. My old web site had an htaccess-protected directory where purchasers of our boat building plans could be downloaded forever. In the new Drupal-powered web site, I'd like the same ..produce a page/node that has links to the downloadable files (the boat building plans documents) that only owners of the plans may access. This is one step above 'authorized users', and some users may become authorized to download more than one type of boat plans, each having its own page full of file links as described.

What's the best way to approach this? I know there are several access control modules, but due to warnings about not using more than one and not using one after using another ('confusing' the database) and what not, I haven't tried any. I want to do my homework before I dive in. Can someone point me in the right direction for meeting my goals listed above? I can still use the htaccess protected folders and provide links to people through email, but I'd like a more professional, more 'Drupal', answer than that...

Thank you,
Brian

» Login or register to post comments

The first think to do is to

gollyg - March 12, 2009 - 07:23

The first think to do is to set your files upload method to private. This will mean that the files are stored outside the web directory and any request for the files need to be passed through drupal. If you upload them into your files directory within your site then they will be publicly accessible.

The next thing you will need to do is to use a module to check the users permissions to access the files. I have not done this in D6, but the filemanager module in D5 was a good start. Basically it would handle all requests for files and grant or deny them based upon user priveleges. You may need to create your own module to assess the permissions and grant/deny access if they are complex (which they sound like they might be). The module could return permissions to filemanager.

There may be more modules to deal with this issue - check them out at http://drupal.org/project/modules?filters=drupal_core:87%20tid:62&solrso...

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.