Managing Files and access
petervdh - October 29, 2009 - 01:14
Hi I am new to drupal and looking for a way to manage files as follows.
Our club puts out a newsletter once a month in PDF it is available online to members and after it is one month old it is made publicly available.
Right now it is accessible on a basic HTML page linked to the file on the server.
(http://www.10-70.org/newsletters.htm)
This same page is in a protected folder on the server with the current newsletter and all the members use a standard user name and password.
After the month is up the file is moved to public the links are rewritten and the cycle starts over.
I woulds like to have a similar format page in drupal and use the user permissions to control file access.
Is there any way to do this?
Thanks
Peter
_
Couple of things you'll need to do:
1. protect the file itself - i create a content type of 'file' with a cck filefield and use the method described at http://drupal.org/node/189239
2. select an access control module (ie content_access, tac_lite etc) to be able to restrict viewing of that content type and specific node to whatever role you use for your users.
2. use the http://drupal.org/project/rules module and set up a rule to change permisisons for nodes of that type when the month has passed.
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.
Thanks for the pointers. I am
Thanks for the pointers. I am a complete noob. I am having trouble creating the content type. I don't see an option for files, just text, date, etc. If it isn't too much trouble can you elaborate on step 1 a bit. Thanks.
-Peter
_
You'll need the http://drupal.org/project/cck and http://drupal.org/project/filefield modules. You create a content type at admin/content/types then add the field via the 'manage fields' tab on the content type edit form of the content time you created.
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.
I think I got this setup up
I think I got this setup up okay but....
The way I see this in order to make the file availble to an anonymous user I would have to give the anon. user rights to the private folder which would defeat the purpose of having it there in the first place.
Access control will allow the user through when Rules changes the setting but once they are at the node with the file when they click the file link they will get access denied. Am I correct on this assumption?
Ideas? Have I got somthing wrong?
Thanks.
--Pete
If you used the private
If you used the private upload module, then you could make the file available to guests by unchecking a tickbox after a month of keeping it private: http://drupal.org/project/private_upload However, the module has some important incompatibilities, and still looks fairly buggy.
What about this as a different approach:
create a new content type called newsletter.
If you want to do it nicely, you could use cck fields for date and description, and not have a body.
create a new node each time you have a new newsletter, and attach the new pdf file to the node.
Use one of the 'node access' modules to make the node initially only available to auth users.
To do this, these modules usually provide permission checkboxes in the node's create/edit page.
Use the Views module to make a listing of all attachments for the newsletter content type.
Only the users with permission to see the node will see the attachment in the Views list. Thus, your auth users will see all the attachments listed, whilst your anon users only see those files on nodes that have had their access permission changed to 'anon'.
Note that if you didn't want to use Views to build your attachment list (if you haven't used it, it can be quite complex to begin with), you could do a very simple list with menu items in a menu block. This would work because anon users are not shown menu items if they don't have permission for the node. The menu items can be created and managed from within each 'create/edit node' page, so you don't have to edit the block directly/manually.
So each month you just edit the last newsletter and tick the 'anon' box that the access module provides.
The attachment (or menu item) will automatically appear in the list for the anonymous user.
Now, obviously this does NOT involve making files private. So if a guest can guess the filename, then they'll be able to download the file by linking to it directly. For example, if you use the same format each month, such as sept09.pdf, it is easy for someone to guess that next month's is going to be named dec09.pdf. The way around this is to add a random string to the file name of each newsletter. Eg. dec09-s6h4a.pdf
BTW, the reason I think it is fairly pointless to try to make downloads like this private is that, if your resources are 'valuable' enough, there is nothing you can do to stop members downloading them and sharing them via another website or bittorrent anyway. It would be worth doing if there were no disadvantages, but personally I think that the current 'file privacy solutions' cause too many difficulties and restrictions to make it worthwhile.
Thanks
Good stuff... I was thinking of just using content access alone but wanted to make it as secure as possible with some kind of combo of modules which looks to be turning into a headache. Random file name would deff help. Anything is better than what I am doing now (moving files and rewriting links every month)
I am deffinently going to look into your views sugestion. I have to learn more about views anyway so this will be a good exercise.
I was thinking menus but I have an archive that goes back to 2003 (quite the lengthy menu :wink:) I'll take the veiws challenge or worst case just blow it out in HTML.
Thanks to everyone up here for their help and support.
--Pete
Rule Setup
I am lost here. I can not see anyway in rules to make a rule to change permissions. Any guidence would be great.
--Pete
The access module would have
The access module would have to be written expressly to integrate with the rules module.
It would state this on the project page. But I suspect you might be stuck with using this one:
http://drupal.org/project/content_access as it is probably the only one to do so.
Be aware that trying to automate this is not going to be an easy task.
You are better to start support issues in the rules and content access issue pages if you
encounter any difficulties; you are more likely to get help from the developers of the modules.
Personally, I don't see the point of automating it. If you're adding a new letter every month anyway,
it is no work to go edit the last one a tick the permissions checkbox; it's like 20 seconds. Weigh
that against spending 5-10 hours trying to get the rules module to work. Is it really worth it?
I realize that it is easy for
I realize that it is easy for me to do the work of ticking the box but the idea of automating small tasks is to make site operations seemless. With this automated the Newletter editor can upload the file, and it will go public on its own. Webmaster's intervention need = zero == happy webmaster.
--Pete
_
Use the content_access module, follow the tutorial at http://drupal.org/node/517674, and use "+ 31 days" instead of "+1 day". Set the original permissions of the content type to viewable by authenticated users then use the "grant permissions by role" content access rules action to change it to the anonymous role. It's somewhat confusing the first time you do it, but eventually it all makes sense.
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.
Great Tutorial
WorldFallz.... Thanks for your all your help on this issue. I got that setup up following the tutorial and your notes in less than 20 min. Awesome.
_
Way to Go! Happy to help ;-)
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.