I initially thought that private_upload would allow me to deny users access to download files that I marked in the attachments list as private, no matter which node they were attached to. I unfortunately missed the obvious note on the module page that says the module allows downloading private files if the user has node view access. Well, this makes sense... except if you want to display a "teaser" page to an anonymous user and would like them to become a member, but still don't want to allow the anonymous user to download the private files, which are linked to on that same page.

So, I came up with this patch. You can select available roles (if you have the 'administer permissions' user access) in admin/settings/private_upload that are ONLY permitted to download private files, no matter what the node view settings are.

If no roles are selected, the private download behavior remains the same, obeying the node view access setting, as originally done by private_upload.

The code is not perfect, but I wanted to bunch everything together to make the changes easier to identify in the patch. I have done some testing with it, but I would like any additional feedback.

Hope that helps.

CommentFileSizeAuthor
#1 private_upload.module-D6.patch2.18 KBmrbubbs

Comments

mrbubbs’s picture

mrbubbs commented
StatusFileSize
new private_upload.module-D6.patch2.18 KB

See attached for patch.

mrbubbs’s picture

mrbubbs commented
Status: Active » Needs review