Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
filefield_file_download() was directly copied from upload.module, and it still includes its permission check:
if (user_access('view uploaded files')) {
...
}
But that one won't work if the Upload module isn't enabled, so you get lots of 'access denied' pages instead of your file downloads.
This patch just removes this access check, which makes it work at all if Upload is disabled. If users want to have the access check, they're still free to enable the Upload module and set the checkboxes in the access control admin page.
Comment | File | Size | Author |
---|---|---|---|
filefield-scrap-access-control.patch | 1.9 KB | jpetso |
Comments
Comment #1
jpetso CreditAttribution: jpetso commentedOops, forgot to change the status appropriately: this is an issue *with* patch.
Comment #2
ZuluWarrior CreditAttribution: ZuluWarrior commentedHi there,
Just run into this bug.
However, the solution recommended is not the best solution, as it stops the permission check and if drupal is set to private download method can offer a way to circumvent this check. A better fix would be to add the hook_perm hook (shouldn't need hook_access) into the filefield.module.
I'ds suggest adding the following code, which will add the permissions to drupal, but only if the upload module is not present...
I've made this patch to my version of filefield, and although I've only tested on php/mysql/drupal on a windows box, it is working fine. I have control over who can view and upload files and without the upload module.
Hope this helps!!!
Regards,
The ZuluWarrior
Comment #3
scatteredbrainV CreditAttribution: scatteredbrainV commentedI have the attachment module on on my websites, which, together with Filemanager, forces me to disable the Upload module.
Is there a way to make the Filefield module work correctly even with the Upload switched off?
Comment #4
jpetso CreditAttribution: jpetso commented@valeria78:
1. Do not change the issue title without a good reason. If you change it, it's changed for the whole thread, not only for your comment.
2. Yes, there is a way to make it work. Actually, two ways: my "just-lose-this-permission" patch, and ZuluWarrior's "optionally-introduce-the-permission" explanation. Use any of them, and it will most likely work the way you imagined.
Comment #5
jpetso CreditAttribution: jpetso commentedEr, another status switched back to the original. Just to say it again, hijacking other people's issues is *evil*.
Comment #6
scatteredbrainV CreditAttribution: scatteredbrainV commentedI'm very sorry for the troubles caused. I did not do that intentionally.
Thank you for the answers.
Again, I am very very sorry.
Comment #7
jpetso CreditAttribution: jpetso commentedHey, it's no problem, everything was easily reverted. Just take care to avoid it next time. Hope that one of the solutions fits your needs :)
Comment #8
scatteredbrainV CreditAttribution: scatteredbrainV commentedActually, no.
I tried ZuluWarrior solution, but I still have that same problem. When I click on the link created by the filefield module, the whole thing gets stuck and I have to restart the browser (Firefox).
Comment #9
jpetso CreditAttribution: jpetso commentedFixed in HEAD. I committed a similar solution to the one that dopry did for imagefield recently, so there's now a new "view filefield uploads" permission. Remember to enable this permission for all the roles that you want to be able to access uploaded files.
Comment #10
(not verified) CreditAttribution: commented