Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I urgently needed a solution to protect some CCK file fields with the same permissions as the nodes and fields, so I've hack together a patch for private_upload that does this.
One thing I've had to do is use Apache RewriteEngine in the .htaccess file. This may not be ideal for all setups.
This is attempt #1, I've done only basic testing nothing extensive but it seems to work.
Comment | File | Size | Author |
---|---|---|---|
private_upload-cck-fields.diff | 2.6 KB | asciikewl |
Comments
Comment #1
YesCT CreditAttribution: YesCT commentedsubscribing
Comment #2
m2calabr CreditAttribution: m2calabr commentedI have applied and tested this patch and it works great. I would love for this to be included in the next version.
Comment #3
slucas CreditAttribution: slucas commentedI've tested this patch on dev version, it doesn't work for me.
The problem is that the file is never accessible (the .htaccess don't get replace ?)
....
After lot's of tests, I realize that this patch need to have two module installed
if (module_exists('content') && module_exists('filefield_paths')) {
I don't really underestand why filefield_paths is mandatory, nor why they is not filefield in the condition, but I realized that filefield_paths was missing in my installation so this condition was not tested TRUE.
So I install it.
But after that the contrary behavior occured, the file is always accessible.
I tested also with an attachement file (in the same node than the cck file field), the access control is correct for it.
I don't know exactly what do really the access restriction hook_file_download ?
Does this hook is being called ?
Can you help me de debug this ?