Reputation: 2354
Drupal Filefield User Permissions Granularity
I have a Drupal 6 site with a node type that has an optional, unlimited value, Imagefield (Filefield/CCK) setup. The node type's content permissions are set to allow all authenticated users to be able to edit those nodes, which is great. Users can edit a node and attach images to the Imagefield, also great.
However, when a user is editing one of these nodes, they are also able to edit/delete Imagefield images uploaded by other users. How can I prevent a user from editing and/or deleting Imagefield images that were not uploaded by themselves?
Upvotes: 0
Views: 241
Answers (1)
Reputation: 2354
Thanks to a few folks in the #drupal-support channel on IRC, I was able to get an answer to this question. Here is an example module based solution:
function my_module_form_alter(&$form, &$form_state, $form_id) {
global $user;
switch ($form['type']['#value']) {
case "my_content_type":
if (user_access("administer nodes")) { break; }
foreach (array_keys($form['field_my_images']) as $key) {
if (!is_numeric($key)) { continue; }
if ($form['field_my_images'][$key]['#default_value']['fid']) {
if ($form['field_my_images'][$key]['#default_value']['uid'] != $user->uid) {
$form['field_my_images'][$key]['#access'] = false;
}
}
}
break;
}
}
I feel silly now that I realize my whole problem was because I was accessing e.g. :
$form['#node']->field_my_images
instead of:
$form['field_my_images']
Upvotes: 1
Related Questions
- Drupal Folder and File Permissions
- Control sharepoint user access to view uploaded files
- Drupal 7: how to restrict file access to specific user roles
- How to allow users and admins to upload files and view all uploaded files in Drupal?
- Django: Making filefield only available to logged in users
- Drupal 7 fields - only editable by specific roles - how?
- How do I manage multiple file management for users?
- Per-user permissions for Drupal file upload
- Drupal: what permission to assign to "files" folder
- Django File Access Security