Users with the upload files permission can upload attachments. You can choose which post types can take attachments on the content types settings page.
', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); + return t('Users with the upload files permission can upload attachments. Users with the view uploaded files permission can view uploaded attachments. You can choose which post types can take attachments on the content types settings page.
', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); } } @@ -144,10 +144,10 @@ function upload_download() { } function upload_file_download($file) { - if (user_access('view uploaded files')) { - $file = file_create_path($file); - $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); - if ($file = db_fetch_object($result)) { + $file = file_create_path($file); + $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); + if ($file = db_fetch_object($result)) { + if (user_access('view uploaded files')) { $node = node_load($file->nid); if (node_access('view', $node)) { $name = mime_header_encode($file->filename); @@ -164,9 +164,9 @@ function upload_file_download($file) { return -1; } } - } - else { - return -1; + else { + return -1; + } } }