--- /Users/jfrincon/Documents/001 - NII/D80 - drupal-4.7.x-dev/modules/upload.module	2006-12-01 04:59:36.000000000 -0500
+++ /Users/jfrincon/Documents/001 - NII/D9 - Developer Program Website/current/modules/upload.module	2006-12-20 17:35:00.000000000 -0500
@@ -27,7 +27,7 @@ function upload_help($section) {
     case 'admin/modules#description':
       return t('Allows users to upload and attach files to content.');
     case 'admin/settings/upload':
-      return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
+      return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. Users with the <a href="%permissions">view uploaded images permission</a> can view uploaded images. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
   }
 }
 
@@ -35,7 +35,7 @@ function upload_help($section) {
  * Implementation of hook_perm().
  */
 function upload_perm() {
-  return array('upload files', 'view uploaded files');
+  return array('upload files', 'view uploaded files', 'view uploaded images', 'view file links');
 }
 
 /**
@@ -45,7 +45,7 @@ function upload_link($type, $node = 0, $
   $links = array();
 
   // Display a link with the number of attachments
-  if ($main && $type == 'node' && isset($node->files) && user_access('view uploaded files')) {
+  if ($main && $type == 'node' && isset($node->files) && (user_access('view uploaded files') || user_access('view uploaded images') || user_access('view file links'))) {
     $num_files = 0;
     foreach ($node->files as $file) {
       if ($file->list) {
@@ -90,7 +90,7 @@ function upload_menu($may_cache) {
         $items[] = array(
           'path' => $filename, 'title' => t('file download'),
           'callback' => 'upload_download',
-          'access' => user_access('view uploaded files'),
+          'access' => (user_access('view uploaded files') || user_access('view uploaded images')),
           'type' => MENU_CALLBACK
         );
         $_SESSION['file_previews'][$fid]->_filename = $filename;
@@ -185,20 +185,38 @@ function upload_file_download($file) {
   $file = file_create_path($file);
   $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
   if ($file = db_fetch_object($result)) {
-    if (user_access('view uploaded files')) {
+    if (user_access('view uploaded files') || user_access('view uploaded images')) {
       $node = node_load($file->nid);
       if (node_access('view', $node)) {
         $name = mime_header_encode($file->filename);
         $type = mime_header_encode($file->filemime);
-        // Serve images and text inline for the browser to display rather than download.
-        $disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
-        return array(
-          'Content-Type: '. $type .'; name='. $name,
-          'Content-Length: '. $file->filesize,
-          'Content-Disposition: '. $disposition .'; filename='. $name,
-	  'Expires: 0', 'Pragma: cache', 'Cache-Control: private'
-        );
-      }
+        //handle image types
+        if (user_access('view uploaded images') && (ereg('^(text/|image/)', $file->filemime))) {
+            // Serve images and text inline for the browser to display rather than download.
+            $disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
+            return array(
+            'Content-Type: '. $type .'; name='. $name,
+            'Content-Length: '. $file->filesize,
+            'Content-Disposition: '. $disposition .'; filename='. $name,
+            'Expires: 0', 'Pragma: cache', 'Cache-Control: private'
+            );
+        }
+        //handle all other types
+        elseif (user_access('view uploaded files')) {
+            // Serve images and text inline for the browser to display rather than download.
+            $disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
+            return array(
+              'Content-Type: '. $type .'; name='. $name,
+              'Content-Length: '. $file->filesize,
+              'Content-Disposition: '. $disposition .'; filename='. $name,
+          'Expires: 0', 'Pragma: cache', 'Cache-Control: private'
+            );
+        }
+        else
+        {
+          return -1;
+        }
+      }       
       else {
         return -1;
       }
@@ -400,7 +418,7 @@ function upload_nodeapi(&$node, $op, $te
       break;
 
     case 'view':
-      if (isset($node->files) && user_access('view uploaded files')) {
+      if (isset($node->files) && (user_access('view uploaded files') )) {
         // Manipulate so that inline references work in preview
         if (!variable_get('clean_url', 0)) {
           $previews = array();
@@ -422,14 +440,39 @@ function upload_nodeapi(&$node, $op, $te
             $node->teaser = str_replace($old, $new, $node->teaser);
           }
         }
+        // Add the attachments list to node body
+        if (count($node->files) && !$teaser) {
+          $node->body .= theme('upload_attachments', $node->files);
+        }
+      }
+      elseif (isset($node->files) && (user_access('view file links') )) {
+        // Manipulate so that inline references work in preview
+        if (!variable_get('clean_url', 0)) {
+          $previews = array();
+          foreach ($node->files as $file) {
+            if (strpos($file->fid, 'upload') !== false) {
+              $previews[] = $file;
+            }
+          }
 
+          // URLs to files being previewed are actually Drupal paths. When Clean
+          // URLs are disabled, the two do not match. We perform an automatic
+          // replacement from temporary to permanent URLs. That way, the author
+          // can use the final URL in the body before having actually saved (to
+          // place inline images for example).
+          foreach ($previews as $file) {
+            $old = file_create_filename($file->filename, file_create_path());
+            $new = url('','user');
+            $node->body = str_replace($old, $new, $node->body);
+            $node->teaser = str_replace($old, $new, $node->teaser);
+          }
+        }
         // Add the attachments list to node body
         if (count($node->files) && !$teaser) {
           $node->body .= theme('upload_attachments', $node->files);
         }
       }
       break;
-
     case 'insert':
     case 'update':
       if (user_access('upload files')) {
