Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
A private site with content access denied to anonymous users has a problem when the filefield is used on a user profile registration form.
The ahah upload fails with HTTP error 0 because the access control on the form field checks:
<?php
556 function filefield_edit_access($type_name, $field_name) {
557 if (!content_access('edit', content_fields($field_name, $type_name))) {
558 return FALSE;
559 }
560 // No content permissions to check, so let's fall back to a more general permission.
561 return user_access('access content') || user_access('administer nodes');
562 }
?>
user_access('access content') will return FALSE.
WOuld be nice if the module could cater for this case, without having to hook_menu_alter the access callback out.
Comment | File | Size | Author |
---|---|---|---|
#2 | filefield_access_less.patch | 1.18 KB | quicksketch |
Comments
Comment #1
quicksketchYou know I've always thought that check was a bit funny. I think it predates my maintainership.
How about we just do this?
Comment #2
quicksketchI've committed this patch to loosen up our access control slightly. If a module wants to deny view or editing access they can implement hook_field_access() and set the same permissions through that hook. FileField shouldn't be making assumptions about which permissions allow users to edit/view a field.
Comment #4
buddaExcellent. Thanks for the speedy turn around.