Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By jbraun on
1) I log in as an admin
2) I create a page
3) I attach a pdf to the page (file attachements)
4) I save and publish
5) I log out
If I go to the absolute path of the pdf file (in the sitename.com/files/filename.pdf) the file launches.
I should get "You tried to access a document for which you don't have privileges.".
If I go to the files directory, I get the proper message (sitename.com/files)
I noticed that the files directory has an .htaccess file, but it doesn't appear to block access to the individual file.
Any help is much appreciated.
Thanks,
Josh
Comments
One more thing
I have download method set to private
I have created a role called "protected"
One user is assigned that role.
I have created a page
I put the page in a menu
In block I assigned the menu only to the "protected" role.
In access control I have view uploaded file unchecked for every role but "protected"
But once again, if I log out and type the path containg my protected content, I can "access" it as an anonymous user. This problem seems to be for every bit of content I "thought" i had protected to certain roles.
Josh
seems this is explained here
seems this is explained here : http://drupal.org/node/62614
and here http://drupal.org/node/104712
the above are with regards to the private file system.
Almost . . . .
Thank you for the speedy reply. I am now able to hide files that I upload to non-authenticated users. However, I can still access nodes that only authenticated users should be able to see. If i type the url when I am not logged it, I can still access the page:
I type: sitename.com/node/5
Any ideas?
Thank you so much.
Josh
In core Drupal, a user role
In core Drupal, a user role can either have the 'access content' permission or not (in /admin/access), which means either "view all content" or "view nothing at all".
To restrict access to some content, you have to install one of the available access control modules, such as taxonomy access, tac_lite, simple access, organic groups, node privacy by role, path access etc depending on how you want to it to work. See http://drupal.org/project/Modules/category/74
Note that in Drupal 4.7 you can use only one of them.
Understood But . . .
Works perfectly in 4.7 using node_privacy. Once logged out I can't access the page by typing in the URL. BUT on Drupal 5 I can't accomplish the same thing. I create a page (no ability to allow access to roles here). In blocks I assign role specific visibility of the menu to just 1 role. Once logged out, I can still access the page by typing mysite.com/page (where page equals my clean URL)
Josh
Node_privacy_byrole doesn't
As I said, in core Drupal there is nothing to prevent viewing *some* nodes by role. It is all or nothing, in both Drupal 4.7 and Drupal 5.
Node_privacy_byrole doesn't have a Drupal 5 version yet. Are you using something else? Or are you talking about something which is not a node?
Block visibility is not content access control, it is rather conditional theming.
Thanks
Yes, I'm looking for something like node privacy. Yes, I created a node (page) which I want to protect. I browsed through the Drupal 5 modules and don't see anything similar.
You are right, hardly any
You are right, hardly any access control module has been ported to Drupal 5 yet. I did a lookup (for my own information too).
Released:
- 'organic groups' (OG)
- 'forum access'
Probably both unsuitable for what you want to do.
Under development:
- 'taxonomy access control'
There is a 'head' version which has not been released yet, possibly for a reason. Also it may be too heavy for what you want to do.
The other access control modules
- 'tac_lite'
- 'node_privacy_byrole'
- 'simple_access'
- 'nodeaccess'
- 'path_access' (not exactly a node access module)
don't have anything for Drupal 5 yet.
Not even a mention in the status report thread http://drupal.org/node/82257
You may have to wait.
Securesite and 5.0 vs 4.7
Hello,
I am bringing a new site online within the next couple of weeks. I am new to Drupal and am running Drupal 5.0rc1. I too would like to have users log in to access a subset of the site's content.
I installed the securesite module for node-level access control. But it seems to add a login page for every node, not just for a subset of pages. Also, the authentication does not persist and every new page access seems to trigger a new authentication request.
Something like tac_lite would be ideal (or so it seems from the screencast).
My questions:
1. Can securesite be used for restricting access for a subset of pages only, and for integrating with drupal's users/roles etc? If so, is there documentation or examples I could use?
2. How long would it be, in your guess, before the other access control modules be available for 5.0?
3. Given my timeline (go live in 1-2 weeks), should I switch to Drupal 4.7.x instead?
I would appreciate advice on all of the above.
Thanks in advance and happy new year,
Samir