Somewhere between the filefield and multistep modules there is a permission error that causes nodes with two or more required filefields across several steps in multistep to never be completed. Filefield will complain that filefields not in the current step are required when saving the current step. After pinpointing the problem beteween the two camps, I lean towards generalizing the field access code in filefield so that it's possible to restrict field access on a per node basis, not only per content. That's why the issue is here.

The problem in multistep module is that multistep_field_access() require the $node argument in order to restrict access to fields on the right step.

The problem in filefield module is that the call to filefield_edit_access() in the function filefield_node_form_validate() never transfers the $node already available in $form['#node'] for access check. This makes it "impossible" to restrict filefield access on a per node basis.

So one suggestion is to expand the function filefield_edit_access() to something like this:

function filefield_edit_access($type_name, $field_name, $node = NULL) {
  if (!content_access('edit', content_fields($field_name, $type_name), NULL, $node)) {
    return FALSE;
  // No content permissions to check, so let's fall back to a more general permission.
  return user_access('access content') || user_access('administer nodes');

With this minor tweak, the access granularity is increased while keeping the API backwards compatible. The arguments is also closer those in filefield_view_access().

Patch suggestion attached.

77863-field_permission_per_node-D6.patch1.59 KBkaare


quicksketch’s picture

Status: Needs review » Fixed

Works for me, committed.

quicksketch’s picture

Title: Field permission cannot be set on a per node basis » Add parameter to filefield_edit_access() to allow per-node field access

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.