In a nutshell, I want to be able to upload files for specific users through the back end, accessible to only those specific users.

I have a registered user "Bob", I create a proposal for him and upload it for him specifically. When Bob logs in there's some sort of downloads page where he can see and access said file(s) - but other users can't.

I can't seem to find what I'm looking for, but assume there's something out there I'm missing either module wise or through some combination of access control and modules.

Any pointers in the right direction much appreciated!

Comments

VM’s picture

a custom content type with a file field
the content access module to control access per user
the views module to generate lists

greenstick’s picture

Thanks VM, I'm playing around with this right now, but before getting to the views aspect (which I'm more familiar with - the content access module is new to me) - is the idea I have to change the 'author' to the desired user when uploading content for controlling the access?

It seems slightly more convoluted than I'd like, but I would upload the content, change the author to the desired recipient and rely on the 'View own uploads content' to restrict the access?

VM’s picture

core is role based access. For users to 'ONLY' be able to view their own uploads, you must extend cores permissions with the content access which will provide per user access.

Other options would be to create a separate role for each of the users, or a separate content type for each of the users which is far more convoluted.

greenstick’s picture

Thanks again, I think I'm following along here but it's getting late :) I have followed along with the first two steps (views shouldn't be a problem) and I think you're verifying that the author change is indeed what's needed?

If I wasn't clear, the site users won't ever be uploading their own files - as the administrator I'll be uploading files for their use but never the other way around.

greenstick’s picture

I think I may be missing something here - the documentation says:

In addition to role-based access control (as above), the node-level access control page includes a section for creating and managing User Access Control Lists, which allow the user to grant access to specific users to view, update, and/or delete the node.

Select individual users to grant access by entering their name in the Add user lookup field.

That sounds more like I'd hoped, but after creating a custom content type, adding a test upload and enabling "Per content node access control settings" - I don't see any such thing. Clicking on access controls on the node with the file shows the "Role based access control settings" panel - but I'm not seeing any sort of 'add user' options. Am I missing something?

VM’s picture

did you upload and enable the ACL module as mentioned in your quote?

I would also highly suggest that your file system is set private in the drupal ui and that the private files folder is above the document root where it can't be reached unless your users are logged in and insures files can't be accessed by anon users

greenstick’s picture

I hadn't, thanks! (Didn't see the ACL reference on the projects page.) That's perfect!