Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By greenstick on
In a nutshell, I want to be able to upload files for specific users through the back end, accessible to only those specific users.
I have a registered user "Bob", I create a proposal for him and upload it for him specifically. When Bob logs in there's some sort of downloads page where he can see and access said file(s) - but other users can't.
I can't seem to find what I'm looking for, but assume there's something out there I'm missing either module wise or through some combination of access control and modules.
Any pointers in the right direction much appreciated!
Comments
=-=
a custom content type with a file field
the content access module to control access per user
the views module to generate lists
Thanks VM, I'm playing around
Thanks VM, I'm playing around with this right now, but before getting to the views aspect (which I'm more familiar with - the content access module is new to me) - is the idea I have to change the 'author' to the desired user when uploading content for controlling the access?
It seems slightly more convoluted than I'd like, but I would upload the content, change the author to the desired recipient and rely on the 'View own uploads content' to restrict the access?
=-=
core is role based access. For users to 'ONLY' be able to view their own uploads, you must extend cores permissions with the content access which will provide per user access.
Other options would be to create a separate role for each of the users, or a separate content type for each of the users which is far more convoluted.
Thanks again, I think I'm
Thanks again, I think I'm following along here but it's getting late :) I have followed along with the first two steps (views shouldn't be a problem) and I think you're verifying that the author change is indeed what's needed?
If I wasn't clear, the site users won't ever be uploading their own files - as the administrator I'll be uploading files for their use but never the other way around.
I think I may be missing
I think I may be missing something here - the documentation says:
That sounds more like I'd hoped, but after creating a custom content type, adding a test upload and enabling "Per content node access control settings" - I don't see any such thing. Clicking on access controls on the node with the file shows the "Role based access control settings" panel - but I'm not seeing any sort of 'add user' options. Am I missing something?
=-=
did you upload and enable the ACL module as mentioned in your quote?
I would also highly suggest that your file system is set private in the drupal ui and that the private files folder is above the document root where it can't be reached unless your users are logged in and insures files can't be accessed by anon users
I hadn't, thanks! (Didn't
I hadn't, thanks! (Didn't see the ACL reference on the projects page.) That's perfect!