summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarrel O\'Pry2008-01-23 00:31:00 (GMT)
committer Darrel O\'Pry2008-01-23 00:31:00 (GMT)
commitb2d6b4b668ca9dfccca8df11367957319343ebb0 (patch)
tree1cc8201bde10b371b34b65c324bc7dd9e3094f73
parent6d06edbec6b5fa80299a5992671a04bab4a68d08 (diff)
#204707, allow filefield private perms to work if upload module is enabled.
all perms still depend on upload.module's view uploaded files.
-rw-r--r--filefield.module59
1 files changed, 32 insertions, 27 deletions
diff --git a/filefield.module b/filefield.module
index 21137ed..784c8db 100644
--- a/filefield.module
+++ b/filefield.module
@@ -726,37 +726,42 @@ function theme_filefield($file) {
return '';
}
-if (!function_exists('upload_file_download')) {
- function filefield_file_download($file) {
- $file = file_create_path($file);
- $result = db_query("SELECT * FROM {files} WHERE filepath = '%s'", $file);
- if ($file = db_fetch_object($result)) {
- if (user_access('view filefield uploads')) {
- $node = node_load($file->nid);
- if (node_access('view', $node)) {
- $name = mime_header_encode($file->filename);
- $type = mime_header_encode($file->filemime);
- // Serve images and text inline for the browser to display rather than download.
- $disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
- return array(
- 'Content-Type: '. $type .'; name='. $name,
- 'Content-Length: '. $file->filesize,
- 'Content-Disposition: '. $disposition .'; filename='. $name,
- 'Cache-Control: private'
- );
- }
- else {
- return -1;
- }
- }
- else {
- return -1;
- }
- }
+function filefield_file_download($file) {
+ $file = file_create_path($file);
+
+ $result = db_query("SELECT * FROM {files} WHERE filepath = '%s'", $file);
+ if (!$file = db_fetch_object($result)) {
+ // We don't really care about this file.
+ return;
+ }
+
+ if (!user_access('view filefield uploads')) {
+ // sorry you do not have the proper permissions to view
+ // filefield uploads.
+ return -1;
}
+ $node = node_load($file->nid);
+ if (!node_access('view', $node)) {
+ // You don't have permission to view the node
+ // this file is attached to.
+ return -1;
+ }
+
+ // Well I guess you can see this file.
+ $name = mime_header_encode($file->filename);
+ $type = mime_header_encode($file->filemime);
+ // Serve images and text inline for the browser to display rather than download.
+ $disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
+ return array(
+ 'Content-Type: '. $type .'; name='. $name,
+ 'Content-Length: '. $file->filesize,
+ 'Content-Disposition: '. $disposition .'; filename='. $name,
+ 'Cache-Control: private'
+ );
}
+
/**
* Wrapper function for filefield_check_directory that accepts a form element
* to validate - if user specified one. Won't allow form submit unless the