Drupal Filefield User Permissions Granularity

Question

I have a Drupal 6 site with a node type that has an optional, unlimited value, Imagefield (Filefield/CCK) setup. The node type's content permissions are set to allow all authenticated users to be able to edit those nodes, which is great. Users can edit a node and attach images to the Imagefield, also great.

However, when a user is editing one of these nodes, they are also able to edit/delete Imagefield images uploaded by other users. How can I prevent a user from editing and/or deleting Imagefield images that were not uploaded by themselves?

tyler.frankenstein tyler.frankenstein · Accepted Answer · 2011-09-30T20:48:05

Thanks to a few folks in the #drupal-support channel on IRC, I was able to get an answer to this question. Here is an example module based solution:

function my_module_form_alter(&$form, &$form_state, $form_id) {
  global $user;
  switch ($form['type']['#value']) {
    case "my_content_type":
      if (user_access("administer nodes")) { break; }
      foreach (array_keys($form['field_my_images']) as $key) {
        if (!is_numeric($key)) { continue; }
        if ($form['field_my_images'][$key]['#default_value']['fid']) {
          if ($form['field_my_images'][$key]['#default_value']['uid'] != $user->uid) {
            $form['field_my_images'][$key]['#access'] = false;
          }
        }
      }
      break;
  }
}

I feel silly now that I realize my whole problem was because I was accessing e.g. :

$form['#node']->field_my_images

instead of:

$form['field_my_images']

Drupal Filefield User Permissions Granularity

1 Answers