Access an object containing a file, but not the file itself.

« 
Previous topic
|
Developer
|
Next topic
 »
Author Message

Atle Pedersen

Thursday 04 January 2007 5:29:57 am

Hello!

A customer needs to upload files. The name and information about the files should be visible to all users, including anonymous users. However, it is required to log in before being allowed to download one of the uploaded files. That means I need partial access to an object. Or I need to allow reading of the object, men not downloading of files.

Is there a mechanism that allows this in eZ?

-----

I haven't been able to find one, so I went about making an extension with a new module containing a fetch function, thinking that the access restrictions were on module level. The function is very simple and looks like this:

  function get_Attrib( $nodeID ){
    $rootNode = eZContentObjectTreeNode::fetch( $nodeID);
    if ($rootNode===null) return false;
    $list =& $rootNode->subTree( );
    if ( $list === null ) return false;
    return array( 'result' => &$list );
  }

Even though I've granted all users full access to my new module including this function, it seems that the fetch function is still limited by the restrictions set for the content module. Am I doing something wrong, or is this a bug/feature?

Claudia Kosny

Thursday 04 January 2007 1:37:26 pm

Hi Atle

If you want to fetch a subtree no matter the permissions, you need add a parameter array(Limitation => array()) to the subtree function. Have a look at the code ofeZContentObjectTreeNode::subtree for clarification.

If you are not adverse to a bit of kernel hacking, you could try to change the module.php in kernel/content. Change the value of functions in the variable $ViewList['download'] to e.g 'my_download'. In the functionList below copy the entry for $FunctionList['read'] and change the key to 'my_download'. Now you can set the permissions for access to the download view the way you want. Please note that I have never tried this for the download, so test this first and keep a backup of the original module.php!

Claudia

Atle Pedersen

Friday 05 January 2007 5:41:21 am

Thank you Claudia, you give valuable help. My extension now works as required.

Betsy Gamrat

Saturday 20 January 2007 9:06:46 pm

Different idea:

Use a template to check if the user is logged in, and allow only authorized users to download the files.
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.