Simple permissions for uploads per node type

19th Aug
2008

Simple bit of Drupal module code from yesterday: permissions are provided for each node type which can have attachments, providing a more granular permission set based on node type. Then, we alter any node add/edit forms and set the #access property for the attachments part of the form based on these new permissions.

Check the code out after the break, hope its of some use somewhere. Does anyone have any thoughts on unsetting form elements like this? Is it a wise thing to do, or is there a better way? Cheers to those who commented, I've modified the snippet accordingly.

  1. /* @file attachments_by_nodetype.module
  2.  *
  3.  * Simple granular permissions for uploading files per node type.
  4.  */
  5.  
  6. /* Implementation of hook_perm(). */
  7. function attachments_by_nodetype_perm() {
  8.   $permissions = array();
  9.  
  10.   foreach (node_get_types() as $type => $type_name) {
  11.     if (variable_get("upload_$type", 0) == 1) {
  12.       $permissions[] = "upload files to $type nodes";
  13.     }
  14.   }
  15.  
  16.   return $permissions;
  17. }
  18.  
  19. /* Implementation of hook_form_alter(). */
  20. function attachments_by_nodetype_form_alter($form_id, &$form) {
  21.   if ($form['type']['#value'] .'_node_form' == $form_id) {
  22.     $form['attachments']['#access'] = user_access("upload files to {$form['type']['#value']} nodes");
  23.   }
  24. }
posted in

$element['#access'] = FALSE

$element['#access'] = FALSE

Submitted by Anonymous (not verified) on Wed, 20/08/2008 - 12:58.

Cheers Mr Anonymous

Ta for that! However, it looks to me from the Form API notes that this attribute was added in Drupal 6?

Unfortunately, the site the code is used on is based on Drupal 5.

Submitted by leafish_paul on Wed, 20/08/2008 - 13:11.

In Drupal 5

It's available in Drupal 5 but for some reason isn't in the documentation.

Submitted by Dale (not verified) on Wed, 20/08/2008 - 17:08.

Actually... it's just undocumented.

If you check out the node_form() function (at http://api.drupal.org/api/function/node_form/5 ) in d5 you'll find:

 // Node options for administrators
  $form['options'] = array(
    '#type' => 'fieldset',
    '#access' => user_access('administer nodes'),
    '#title' => t('Publishing options'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
    '#weight' => 25,
  );

However the FAPI documentation does not cover it. Patch time?!

Edit: yes indeedy! Paul

Submitted by Brad Bowman (beeradb) (not verified) on Wed, 20/08/2008 - 22:22.

User 1 should always be allowed to do anything...

so

'#access' => FALSE

should maybe be something like

'#access' => user_access('user 1 only')

where 'user 1 only' could be any old string, since the function always returns true for U1...

Submitted by NicolasH (not verified) on Thu, 21/08/2008 - 12:59.

Docupatcheration

Documentation patch for 5.x branch here.

Submitted by leafish_paul on Thu, 28/08/2008 - 13:14.

Post new comment

The content of this field is kept private and will not be shown publicly.