on my website i have two types of files that end users can download - one of them are available for all visitors, and second is only for registered users (users that are logged in).
setting of drupal allows to set only if files are available for all users or only for users that are logged in.
how can i achieve that some files are public and some not?
thank you in advance!
Assumption: you're using Drupal 6.
If you're using the upload module to attach files to your nodes: consider using http://drupal.org/project/private_upload
If you don't mind creating manual links to the files in your Node bodies (and uploading the files yourself to the private folder) consider http://drupal.org/project/private_download
If you're using filefields consider using http://drupal.org/project/filefield_private
Some up these modules have hardly an uptake (click on the usage statistics link on each of the above links I've shared with you).
Unfortunately mixing private and public downloads is a known area of weakness for Drupal 6. Drupal 7 has fixed this.
Related
I have Yii2 application where users can upload and share files of different types. Once a file is uploaded, it could be downloaded only by certain other users and there are a whole bunch of checks that go behind this process.
My problem is that the files are stored on the server and if someone has the link directly to the file then they can easily be downloaded without going through any kind of authorization or security checks. How can I prevent this?
P.S. It could be any kind of solution, not one related to Yii2.
The following approach comes to my mind.
Store the files at a location in file system that is not made publicly accessible by a web server.
Make them available by reading them from file system and sending them to browser when the user retrieves the URL that also does the security checks. A redirect to another URL that does not do security checks has to be avoided.
If you give more details about a more specific problem or question people can give you more specific information.
i am new to Drupal and want to do the following:
Allow for a simple user registration process
Once the user is registered, allow them to register a project->a project is going to basically have a name, an address and a picture.
Allow for projects to have teams within themselves
kindly guide how to proceed and modules required to do this.
So, there is a core module called "Users". That allows for username creation and authentication. Just go to "admin/modules" and enable it. Then take some time to familiarize yourself with how that works in terms of the experience of creating an account and managing users.
If you require additional login functionality (such as being able to log in using and email address instead of a username), there is a module called LoginToboggan that provides a lot of good functionality
For user profiles, there is a new Drupal 7 module called Profile2 which should meet your needs. Just install it and its dependencies and specify which fields should be in a user profile.
For teams and projects, I think that maybe you're thinking about things the wrong way. Look into the module Organic Groups. That will allow you or users to create their own teams that can then be associated with different nodes.
Finally, create a node type called Project. Specify whatever fields you need for that project. Then, set your permissions so that users can create groups and create new Projects.
I'm trying to figure out how to store user settings.
A User goes to Settings. There are lists of services and categories etc and the user selects which of them he/she wants to use. These lists are loaded from .xml files and have a simple structure, ie ServiceName + true/false (selected/not selected). But through the lifetime of the application there will be added another lists so there can be something about 50 .xml files or more.
Is IsolatedStorageSettings everything I need or it is only for application settings and preferences and not for custom user settings?
You can use Application Settings stored in Isolated Storage but for what you're trying to do you might want to look at something like SterlingDB. SterlingDB is simple and it's easy to get up and running. It also uses Isolated Storage.
I've created some new fields for users who register in admin/config/people/profile
since we are still building the site I want to port these out to a features module
but am completely unable to figure out how to do this? I thought it would be some
thing like Features >> [Create Feature] [Edit components] >> Variables but cannot
find my custom fields?
I named my new form Registration, and tried view sourcing and flipping through the
source with the find command but am unable to find it there either. Anyone know what
it might be called or under?
In order to unlock the profiles, I used this Administer user profiles in Drupal 7 method.
In case you hadn't figured it out yet, you can export fields by selecting the "Fields: field" component when creating your view.
By the looks of your URL you're not using the latest 7.12 core version? Currently the page to manage the fields for user profiles is located at "Administer > Configuration > People > Account Settings > Manage fields" (admin/config/people/accounts/fields) page, so you may need to update...
Did you create a profile or add the fields directly to the user entity?
With the drupal 7 fields API you don't need the profile module anymore in fact it's deprecated. Because of that I don't think their is features support for profiles
I am building a DotNetNuke 5.6 Module. The module contains a form with some textboxes and the dotNetNuke Rich text Editor.
Users are supposed to fill this form and it is saved to the database.
Everything is working just fine.
The problem though is that users can use it to upload images or documents to the server if they select to add a link.
The problem here is : Users will upload documents to the portal root which will make them visible to other users. We do not want this to happen as each user's documents are private and should not be visible by other users.
The question is:
Can I restrict users to upload documents to a specific folder visible only to that user? this is to prevent different users from seeing each other's private documents?
OR
Can I restrict users from uploading documents altogether?
Thanks
Folder security settings are found in the Admin - File manager. Write permissions control upload:
Allowable File Extensions are in the Host Settings - Other Settings. This is a global security feature, and does not include common media file extensions by default:
In addition, different HtmlEditorProviders do have folder and upload settings in their configuration. HtmlEditorProviders are configured with provider-specific web.config properties and configuration files that are found under /Providers/HtmlEditorProviders.
Telerik provider has ImageManager.ViewPaths, ImageManager.UploadPaths and ImageManager.DeletePaths properties, and also maximum upload sizes for different file extension groups (image, media, document, flash, silverlight, template ). Cute Editor has some support for role-based default upload directories, but I couldn't find these in the Telerik provider.
See also:
How to Upload Restricted File Types in DotNetNuke