File access rights

  1. cis7 sites/all/modules/ulmus/file_entity/file_entity.module file_entity_access
  2. cle7 sites/all/modules/ulmus/file_entity/file_entity.module file_entity_access
  3. elmsmedia7 sites/all/modules/ulmus/file_entity/file_entity.module file_entity_access
  4. icor7 sites/all/modules/ulmus/file_entity/file_entity.module file_entity_access
  5. meedjum_blog7 sites/all/modules/ulmus/file_entity/file_entity.module file_entity_access
  6. mooc7 sites/all/modules/ulmus/file_entity/file_entity.module file_entity_access

The file access system determines who can do what to which files.

In determining access rights for a file, file_entity_access() first checks whether the user has the "bypass file access" permission. Such users have unrestricted access to all files. user 1 will always pass this check.

Next, all implementations of hook_file_entity_access() will be called. Each implementation may explicitly allow, explicitly deny, or ignore the access request. If at least one module says to deny the request, it will be rejected. If no modules deny the request and at least one says to allow it, the request will be permitted.

There is no access grant system for files.

In file listings, the process above is followed except that hook_file_entity_access() is not called on each file for performance reasons and for proper functioning of the pager system. When adding a filelisting to your module, be sure to use a dynamic query created by db_select() and add a tag of "file_entity_access". This will allow modules dealing with file access to ensure only files to which the user has access are retrieved, through the use of hook_query_TAG_alter().

Note: Even a single module returning FILE_ENTITY_ACCESS_DENY from hook_file_entity_access() will block access to the file. Therefore, implementers should take care to not deny access unless they really intend to. Unless a module wishes to actively deny access it should return FILE_ENTITY_ACCESS_IGNORE (or simply return nothing) to allow other modules to control access.

Stream wrappers that are considered private should implement a 'private' flag equal to TRUE in hook_stream_wrappers().

Functions

Namesort descending Location Description
file_entity_access sites/all/modules/ulmus/file_entity/file_entity.module Determine if a user may perform the given operation on the specified file.
file_entity_file_default_types sites/all/modules/ulmus/file_entity/file_entity.module End of "defgroup file_entity_access".
file_entity_file_download sites/all/modules/ulmus/file_entity/file_entity.module Implements hook_file_download().
file_entity_file_entity_access sites/all/modules/ulmus/file_entity/file_entity.module Implements hook_file_entity_access().
file_entity_list_permissions sites/all/modules/ulmus/file_entity/file_entity.module Helper function to generate standard file permission list for a given type.
file_entity_permissions_get_configured_types sites/all/modules/ulmus/file_entity/file_entity.module Returns an array of file types that should be managed by permissions.
file_entity_query_entity_field_access_alter sites/all/modules/ulmus/file_entity/file_entity.module Implements hook_query_TAG_alter().
file_entity_query_file_access_alter sites/all/modules/ulmus/file_entity/file_entity.module Implements hook_query_TAG_alter().
hook_file_entity_access sites/all/modules/ulmus/file_entity/file_entity.api.php Control access to a file.
hook_query_file_entity_access_alter sites/all/modules/ulmus/file_entity/file_entity.api.php Control access to listings of files.
_file_entity_query_file_entity_access_alter sites/all/modules/ulmus/file_entity/file_entity.module Helper for file entity access functions.

File

sites/all/modules/ulmus/file_entity/file_entity.module, line 1558
Extends Drupal file entities to be fieldable and viewable.