I have Views Data Export installed, which creates a CSV file attached to every node. This file has all of the data from a field collection field arranged as a CSV.

The only user that should be able to download this CSV file is the admin (user 1) and the user that created the node.

In Views Data Export, I can select Role as a permission, and assign it to all “Managers”, but that means each “Manager” can download other Managers data if they get the URL right. Anyone wanting to maliciously steal data, or sneak a peak at how much their colleagues are earning can simply guess the URL of the CSV file.

How would I restrict this download to the author of the node?

I have tried installing Path Rules, and creating a Rule that checks that the path of the CSV ends with CSV, and then runs a condition to check that the Nid of the currently logged in user matches one created by the author, but the download happens automatically regardless. There doesnt seem to be a path check before it is downloaded.

Stuck here scratching my head, would welcome even the slightest suggestion, or just a fresh pair of eyes! Thanks.

OK, some progression…

I delved into creating a views custom access like so…

Added files[] = couples_page_custom_access_plugin.inc to a custom module info file

Added the following to couples_page_custom_access_plugin.inc

<?php    /**    * Access plugin that provides property based access control.    */   class couples_page_custom_access_plugin extends views_plugin_access {      function summary_title() {       return t('Couples Page Check User is Author');     } // summary_title()    /**    * Determine if the current user has access or not.    */     function access($account) {           return couples_page_custom_access($account);     }      function get_access_callback() {       return array('couples_page_custom_access', array());      }    } 

Then added this to a custom module…

  function couples_page_custom_views_plugins() {     $plugins = array(       'access' => array(         'test' => array(           'title' => t('Couples Page Check User is Author'),           'help' => t('this is a custom access plugin'),           'handler' => 'couples_page_custom_access_plugin',           'path' => drupal_get_path('module', 'couples_page_custom'),         ),       ),     );     return $plugins;   }    function couples_page_custom_access($account = NULL) {     global $user;     $access = false;      $account = user_load($user->uid);     $node = node_load(arg(1)); // Get the nid from the URL of the CSV file.      // If the UID of the currently logged in user matches the UID of the node author return true.     if ($account == $node->uid) {       $access = true;      }     return $access;    } 

But its not really working. If I set $access = true it works, and $access = false, it doesnt, so I know the plugin is working. It must be the logic in the last bit here…

function couples_page_custom_access($account = NULL) {         global $user;         $access = false;          $account = user_load($user->uid);         $node = node_load(arg(1)); // Get the nid from the URL of the CSV file.          // If the UID of the currently logged in user matches the UID of the node author return true.         if ($account == $node->uid) {           $access = true;          }         return $access;        } 

Perhaps I am not getting the author uid of that node correctly? I will look into it.

Sponsored by SupremePR

• Spotify Promotion Services

• SoundCloud Promotion

• TIKTOK Promotion

• SoundCloud Repost Service
• SoundCloud Promotion Service
• Spotify Playlist Promotion
• Spotify Playlist Placements