Pixeldust Drupal Support Service

Views Data Export Permissions Problem

I have Views Data Export installed, which creates a CSV file attached to every node. This file has all of the data from a field collection field arranged as a CSV.

The only user that should be able to download this CSV file is the admin (user 1) and the user that created the node.

In Views Data Export, I can select Role as a permission, and assign it to all “Managers”, but that means each “Manager” can download other Managers data if they get the URL right. Anyone wanting to maliciously steal data, or sneak a peak at how much their colleagues are earning can simply guess the URL of the CSV file.

How would I restrict this download to the author of the node?

I have tried installing Path Rules, and creating a Rule that checks that the path of the CSV ends with CSV, and then runs a condition to check that the Nid of the currently logged in user matches one created by the author, but the download happens automatically regardless. There doesnt seem to be a path check before it is downloaded.

Stuck here scratching my head, would welcome even the slightest suggestion, or just a fresh pair of eyes! Thanks.

OK, some progression…

I delved into creating a views custom access like so…

Added files[] = couples_page_custom_access_plugin.inc to a custom module info file

Added the following to couples_page_custom_access_plugin.inc

<?php

  /**
   * Access plugin that provides property based access control.
   */
  class couples_page_custom_access_plugin extends views_plugin_access {

    function summary_title() {
      return t('Couples Page Check User is Author');
    } // summary_title()

  /**
   * Determine if the current user has access or not.
   */
    function access($account) {    
      return couples_page_custom_access($account);
    }

    function get_access_callback() {
      return array('couples_page_custom_access', array()); 
    }

  }

Then added this to a custom module…

  function couples_page_custom_views_plugins() {
    $plugins = array(
      'access' => array(
        'test' => array(
          'title' => t('Couples Page Check User is Author'),
          'help' => t('this is a custom access plugin'),
          'handler' => 'couples_page_custom_access_plugin',
          'path' => drupal_get_path('module', 'couples_page_custom'),
        ),
      ),
    );
    return $plugins;
  }

  function couples_page_custom_access($account = NULL) {
    global $user;
    $access = false; 
    $account = user_load($user->uid);
    $node = node_load(arg(1)); // Get the nid from the URL of the CSV file.

    // If the UID of the currently logged in user matches the UID of the node author return true.
    if ($account == $node->uid) {
      $access = true; 
    }
    return $access;

  }

But its not really working. If I set $access = true it works, and $access = false, it doesnt, so I know the plugin is working. It must be the logic in the last bit here…

function couples_page_custom_access($account = NULL) {
        global $user;
        $access = false; 
        $account = user_load($user->uid);
        $node = node_load(arg(1)); // Get the nid from the URL of the CSV file.

        // If the UID of the currently logged in user matches the UID of the node author return true.
        if ($account == $node->uid) {
          $access = true; 
        }
        return $access;

      }

Perhaps I am not getting the author uid of that node correctly? I will look into it.

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

Views Data Export Permissions Problem

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256