diff --git a/modules/upload.module b/modules/upload.module
index 421e874deca8b0142a7960fc5e9d674b28b79361..9163586fa5fa6ae55aa5cab505ddcd1726cc881b 100644
--- a/modules/upload.module
+++ b/modules/upload.module
@@ -27,7 +27,7 @@ function upload_help($section) {
case 'admin/modules#description':
return t('Allows users to upload and attach files to content.');
case 'admin/settings/upload':
- return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
+ return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
}
}
@@ -144,10 +144,10 @@ function upload_download() {
}
function upload_file_download($file) {
- if (user_access('view uploaded files')) {
- $file = file_create_path($file);
- $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
- if ($file = db_fetch_object($result)) {
+ $file = file_create_path($file);
+ $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
+ if ($file = db_fetch_object($result)) {
+ if (user_access('view uploaded files')) {
$node = node_load($file->nid);
if (node_access('view', $node)) {
$name = mime_header_encode($file->filename);
@@ -164,9 +164,9 @@ function upload_file_download($file) {
return -1;
}
}
- }
- else {
- return -1;
+ else {
+ return -1;
+ }
}
}
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 421e874deca8b0142a7960fc5e9d674b28b79361..9163586fa5fa6ae55aa5cab505ddcd1726cc881b 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -27,7 +27,7 @@ function upload_help($section) {
case 'admin/modules#description':
return t('Allows users to upload and attach files to content.');
case 'admin/settings/upload':
- return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
+ return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
}
}
@@ -144,10 +144,10 @@ function upload_download() {
}
function upload_file_download($file) {
- if (user_access('view uploaded files')) {
- $file = file_create_path($file);
- $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
- if ($file = db_fetch_object($result)) {
+ $file = file_create_path($file);
+ $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
+ if ($file = db_fetch_object($result)) {
+ if (user_access('view uploaded files')) {
$node = node_load($file->nid);
if (node_access('view', $node)) {
$name = mime_header_encode($file->filename);
@@ -164,9 +164,9 @@ function upload_file_download($file) {
return -1;
}
}
- }
- else {
- return -1;
+ else {
+ return -1;
+ }
}
}