.:justwerks software:.

I am currently working on a small Drupal contract and part of the work is to allow files to be attached to content that only a particular user can see (User A); the trick is that the person uploading the files (User B) isn't the person that should be allowed to see them.

This technique requires a few settings and modules to work.
Setup Drupal to serve files privately, not through HTTP in admin/settings/file-system
Ensure you have the following modules installed and enabled: CCK, FileField (a CCK file field), ACL (access control lists) and Content Access.
Create a new CCK content type and in the Access Control tab enable "Enable per node access control settings" for that content type
Enable "administer access control" for the user/role of the person uploading the files
Create a new node using the CCK content type and once published change the access permissions on the node to allow only User A to see the files.

Done!

This seems to be working so far but I have more testing to do.

I have been running Drupal since about 2003, thanks to Boris. (Take that either direction you want BMann... ;)) And now that is is starting to "get popular and take over the world" - in quotes because I am sure Boris has said this at some point in the last few months - I am getting slammed by spambots.

I have about 13000 spam posts on my personal blog (it Googles quite highly) and less on this site. I used to use the Spam module when I was running Drupal 4.x but when I moved to 5.x that module was not ready for prime time so I skipped the installation.

Whoops.

Now, I have remediated this fact by putting the more capable (hopefully) Akismet spam module in place. Sure, it required me to get a WordPress.com user account (took all of 30 seconds - good work Lloyd & Co.) to get an API key to use this module but when I had the thing up for a grand total of a minute and the spam blocked count was already at 1, I know I had a winner.

If you run Drupal - use a spam guard of some sort. Or enjoy pressing Delete 260 times, as I will when I finally get around to removing the backlog. I guess I should file a feature request "Ability to purge an entire queue"...

I have just updated/upgraded to the latest Drupal (5.0!).

The upgrade went fairly smoothly on my "work" site but the two version hop on the "personal" site was a little less smooth... I had forgotten to keep that site upgraded as well as I should have. A couple of tries and some manual database checks later; I am golden.

All in all, the response time is much quicker, the re-organized administrative console is great and the new default theme "Garland" offers this truly slick javascript colour picker!

In addition, I have taken advantage of the multi-site support that Drupal has built in and now only have one code base to maintain!! This version really sings and once I get back into the groove of customizing it I think I will invest some quality time making it look a bit less like every other Drupal site with the default theme installed.

Oh, and Greg, I nuked your last comment post ... Sorry!

I just exchanged a quick note with Jeremy Andrews (the maintainer of the KernelTrap.org website and the Drupal spam module) and he has declared the spam module ready for 4.7. (4.7.1 due to a recent security patch update).

I have delayed moving to 4.7 because I can't run a Drupal site without the spam module. I regularly get hundreds of posts a day that I would have to manually delete without the automated wonder that the spam module is. My free time is waaay too valuable to waste on comment herding.

Now I will be able to upgrade this site (and others) to 4.7 and enjoy many of the great new "no programming skills needed" features along with a spam free existance!

Download, install and enjoy!