Peek user & private download method
blackdog - September 27, 2007 - 13:03
| Project: | Peek |
| Version: | 5.x-1.0 |
| Component: | Miscellaneous |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
We're using the private method for serving files, and wanted to use the peek module to do what it does, but the user that's beeing created doesn't have access to private method files in the node.
I guess the problem is that the status is 'blocked', but that is a good thing in all other respects. We could also give them a specific role, and make them 'active', but that makes other parts of the site harder to manage.
Any ideas how to handle this?
#1
This is a good example of the limitations of the module. Users that get created by a peek are blocked, but that doesn't restrict the initial page load because the authenticated permission is only an illusion for the current page load - i.e., it doesn't actually matter the status of the user, because they're not actually logged in!
The only easy way to work around this problem would be to grant private downloads to anonymous users, but you probably don't want to do that.
A slightly more complicated way might be to have the attachment download when loading the node page (i.e., instead of a separate link, so that the temporary permissions are used). You might be able to hack your theme to do that ...
If anyone has a good idea of how to implement this issue within the current module, I'd be grateful!
#2
Thank you for your reply, I'll look into hacking the theme so serve the files differently.
The thing is that the attachement in this case is a video file that plays on node load, so I don't really know if there's anything to do about it... I'll look into it more and get back to you if I find a solution.
#3
If your attachment is actually a video file that's supposed to play in place, then presumably you've got some code that generates html that looks like this:
<object height="168" width="228"><param name="movie" value="http://www.youtube.com/v/rSwr1BMDBKg"><param name="wmode" value="transparent"><embed src="http://www.youtube.com/v/rSwr1BMDBKg&rel=0" type="application/x-shockwave-flash" wmode="transparent" height="168" width="228"></object>This example actually plays a video that lives on youtube, but the basic idea is similar to most video players I think. The key is that you're passing a url to a helper application (similar to an img tag) that initiates it's own http connection. In your case, that url is going to be on your drupal domain.
So to make this work:
1. this url has to be public, i.e. not require authentication.
2. the url has to somehow be peek encoded.
3. drupal has to somehow recognize that the connection is being referred from a peek connection.
1. is definitely the simplest option, but that means your videos are all public (technically, though possibly protected via obscurity). If you have possible load issues, this is also the lightest - when you're using secure attachments, the attachment connection invokes the drupal bootstrap, otherwise it doesn't.
2. is possible, but would be difficult - an enhancement to the peek module.
3. might be a good compromise: it might be less secure than peek encoding all the connections, but it'd be easier to implement than 2.
Thanks to martin @ surge for a conversation about this last week ...
- Alan