By cfowler on

Hi,

I have a need to restrict downloads of specific file attachments to authenticated users. But, I do not want to restrict downloads of all file attachments. I am using the file manager and attachments modules. I am also using taxonomy access control. I think there is a way to do this as I've seen places where you need to be registered to download, but I can't figure it out. Does anyone know how to do this?

Also, if I get this solved, I will of course want to keep log of users who download the module. Download_count seems to keep a count of the number of downloads, but I want to see the list.

Thanks for any help you can provide.

Chuck

Comments

rgraves’s picture

rgraves commented

This is a question I've asked and haven't got any answers to yet. I have a site that's already in place with lots of files in the /files directory. We need to lock them down so that only authenticated users can access them.

Does anyone know how to do this, specifically with a site that's already built? We can't have URLs change or it will mess up our site big time.

-Anti-’s picture

-Anti- commented

I'm interested in this too.
I've got 1000 pdf downloads to manage spanning 50 different categories.
Both the categories and downloads need to be allocated permissions based on user-role.

Can Drupal do this? I haven't seen a proper download repository yet in Drupal.
Cheers.

vkr11’s picture

vkr11 commented

I am interested in this too. I would like to attach pdf/doc/ppt files to nodes (cck). The node should be accessible by anyone, but only the autheticated users should be able to see the file. Moreover would need a list of people who have downloaded the file.
Appreciate any response.

-Victor

vm’s picture

vm commented

use the private file system and put your files folder above the public doc root where it is inaccessible to internet at large.

_____________________________________________________________________
My posts & comments are usually dripping with sarcasm.
If you ask nicely I'll give you a towel : )

bmeier’s picture

bmeier commented

I have files in sites/default/files and private mode on but I'm still able to access the URL and get the file even when not logged in. Does anybody have more details on this, for Drupal 6 specifically?

vm’s picture

vm commented

As I previously stated for files to truly be private the files folder must be stored above the public root and a relative path used in the administer -> file system area.

That means files stored in sites/default/files is still in the public root and can be accessed with a link.

you must store the files folder above the public root or at the same level as the public folder in order for them to be inaccessible by links from anon users.

arhak’s picture

arhak commented

I have my download mode set to private and the files directory out of my public folder, and everything it's just ok, as expected.
Question: If somebody has the public method with the files directory under Apache's public folder, Isn't any way of fixing it without moving the directory with something in .htaccess?
If .htaccess forbids the access to that directory, would Drupal be able to server the files like the private method?

vm’s picture

vm commented

IMO using .htaccess to stop the "hotlinking" of files causes more problems then it fixes. I've found you tend to block more legit users then not.

You can of course research the idea, there are many different schools of thought and use the .htaccess methods if you so choose.

In my experience, if you want something private, it probably shouldn't be on the internet. Even above the public root, you can stop users from handing out their login credentials.