Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hello,
Installed the module, Private Upload Status is as follows:
* Public File Folder: 'sites/all/files'
* Private File Folder: 'sites/all/files/private'
* sites/all/files/private exists and is writable. Great.
* You have an .htaccess file in private folder. Great.
* Your private folder is not accessable. Great!
* File download method is set to public. Great.
* There are no old-style private files hanging around. Great.
* There are '47' files in the private folder, and the DB thinks there are '48' private files.
* There are no public files attached to private nodes. Great.
* Uploaded files in db: '48' files attached to '48' nodes.
Everything looks ok there, but when I log out and then try to access a private file directly by typing in it's URL, it works and the file is downloaded!
Any ideas on where I've gone wrong?
Thanks,
Marc
Comments
Comment #1
starbow CreditAttribution: starbow commentedif it is a publicly accessable site, can you use my contact form to send me the url of the file.
thanks,
-t
Comment #2
muckermarc CreditAttribution: muckermarc commentedHi,
Just sent you a sample URL via your website contact form, let me know if you need more info,
Cheers,
M
Comment #3
starbow CreditAttribution: starbow commentedHi Marc,
The most important rule of private upload is that the files are only as private as the nodes they are attached to. If an anonymous user can see a node, and anonymous user have the view attachments permission, the files attached to that node are effectively public, even if they are set to private.
Comment #4
muckermarc CreditAttribution: muckermarc commentedHi Tao,
Thanks for clarifying.
The functionality I was after was that anonymous users would see the node - effectively a gateway page giving them an introduction to what was contained in the attached file. Then they must register/login to download the file.
I had investigated using Drupal's built-in secure uploads feature, but there are some attachments which I would like to make available to anonymous users, and I believe the built-in approach is "all or nothing" - either anonymous users can download all attachments, or no attachments.
Could you advise on how best I can achieve the functionality I'm looking for? Would I have to create an additional layer of nodes which are only accessible by registered users and then hang the attachments from there?
Many thanks for your help,
M
Comment #5
jkmickelson CreditAttribution: jkmickelson commentedThe modules I use to achieve this type of private and public functionality are Nodeaccess and Private Upload
Comment #6
1kenthomas CreditAttribution: 1kenthomas commented+1; //subscribing here as well, and as long as I'm here: would it be difficult to patch private uploads to have an option where the parent node could be available to anon, but not the attached file(s)? Thanks.
Comment #7
hedac CreditAttribution: hedac commentedwhy to create a folder inside the public files folder? why not to specify an unreachable from the web folder ?
Comment #8
starbow CreditAttribution: starbow commented@hedac - this module relies on Drupal's built in private file management, which prevents access to any files outside of the current files directory.
Comment #9
Jody Lynn