Private File Access

Just for the record, for others who may be wondering about it, this is my short term resolution for making all the media files attached to media_document nodes private (i.e., requires access to node):

1. Place .htaccess file in files/media directory to prevent outside browser access.

2. Created my own mechanism for accessing the file uploaded into a media_document:

/**
 * Implementation of hook_menu().
 */
function ewb_menu() {
  global $user;
    
  $items = array();

    $items['displaydoc/%'] = array(
      'title' => 'Display Document',
      'page callback' => 'ewb_display_document',
      'page arguments' => array(1),
      'access callback' => 'user_is_logged_in',
      'type' => MENU_CALLBACK
    );

  return $items;
}

then

/**
 * Display file associated with this node.
 */
function ewb_display_document($nid) {
  $node = node_load($nid);
  $media = media_nodes_load_item($nid);
  $filename = media_filename($media);
  $mime = file_get_mimetype($filename);
  $content_type = "Content-type: ".$mime;
  $file = basename($filename);
  $headers[] = $content_type;
  $headers[] = "Content-Disposition: attachment; filename=\"".$file."\"";
  if (node_access('view', $node)) {
    file_transfer($filename, $headers);
  } else {
    print "You do not have access to this file.";
    watchdog('access denied', 'User may not create not access this document:<strong> '.$filename.'</strong>', $variables = array() , WATCHDOG_WARNING, 'displaydoc/'. $nid);
  }
}

3. I use computed_field module to define a link to the file access url in my media_document nodes:

displaydoc/<media_document nodeID>

Now, only users who can access the media_document node can access the file attached to it. Period.

Would be nice, however, to have some solution from within mmedia_nodes.module. But, I am happy for the moment.

Well, I've resolved my immediate problem, so no rush. But, it would be nice when you get a chance.