Private File Access
SomebodySysop - February 9, 2009 - 08:51
| Project: | Media Manager |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I can't figure out how to make access to files uploaded using Media Manger private.
Sitewide, the download method is: Private
In Media settings:
I checked: Allow Private Storage
The public media directory is: files/media
The private media directory is: files/private
Yet, when I click on "node/add/media_document" and upload file, it is uploaded to: files/media.
What do I need to do to make these uploads "private"?
Thanks!
#1
Just for the record, for others who may be wondering about it, this is my short term resolution for making all the media files attached to media_document nodes private (i.e., requires access to node):
1. Place .htaccess file in files/media directory to prevent outside browser access.
2. Created my own mechanism for accessing the file uploaded into a media_document:
<?php
/**
* Implementation of hook_menu().
*/
function ewb_menu() {
global $user;
$items = array();
$items['displaydoc/%'] = array(
'title' => 'Display Document',
'page callback' => 'ewb_display_document',
'page arguments' => array(1),
'access callback' => 'user_is_logged_in',
'type' => MENU_CALLBACK
);
return $items;
}
?>
then
<?php/**
* Display file associated with this node.
*/
function ewb_display_document($nid) {
$node = node_load($nid);
$media = media_nodes_load_item($nid);
$filename = media_filename($media);
$mime = file_get_mimetype($filename);
$content_type = "Content-type: ".$mime;
$file = basename($filename);
$headers[] = $content_type;
$headers[] = "Content-Disposition: attachment; filename=\"".$file."\"";
if (node_access('view', $node)) {
file_transfer($filename, $headers);
} else {
print "You do not have access to this file.";
watchdog('access denied', 'User may not create not access this document:<strong> '.$filename.'</strong>', $variables = array() , WATCHDOG_WARNING, 'displaydoc/'. $nid);
}
}
?>
3. I use computed_field module to define a link to the file access url in my media_document nodes:
displaydoc/<media_document nodeID>Now, only users who can access the media_document node can access the file attached to it. Period.
Would be nice, however, to have some solution from within mmedia_nodes.module. But, I am happy for the moment.
#2
I'm looking into this problem, since it's supposed to be part of the mmedia module itself. However, I haven't really tested the entire section that allows the private files. It'll be a little while before I can get to really looking into this.
#3
Well, I've resolved my immediate problem, so no rush. But, it would be nice when you get a chance.