Closed (fixed)
Project:
Disk Node
Version:
4.7.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
10 Jun 2006 at 05:37 UTC
Updated:
18 Aug 2006 at 02:29 UTC
I´ve setted the Disknode download capability at the access control area, to be available only for registered users.
Annonymous users cannot do anything.
create directory
create disknode
delete files
download files
edit own disknodes
escape user directory
cargar archivos
But annonymous users can access and normally download the disknode attachments!
Is this a bug or maybe I´m missing something at the configuration?
Thanks in advance!!
Rosamunda
Comments
Comment #1
elmuerte commentedYou must set the download method to private ( this is done in admin/settings )
Comment #2
Rosamunda commentedit is setted to private method... and people keeps downloading...
Comment #3
elmuerte commentedThen you have an other module installed that does allow downloading of files, if one module permits downloading a second can't deny it. This is a "feature" of drupal.
Comment #4
Rosamunda commentedYes, I´ve installed upload, attachment and filemanager module.
But I´ve now deactivated all of them and the problem keeps appearing... Should I delete them using FTP?
Comment #5
elmuerte commentedno you don't have to delete the modules. if they are disabled they have no effect
Comment #6
samc commentedI'm having the same problem with DiskNode 4.7 and Drupal 4.7.2.
I've also got the SimpleAccess and LoginToboggan modules installed, but these seem to be configured fine to support and protect other node types.
Comment #7
elmuerte commentednot an issue with disknode, but caused by other modules and drupal it self.
Other modules that implement hook_file_download and return false when they not allow the download of the file actually cause the file to be downloaded since the resulting array of headers will have an entry. I can not explicitly deny downloading of files because there is not proper way for validating if the file is only used for a disknode.
Bug followup: http://drupal.org/node/78721
Comment #8
samc commentedIn case this helps someone, Flexinode is a known offender. A patch is in the works:
http://drupal.org/node/64573