I'd like individual files marked private to be viewable only by users with permission based on roles.

In the description of the PU module, it states:

using the rule that a user can see a file marked private, if-and-only-if they have view access to at least one of the nodes that the file is attached to.

where does PU grab this permission information? I'm using nodeaccess to grant node view rights to only certain roles, however as an anonymous user, following a download link generated by a views output, I can get access to the private file. The download link has been corrected to go through the system directory. (as discussed here: #575784)

I've also tried using TAC, which would be my preferred method, but I'm getting the same results: anyone can see/download these files.

Thanks in advance!
Sean

Comments

sean porter’s picture

sean porter commented
Status: Active » Closed (fixed)

sorry it does look like PU is respecting permissions set by nodeaccess, its actually a problem relating to another issue.