hook_file_download() should return

If the user does not have permission to access the file, return -1. If the user has permission, return an array with the appropriate headers. If the file is not controlled by the current module, the return value should be NULL.

but Video calls drupal_access_denied.
This leads to a sort of double page and errors like "Warning: Cannot modify header information - headers already sent by ..." in the logging.

Patch attached to change it to return -1 in stead.

CommentFileSizeAuthor
#4 denied_access_to-1924378-4.patch604 bytesanrkaid
video-file_download_denied.patch670 bytesJvE
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

JvE’s picture

JvE CreditAttribution: JvE commented
Status: Active » Needs review
brycefisherfleig’s picture

brycefisherfleig CreditAttribution: brycefisherfleig commented
Issue summary: View changes
Issue tags: +7.x-2.11 roadmap
ydahi’s picture

ydahi
Location Waterloo, Canada
CreditAttribution: ydahi commented

Great, was running in to this issue - patch works perfectly fine.

Video 7.x-2.11

anrkaid’s picture

anrkaid CreditAttribution: anrkaid commented
FileSize
denied_access_to-1924378-4.patch604 bytes

Actually, user can have access to the converted version (for example, preview) and not have access to the original file.
Therefore, video_file_download() should return NULL in this case instead of '-1', because '-1' value means 'discard other modules overrides & deny access'.

heshanlk’s picture

heshanlk
he/him
Primary language Singhalese
Location New York City
CreditAttribution: heshanlk as a volunteer commented
Status: Needs review » Closed (works as designed)
JvE’s picture

JvE CreditAttribution: JvE as a volunteer commented
Status: Closed (works as designed) » Closed (duplicate)

This issue was fixed in #2320777: Allow other modules to grant or deny access to converted videos.