On 1/22/2013 4:20 AM, Maik wrote:

Is the a way - any way - that uploaded / attached media has the same
access restrictions as the posts they're in?

I've written a plugin that should accomplish this.

See:
https://github.com/ringmaster/secretfile

Install and activate the plugin. Create a post. Find a file in the Habari Silo to insert as a link into the post. Choose the new menu option "insert secret_link" from the menu under that file. A shorttag will appear in the editor. Save the post.

The shorttag that is created will be rendered as a link by Habari when the post is displayed to a user. When the user clicks on the link, the selected file downloads. The file streams through PHP, so there is no direct access to the file. The trade-off here is efficiency for security.

Displaying the link in the post saves a value to that user's session. As a result, the user must visit the post immediately prior to attempting the download. If the user attempts to go directly to the download URL without visiting the post, they will first be redirected to the post. If they are not logged in, it's possible that the post will "not exist" for them, and they will instead be directed to the home page. If permissions prevent the user from viewing the post, they will not be able to download the file.

Currently, the plugin only works with the Habari Silo. There were some issues with other silos and the information they return being incomplete for the purpose of this plugin. Hopefully this will be corrected.

Owen

--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/habari-users

Reply via email to