On 1/22/2013 4:20 AM, Maik wrote:
Is the a way - any way - that uploaded / attached media has the same
access restrictions as the posts they're in?
I've written a plugin that should accomplish this.
See:
https://github.com/ringmaster/secretfile
Install and activate the plugin. Create a post. Find a file in the
Habari Silo to insert as a link into the post. Choose the new menu
option "insert secret_link" from the menu under that file. A shorttag
will appear in the editor. Save the post.
The shorttag that is created will be rendered as a link by Habari when
the post is displayed to a user. When the user clicks on the link, the
selected file downloads. The file streams through PHP, so there is no
direct access to the file. The trade-off here is efficiency for security.
Displaying the link in the post saves a value to that user's session.
As a result, the user must visit the post immediately prior to
attempting the download. If the user attempts to go directly to the
download URL without visiting the post, they will first be redirected to
the post. If they are not logged in, it's possible that the post will
"not exist" for them, and they will instead be directed to the home
page. If permissions prevent the user from viewing the post, they will
not be able to download the file.
Currently, the plugin only works with the Habari Silo. There were some
issues with other silos and the information they return being incomplete
for the purpose of this plugin. Hopefully this will be corrected.
Owen
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/habari-users