I have images attached to both nodes and taxonomy_terms via an Image-field.
However, the files for taxonomy_term are broken when they are set to 'private files' in admin/structure/taxonomy/{voc}/fields/{field}.

Since mostly the fields are shown via ImageCache, I didn't get an error. but clicking the filename in the widget generates the following error: "Access denied You are not authorized to access this page."

I have tested this on 2 systems with parallel tests for node-fields and taxonomy_term-fields, with repeatable results.
- It doesn't seem an autority-problem, since all directories are created newly from within Drupal.
- I did set a 'File directory'. I haven't tested without it.
- table file_managed has no diferences between the two files; field uri is set to "private://{file_directory}/{filename}
- table file_usage has an (intended) difference: field type is set to 'node' vs. 'taxonomy-term'
- function function file_save_upload() gave no errors;
- the physical locations of the files seem correct.

Comments

johnv’s picture

johnv
Primary language Dutch
commented
Title: Private files broken for Imagefield in Taxonomy Term » Private files broken for Filefield/Imagefield in Taxonomy Term

The same happens not only with Imagefield; also with Filefield.
So, I am not sure if this issue belongs to Component 'file system' or 'field system'.

johnv’s picture

johnv
Primary language Dutch
commented

OK, I found this issue: file_file_download() only implements access checks for nodes and users , which has a small patch for taxonomy terms in comment #58. After flushing the cache, it resolved the problem.

johnv’s picture

johnv
Primary language Dutch
commented
Status: Active » Closed (duplicate)

I suppose this issue is then a duplicate.

Anonymous’s picture

Anonymous (not verified) commented
Status: Closed (duplicate) » Active

Subscribing...

Change from duplicate to active because I can't see that page from the link in comment #2. I get an "access denied" page.

I'm having the same issue and this is the only related issue I found.

johnv’s picture

johnv
Primary language Dutch
commented
Status: Active » Closed (duplicate)

I've seen this before. Because it is a security error, the page has been disabled after the patch has been applied, to avoid people exploiting the error. It is unfriendly/unclear behaviour though - instead of disabling the page, an explanation would be better.
You should upgrade to a higher Drupal version, where it is resolved.