I want to restrict access to files that are served by Storage API.

I noticed that Storage API v1.2 defines functions for access control, although currently they end up returning true always. Is this because the access control is not implemented yet and these are mainly placeholders or is it is something that is already doable and I just need to configure permissions? (Couldn't find how).

Ideally, I want to be able to restrict files depending on the role of the user.

I am currently using the database container.


jdjeet’s picture

Priority: Normal » Major

Same issue here, I don't see an option to control access to specific files for a certain user as mentioned in module page.

Will post here if I found something. expecting same from the community.

jrao’s picture

Status: Active » Closed (fixed)

I think this is already fixed, at least in 1.5. Storage class's access() method will invoke hook_storage_access to perform access check, storage_core_bridge implements hook_storage_access check by loading the node containing the file, and run node_access('view') on it.