I'm not sure if this is due to a clash with another module I have installed, but I'm having major issues when presenting a public file for download, anybody else having this problem?
The file/*/download?token=xxx links often bring up 'Access denied, not authorised' even for uid=1. File settings are all set to public. Sometimes downloads work for anonymous user, sometimes they work after a permissions rebuild and cache flush, sometimes they work for 1 or 2 files on a page and not others, I can't seem to establish any consistency in the behaviour :(
Seems to be same problem here StackExchange problem
Comment | File | Size | Author |
---|---|---|---|
#4 | file_entity_download_link_fix.patch | 695 bytes | sambfries |
Comments
Comment #1
johnphethean CreditAttribution: johnphethean commentedComment #2
johnphethean CreditAttribution: johnphethean commentedHere's some bug reporting after a bit of investigation:
Add document existing in library via WYSIWYG (CKEditor 3.6.6.1.7696) - file display: link.
After browser cache refresh, download works for user 1 but not anonymous
After rebuilding permissions and flushing all caches, download works for whichever role accesses it first, anonymous or user 1, for all documents on that page.
However I tried uploading a brand new document to a page with no other downloads, and that's not accessible to anonymous at all even though I made the destination public.
What's going on there?
Comment #3
ericwongcm CreditAttribution: ericwongcm commentedSomeone posted at fix here.
https://drupal.org/comment/8173505#comment-8173505
Someone please put this into file entity code.
Comment #4
sambfries CreditAttribution: sambfries commentedJust ran into this bug myself; here's a patch that will prevent this from happening, and also make sure not to duplicate any other values from the handler's options["alter"] field.
As an FYI, the cause of the issue was the download token for the first file in a view was getting forced onto every other download link generated, which is why access was being denied (even for admin); the token was invalid for any file that wasn't the first one in the view.
Comment #5
Dave ReidThis was fixed by #2135361: Dowload links generated on views list share same token preventing files from being accessible.