In general, I'm struggling to manage downloads permissions over supposed private files, and for that I already posted a support request (mentioned below).

Today in particular I set up a fresh drupal instance to make some test.
I created a parargaph with a couple of fields:

  • a private file
  • an expiration date (for the imaginary document)

Then I associated the obtained paragraph to users, as it was an additional field. In the scenario I have in mind, in fact, I have users with associated documents and related deadlines, so those files shouldn't be accessible if not by the user they belong to or by an adequately privileged user.

As a result I discovered both a simple user and the administrator too get a 403 if they try to download one of those files in one environment, besides, in another environment I could get the supposed private files anyway with a wget. :-(

I'm lost, and I'm lost twice, since I already had doubts concerning how private files are supposed to work. The only way I got the desired behaviour is by associating users a private file field, but that way I cannot get the additional required field, that is the date! :-(

Thanks in advance!

Andrea

FINAL UPDATE: the reason for the unexpected behaviour was I created the file field within the paragraph with a public destination; before deleting it (I couldn't change that setting in particular) I tried adding an extra parallel file field, this time classified as a "private file"; well, 200 and 403 responses as expected; so I hope by confessing my stupid mistake I will spare the same "mess for nothing" to somebody else in the future... ;-)

Comments

AppLEaDaY created an issue. See original summary.

appleaday’s picture

appleaday commented
Issue summary: View changes
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.