Allow the use of publicly-accessible files from the private filesystem [#3158191]

The private filesystem is not private by default. To make a file private it is necessary for a module to implement hook_file_download() and deny access based on whatever business logic you need.

In our case, we allow anonymous access to many private files if the parent media is in a "public" group. The formatter simply refuses to display these:

      if ($uri_scheme == 'public') {
        ...
      }
      else {
        drupal_set_message(
          t('The file (%file) is not publicly accessible...

The formatter should not blindly assume that files served via the private filesystem are inaccessible externally. Can we test for each file whether it is accessible?

Comments

Comment #1

10 July 2020 at 04:43

John Pitcairn created an issue. See original summary.

Comment #2

johnpitcairn commented 10 July 2020 at 09:33

On further investigation, I think the only way to test access to the file would be to either

Invoke hook_file_download() and parse the result, or
Request the actual file url via the httpClient service.

Both these have the problem of not being able to return any cache metadata, and since we are in a field formatter, the result will get blindly cached irrespective of the business logic used to determine access.

So perhaps we can get around this if the scheme is private by adding an event or drupal_alter() to allow custom business logic to return an accessResult with cachability data (for the anonymous user). Any enthusiasm for a patch along those lines?

Another option might be to provide a setting on the formatter that removes the restriction, with a suitable warning about the consequences of spamming the google API with unreachable URLs. I'm assuming that's why this restriction was originally added?

Comment #3

toamit commented 11 August 2020 at 21:00

For the formatter there is no need to assume public or private filesystem. The entity whether custom or stock provide access controls for visibility of files for anonymous users. We have several formatters that work just fine, including google charts on private filesystem files with custom entity. So removing hard requirements on the formatter is a better approach.