Ran into some unexpected 403s on a site using private file downloads (I hate private file downloads).

This makes filefield_file_download() only prevent access if every node a file is attached to is denied instead of just one - which I think is closer to how node_access() actually works.

Files: 
CommentFileSizeAuthor
#2 hook_file_download.patch1.67 KBcatch
hook_file_download.patch1.21 KBcatch

Comments

quicksketch’s picture

Status:Needs review» Reviewed & tested by the community

Looks sane to me, nothing like loading multiple nodes to check access on a file! I completely agree that private files are completely ridiculous, but hey, if a user wants to make their site run the speed of a kayak rowing upstream, be my guest. I'll put in next time I'm committing. Thanks!

catch’s picture

StatusFileSize
new1.67 KB

Better version - if any node returns TRUE we skip loading the rest.

quicksketch’s picture

Status:Reviewed & tested by the community» Fixed

The variable $nid was undefined in your patch, but changing this to $content['nid'] (like it was in the first patch) seemed to fix things up. Committed.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.