Ran into some unexpected 403s on a site using private file downloads (I hate private file downloads).

This makes filefield_file_download() only prevent access if every node a file is attached to is denied instead of just one - which I think is closer to how node_access() actually works.

#2 hook_file_download.patch1.67 KBcatch
hook_file_download.patch1.21 KBcatch
Members fund testing for the Drupal project. Drupal Association Learn more


quicksketch’s picture

Status: Needs review » Reviewed & tested by the community

Looks sane to me, nothing like loading multiple nodes to check access on a file! I completely agree that private files are completely ridiculous, but hey, if a user wants to make their site run the speed of a kayak rowing upstream, be my guest. I'll put in next time I'm committing. Thanks!

catch’s picture

1.67 KB

Better version - if any node returns TRUE we skip loading the rest.

quicksketch’s picture

Status: Reviewed & tested by the community » Fixed

The variable $nid was undefined in your patch, but changing this to $content['nid'] (like it was in the first patch) seemed to fix things up. Committed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.