Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Ran into some unexpected 403s on a site using private file downloads (I hate private file downloads).
This makes filefield_file_download() only prevent access if every node a file is attached to is denied instead of just one - which I think is closer to how node_access() actually works.
Comment | File | Size | Author |
---|---|---|---|
#2 | hook_file_download.patch | 1.67 KB | catch |
hook_file_download.patch | 1.21 KB | catch |
Comments
Comment #1
quicksketchLooks sane to me, nothing like loading multiple nodes to check access on a file! I completely agree that private files are completely ridiculous, but hey, if a user wants to make their site run the speed of a kayak rowing upstream, be my guest. I'll put in next time I'm committing. Thanks!
Comment #2
catchBetter version - if any node returns TRUE we skip loading the rest.
Comment #3
quicksketchThe variable $nid was undefined in your patch, but changing this to $content['nid'] (like it was in the first patch) seemed to fix things up. Committed.