I found this because of.
There seem to be two different issues...
First, it seems that the following line does not return anything for files/images that are attached to a private message:
$references = file_get_file_references($file, NULL, FIELD_LOAD_REVISION, $field_type);
This might be related to.
And if that would return something, http://api.drupal.org/api/function/file_file_download/7 only implements custom access checks if the entity this is attached to is either a node or a user. How are other entities (like private messages) supposed to handle this? Maybe some sort of callback so that the entity can tell if the user can view that piece of content?
Or are they supposed to implement hook_file_download themself? then file_file_download() is pretty useless and should be moved to node_file_download() and user_file_download() but that would lead a lot of duplicated code I guess. file.module should imho not have a hard dependency on node.module and user.module even if they are both required.
PASSED: [[SimpleTest]]: [MySQL] 31,558 pass(es). View
PASSED: [[SimpleTest]]: [MySQL] 31,567 pass(es). View
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch file_32.patch. View
|#58||846296_taxonomy_files.patch||667 bytes||Island Usurper|
PASSED: [[SimpleTest]]: [MySQL] 31,553 pass(es). View
PASSED: [[SimpleTest]]: [MySQL] 23,294 pass(es). View