Hi!

Currently Disknode only allows to set the download permission for anonymous users to either Yes or No for every disknode. There are files however that may not be seen by the public; the download link requires the exact filename, but that's about the only form of "security" there is, if you can even call it that way.

I would propose the following thing: there is a module called Taxonomy Access which allows for very fine-grained permissions in a straightforward way. Using this module, I can allow Pages or Stories to be available to the wide public or to one of the few groups I have created, using a set of vocabularies (in my case, one is called "Audience", another "Topic").

A Disknode would then allow TAC appear on top of the creation page. If OTOH files are attached to another kind of node, then Disknode would only allow downloads according to the access permissions by that very node.

I think this would be the easiest and quickest way to get true ACL support, in order to protect the files directory. Because currently I have a .htaccess in the files/ directory, which allows no access at all through the web except for queries from localhost.

Cheers, and thanks for this nice module called Disknode!

/Danai