Closed (works as designed)
Project:
Drupal core
Version:
8.0.x-dev
Component:
image.module
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
22 Jul 2011 at 15:09 UTC
Updated:
29 Jul 2014 at 19:48 UTC
Image module calls hook_file_download() for the original image on initial generation of the derivative image.
image_style_deliver():
$headers = module_invoke_all('file_download', $image_uri);
Since its only calling for the headers to check access and there is no actual download of the original file, it would be nice if image module told us that so that we could create more elaborate file access setups while still allowing thumbnails of the image to be viewed.
Possible solution:
$headers = module_invoke_all('file_download', $image_uri, 'image style creation');
This would provide a way to handle access restrictions based on why the hook is being called. This could be expanded to a context array instead of just a request type then it could include the style thats being created also.
Comments
Comment #1
aaron commentedinteresting use case. seems a little heavy-handed, but i can't think of another approach right now. api changing, bumping to 8.x.
Comment #2
aaron commentednot sure your method would work, actually, because hook_file_download is already overloaded in at least one instance in core:
http://api.drupal.org/api/drupal/modules--file--file.module/function/fil...
"This function takes an extra parameter $field_type so that it may be re-used by other File-like modules, such as Image."
file_file_download($uri, $field_type = 'file')
Comment #3
recrit commentednote this also occurs in image_file_download() once the derivative is created.
I agree the proposed is a little heavy-handed and an api change / update is needed for better handling of private files. Perhaps a hook for "derivative access" instead of coupling the original and derivative.
The use case is quite common... see a smaller version of an image before buying it.
Comment #4
claudiu.cristeaIn D8 the new system is very flexible. You can extend existing classes to add your own access policy and decouple original access from derivative permissions.