Contrib.social

Make possible to keep core permission next to GRANT

Open on Drupal.org →
Created on 22 June 2022, over 2 years ago
Updated 30 September 2023, about 1 year ago

Problem/Motivation

Your module not only ALLOW download private files. It's RESTRICT permissions.
I've custom permission on some private file field. Without your module core allow to download.

Steps to reproduce

Without module: "user 1" can download a file.
With your module: "user 1" can't download the file.

Proposed resolution

I think we need a new option like: "Restrict Permission"

I suggest the next behaviour:

Without module: "user 1" can download a file.
With your module (Restrict Permission: false): "user 1" ALSO can download the file.
With your module (Restrict Permission: true): "user 1" can't download the file.

How: (function pfdp_file_download)

if($settings->get('restrict')){
return -1;
}
Feature request
Status

Closed: works as designed

Version

3.0

Component

Code

Created by

🇭🇺Hungary kecsot Hungary

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago
    🇮🇹Italy zanonmark

    Hi, and sorry for my late reply.

    Yes, PFDP by default prevents downloading.
    You must authorize what can be downloaded, item-by-item.
    As far as I can see, this is working as designed.

    But I think I'll give a deeper reading at Your message in the next days. It probably makes sense.

    Thanks,
    MZ

  • @kecsot opened merge request.
  • Comment over 1 year ago
    🇭🇺Hungary kecsot Hungary

    Thank you. I've created tests.

    Do not revoke permission if another module grants for any reason.
    I think PFDP should just grant more permission, but not remove any 3rd party permission.

  • Status changed to Postponed: needs info over 1 year ago
  • Comment over 1 year ago
    🇮🇹Italy zanonmark

    Hi,

    You say:
    "
    I think PFDP should just grant more permission, but not remove any 3rd party permission.
    "
    but this is exactly what an access module is for :)
    Whenever a private download is attempted, Drupal ask ALL of the modules to give their opinion: if any (1 is enough) module says "to me, this file should not be downloaded" the download operation is aborted.

    I think You could get what You're looking for by just enabling the "Bypass" option in PFDP for specific directories.
    This should make PFDP ignore any decision, thus letting others decide.

    Could You please try?

    Thanks,
    MZ

  • Status changed to Closed: works as designed about 1 year ago
  • Comment about 1 year ago
    🇮🇹Italy zanonmark

    Closing because of many months without an update.
    Feel free to reopen if the issue persists.

    Thanks,
    MZ

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024