The Labs

With the very limited testing that I've done this seems to do exactly what I want, which is to restrict private files to logged-in users (at this point I have no need to restrict access to the user who uploaded the file so I haven't tested that function).

Thanks! This was a showstopper and I was in the early stages of planning a switch away from Drupal.

Have you uploading this as a module at drupal.org?

Nice work, and so simple. Why not share this code at drupal.org?

I hate to ruin a party, but after long struggling, debugging and testing with various access control modules in combination with private files I came to the conclusion that this module is not needed to block access to private files which are uploaded via an image field on an access restricted node. This images are not loaded as part of the restricted node, but also not accessible via the (example.com/system/...) url. It did not work at first, the access to the node was restricted but the file access was permitted (using TAC Lite). But when I started over again with TAC Lite it worked as advertised. Also with the Node Privacy by Role module. Can't explain why it did not work in the first place but my use case for this Private Files module is no longer there.
Thanks any way for the effort of writing the code and sharing it.

Hi there,
I do not see anything at the admin config area:
admin/config/media/private-files

the overlay pops up but there is nothing there.

Any explanation?
many thanks,
Renaee.

I'll explain my scenario: A node with an image field. Access to the node is controlled with TAC Lite. The image is stored in the private file system.

I expected the image to have the same access restrictions as the node. Thus the URL of the image to give a 403 for the same roles as the node does.

I think my problem was fixed by the latest security release of Drupal. It worked as expected after upgrade to 7.2. See http://drupal.org/node/1168756

Thank you for this module! Needed to restrict access to a filefield file – fieldpermissions don't worked.
But since drupal 7 is able to deal with private and public files at the same time, perhaps the "file_default_scheme() == 'public'" isn't needed. I've removed it and it's working like expected for the private files.
Perhaps this module can extend fieldpermissions? You should release it on drupal.org, it's a gem.

This is great - I've been looking for a solution to this problem for literally months now but have only just come across your page.
I've tested the module out and it seems to work OK. Perhaps lacking a bit of contextual info in terms of UI, but it's so straight forward that it is still perfectly usable without.

My one question is this: If I set a folder to only allow access to authenticated users, and an anonymous user accesses the direct URL of a file within that directory they are presented with an access denied page - My site is configured such that this page also has a log in form on it. If the user then logs in, they are instantly able to download the file, but they're left on the 'access denied' page. Do you know if there is a relatively simple way to redirect the user once they login, so that they are taken to the node page of the the node to which the file has been uploaded, as well as /or instead of just downloading the file? In your hook_file_download is see that you find out which folder is being requested, but the return values for this function don't allow for this sort of functionality. I wonder if there's a way to back trace this directory to the corresponding node? Totally outside of the scope of this module, I'll admit, but I just thought I'd try and pick your brains!

Hi, thanks for sharing this! I think this functionality should have been in Drupal core. Because it is so trivial, any module should be well-configurable so that (almost) all situations could be solved with it.

Your problem is handy, but it lacks good configuration right now. Right now, this module is not usable for me yet. I have configured CKEditor to have a private folder for every individual user. This creates directories in de private folder named with the user id (for example '456'). By default, new folders accessible by your module and though it is possible to change the settings of existing folders, I want to specify a 'default' setting for new folders. It would be best to specify that only directories with digits are accessible by people who can read ckeditor content.

I think it would be better if you could specify regular expressions to match paths within the private folder. You should be able to sort these rules, such that you can specify which reg exp is more important that the other. This would make the module better configurable.

Per reg exp you should be able to configure:
- if owner users should be able to see at (checkbox)
- the permission that the user should 'own' to view this file
(users should be able to create new permissions dynamically)

Do you have a problem with me changing your module to make it configurable like above, when I have time for it? I kind of need this quite quickly so prefer to create it myself.

First of all: congrats for that excellent work !!!

Currently with D7.9, D7.7 works, I don´t see the options for the folders on the admin-page. Maybe this is caused due to another module?

Everything perfect, it was just a setup mistake to an new empty private folder. SORRY.

Someone set up this project based on your work:
http://drupal.org/project/private_files_download_permission

Maybe this is an issue having a look at.

For a music site I wanted to use the private file system and the media audio field with the WordPress Audio Player and protect the audio files with your module.

But when I restrict access to the folder for logged in users the player is not able to play the files anymore. Instead the player says "file not found".

Maybe a solution is to use the jPlayer which has an admin option to protect the audio files. But yet I did not try it because of some bugs.

The site with the player is here: http://www.luvliterecordings.com

This was exactly what I needed in a crunch. You saved me loads of headaches and time. Thanks!

Hello!
Please make a redirect to the login page when a unregistered user tries to download the file!

Thank you!

Hello. Thanks for module!
There are some fix was needed for me. My default file scheme is 'public', but I use some 'private' file fields. So there is no need to check my default file scheme.
if(file_default_scheme() == 'public') { - not needed

Thank you fro this module. Does it work with lighttpd?

Heres the error i get when trying to create a subfolder " You need to enable the private file system before you setup this module."