This repository was archived by the owner on Aug 13, 2022. It is now read-only.
Permit access to uploads individually #3
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
On our web server we have serveral news articles with attached uploads. But some of the uploads shall only be visible to users logged in while other uploads shall be publically visible.
The permission schema 'Module:Item ID:Upload ID' seems to fulfull this by addressing the upload IDs. But this does noc work.
In MediaAttach_userapi_getalluploads() a permission filter is passed to DBUtil::selectExpandedObjectArray(). But additionally general read permission to all MediaAttach items and uploads is checked at the beginning of the funktion. With this check the permission filter will have no effect.
I removed the permission check at the beginning of the function. Now it is possible to deny access to individual uploads and afterwards allow access to al uploads of an item.
Example:
MediaAttach:: | News:146:(389|390) | NONE
MediaAttach:: | News:146: | READ
The text was updated successfully, but these errors were encountered: