Drupal 7 Private Files Module
I've put together this module to extend Drupal's functionality giving a truly private file system. Currently, Drupal will let you choose to store your uploaded files using the public or private file system however, even if you chose private it is still possible to browse to these files with a URL. I've come across a few situations where I've had files which should only be viewable by logged in users (e.g. user pics). In other situations I've needed to make sure certain files are only viewable by the user that uploaded them.
Private Files Module lets you do all this without breaking a sweat.
Using the module
- Install Private Files module from module list.
- Setup user permissions at admin/people/permissions
- Choose security type for each folder at admin/config/media/private-files
Let me know what you think.
File Attachment:
From the Labs
-
| 26 Nov
-
| 08 Nov
-
| 24 May
-
| 30 Apr
-
| 11 Dec
From The Portfolio
Comments
With the very limited testing
With the very limited testing that I've done this seems to do exactly what I want, which is to restrict private files to logged-in users (at this point I have no need to restrict access to the user who uploaded the file so I haven't tested that function).
Thanks! This was a showstopper and I was in the early stages of planning a switch away from Drupal.
fantastic... glad to hear it
fantastic... glad to hear it helped you.
I'm looking for ideas on how
I'm looking for ideas on how to improve the module. Would appreciate any feedback you can provide!
Have you uploading this as a
Have you uploading this as a module at drupal.org?
Hi Marshall - I haven't yet.
Hi Marshall - I haven't yet. I still haven't taken the time to figure out GIT yet, but I'm working on it.
Yeah, this module is magical.
Yeah, this module is magical. If I had known about it, I could have saved myself 2 days of trying to get Drupal to see a folder outside of the site root. Media Temple hates me. I hope you're able to get this up soon and thanks.
Nice work, and so simple. Why
Nice work, and so simple. Why not share this code at drupal.org?
Sutharsan - glad you like it.
Sutharsan - glad you like it. As I mentioned in a comment above... I'm still trying to figure out GIT well enough to add a module onto Drupal.org. I'll get there eventually ;-)
Totally off topic, but I
Totally off topic, but I recommend the book 'Pragmatic Version Control Using Git'. It helped me a lot. Wrapping my head around the branches and the workflow was the toughest thing to do.
awesome! thanks for the tip.
awesome! thanks for the tip.
I hate to ruin a party, but
I hate to ruin a party, but after long struggling, debugging and testing with various access control modules in combination with private files I came to the conclusion that this module is not needed to block access to private files which are uploaded via an image field on an access restricted node. This images are not loaded as part of the restricted node, but also not accessible via the (example.com/system/...) url. It did not work at first, the access to the node was restricted but the file access was permitted (using TAC Lite). But when I started over again with TAC Lite it worked as advertised. Also with the Node Privacy by Role module. Can't explain why it did not work in the first place but my use case for this Private Files module is no longer there.
Thanks any way for the effort of writing the code and sharing it.
Hey - Not sure I 100%
Hey - Not sure I 100% understand your scenario but I'm glad you made it work without the module... a simpler solution with less code is almost always a good thing.
I had the same thing going.
I had the same thing going. All my files were private on my MAMP installation of a site. Then, when I moved to a staging server the file privacy stopped working and the only way I could get it back while not totally re-doing my file structure was to use this module.
Hi Erik, it may solve that
Hi Erik, it may solve that particular use case but if you're using CKEditor a good private directory control module is much needed.
Hi there,
Hi there,
I do not see anything at the admin config area:
admin/config/media/private-files
the overlay pops up but there is nothing there.
Any explanation?
many thanks,
Renaee.
Did you enable the private
Did you enable the private file system?
And are there any subfolders into the main private root directory?
If not then nothing can be displayed.
I'll explain my scenario: A
I'll explain my scenario: A node with an image field. Access to the node is controlled with TAC Lite. The image is stored in the private file system.
I expected the image to have the same access restrictions as the node. Thus the URL of the image to give a 403 for the same roles as the node does.
I think my problem was fixed by the latest security release of Drupal. It worked as expected after upgrade to 7.2. See http://drupal.org/node/1168756
Thank you for this module!
Thank you for this module! Needed to restrict access to a filefield file – fieldpermissions don't worked.
But since drupal 7 is able to deal with private and public files at the same time, perhaps the "file_default_scheme() == 'public'" isn't needed. I've removed it and it's working like expected for the private files.
Perhaps this module can extend fieldpermissions? You should release it on drupal.org, it's a gem.
This is great - I've been
This is great - I've been looking for a solution to this problem for literally months now but have only just come across your page.
I've tested the module out and it seems to work OK. Perhaps lacking a bit of contextual info in terms of UI, but it's so straight forward that it is still perfectly usable without.
My one question is this: If I set a folder to only allow access to authenticated users, and an anonymous user accesses the direct URL of a file within that directory they are presented with an access denied page - My site is configured such that this page also has a log in form on it. If the user then logs in, they are instantly able to download the file, but they're left on the 'access denied' page. Do you know if there is a relatively simple way to redirect the user once they login, so that they are taken to the node page of the the node to which the file has been uploaded, as well as /or instead of just downloading the file? In your hook_file_download is see that you find out which folder is being requested, but the return values for this function don't allow for this sort of functionality. I wonder if there's a way to back trace this directory to the corresponding node? Totally outside of the scope of this module, I'll admit, but I just thought I'd try and pick your brains!
Hey - not sure about the
Hey - not sure about the redirect thing. There used to be a module called Login Toboggan that did that. Might be worth a quick look on drupal.org for it.
Hi, thanks for sharing this!
Hi, thanks for sharing this! I think this functionality should have been in Drupal core. Because it is so trivial, any module should be well-configurable so that (almost) all situations could be solved with it.
Your problem is handy, but it lacks good configuration right now. Right now, this module is not usable for me yet. I have configured CKEditor to have a private folder for every individual user. This creates directories in de private folder named with the user id (for example '456'). By default, new folders accessible by your module and though it is possible to change the settings of existing folders, I want to specify a 'default' setting for new folders. It would be best to specify that only directories with digits are accessible by people who can read ckeditor content.
I think it would be better if you could specify regular expressions to match paths within the private folder. You should be able to sort these rules, such that you can specify which reg exp is more important that the other. This would make the module better configurable.
Per reg exp you should be able to configure:
- if owner users should be able to see at (checkbox)
- the permission that the user should 'own' to view this file
(users should be able to create new permissions dynamically)
Do you have a problem with me changing your module to make it configurable like above, when I have time for it? I kind of need this quite quickly so prefer to create it myself.
Hey - I have no problem with
Hey - I have no problem with you modifying the module... let me know if you have any questions.
First of all: congrats for
First of all: congrats for that excellent work !!!
Currently with D7.9, D7.7 works, I don´t see the options for the folders on the admin-page. Maybe this is caused due to another module?
Everything perfect, it was
Everything perfect, it was just a setup mistake to an new empty private folder. SORRY.
glad you got it figured out!
glad you got it figured out!
Someone set up this project
Someone set up this project based on your work:
http://drupal.org/project/private_files_download_permission
Maybe this is an issue having
Maybe this is an issue having a look at.
For a music site I wanted to use the private file system and the media audio field with the WordPress Audio Player and protect the audio files with your module.
But when I restrict access to the folder for logged in users the player is not able to play the files anymore. Instead the player says "file not found".
Maybe a solution is to use the jPlayer which has an admin option to protect the audio files. But yet I did not try it because of some bugs.
The site with the player is here: http://www.luvliterecordings.com
This was exactly what I
This was exactly what I needed in a crunch. You saved me loads of headaches and time. Thanks!
Hello!
Hello!
Please make a redirect to the login page when a unregistered user tries to download the file!
Thank you!
Hello. Thanks for module!
Hello. Thanks for module!
There are some fix was needed for me. My default file scheme is 'public', but I use some 'private' file fields. So there is no need to check my default file scheme.
if(file_default_scheme() == 'public') { - not needed
Add new comment