Files/Download Manager For Discourse

If there’s a way to prune duplicate files or files that aren’t linked, then a media library is just fluff. At least to me.

1 Like

Uploads are identified by a content hash, so the same file is never stored twice; and yes, unlinked uploads are moved to a tombstone area roughly 1 hour after becoming unlinked and are erased from disk a month later. :smile:


Now, to be fair. The only reason I can see this as something useful is to handle downloads. Like a download manager to pass and handle permissions per file. But plugin territory. It would be useful no doubt for communities that are based on files, such as lots of photos, or videos, ect.

A ‘Media Library’ has words that imply something less than utilitarian. As @elberet already mentioned, the clean-up is done automatically. Other than just seeing what’s there (which I am guessing can be done with FTP, maybe?), I don’t personally see a big use for it across a large amount of instances.

1 Like

Per-file permissions would be a completely new feature for Discourse and require a lot more work before the UI becomes relevant. Not that such permissions wouldn’t be welcome… right now, if you are logged in and know a file’s URL, you can download the file even if it was posted in a restricted category that you cannot access or in a direct message. :confused:

1 Like

Yeah, that’s a bit of a problem. That would rely on users or staff being honest and not sharing links. But that’s one iota better than having the link exposed everywhere (which can be fixed via hotlink protection).

Or hey. Maybe you can USE hotlink protection for this? I haven’t set up my dev environment yet so apologies on any ignorance I may show of the codebase and what’s under the hood, so to speak. Are images separated by categories and placed in appropriately-named folders? Or is it one big image dump in one folder for the entire instance? Maybe hotlink-protect the folders to only allow inline viewing within a specific category?

1 Like

Uploads do not have source information associated with them, the only protection available is “prevent anons from downloading files”. And being told “you must sign in to download this file” is one of the most annoying things about traditional PHP forums.

Adding category source information to uploads is problematic - what if you uploaded something in Staff then want to re-share it publicly? What if you want to take it back? You’d have your hands full trying to fully specify the behavior here.

UPDATE: Secure Media Uploads

1 Like

I know. And I agree with everything you said. One has to set priorities. Which circumstances are the lesser of two evils. I’d rather a member get a hold of a file from a restricted category or direct message rather than a complete stranger who I have absolutely no control over.

1 Like

I think we can management uploaded medias whit simple plugin

this is wp media library management

Annoying why? Because it forces you to log in (or register)? IMHO that’s a good way to get a lurker to sign up.

Not really, if they sign up to get that file and never come back. I have done that many times (when forced to) and never, ever wanted to actually participate.

I don’t see the point of creating a bunch of orphan accounts. If you want to drive participation, forcing signup just to download a file is not the way.


…in your opinion. I have no problem with opinionated software, but protecting media / downloads from casual downloading seems to be a very basic requirement. And at least with an orphan account I’d have some validated information about the person (IP address, validated email address)

I know you’re trying to be different, and there’s nothing wrong with that. But content protection is important.

Just as user list protection was important. I recently ran into a case with a client - he ran a Facebook group, and some nutjob cut and pasted screenshots of his member list with derogatory and slanderous claims about them. (Yes, I have some strange clients and friends)

That may seem irrelevant to this particular thread, but the very next day after dealing with takedown notices, he downloaded a picture from the group and turned it into one of those “motivational/meme” posters, and distributed it again to his group. Another round of takedown notices ensued.

Content Protection is important. There be **'d up people out there. Whatever can be done to minimize their ability to get content from a forum, the better.

1 Like

That’s a great way to get me to hit Ctrl-W and google for another source… :neutral_face:


The concept I brought up originally wasn’t about strangers signing up and signing in to download, but for users already signed-in not able to see files intended for restricted categories or direct messages they have no regular access to.

But I agree with @codinghorror and @elberet on forcing sign-ups to download content. I’ve done it, they’ve done it, others have too: we will make a dummy account and leave once we get the download we wanted, or simply look for it elsewhere. I’ve even used fake spam-catching email addresses to do that then offer the account as a share account so others don’t have to make their own dummy accounts. That is why bugmenot exists.

Except my original concern: regular users accessing restricted, private (direct message) or staff-only content (files) IF they have a direct link and are logged in.

1 Like

I think that your best bet for that is to host the files somewhere with access control, ACLs and stuff. Google Docs/Drive is a good example of that.


Hmm. Or possibly OwnCloud. At least an idea to explore!


any new idea for media/file manager ??

My «Restrict Files» plugin solves the problem of access control to forum digital content (downloads).
The forum owner can grant the download permissions only to a particular forum groups / or to users with specified trust level and withdraw download permissions from other groups / users.
An example of restricted file:
You can not download it neither anonymously nor by just registering on the forum.
You must be a member of permitted user group to download the file.
You can test it yourself:
A test account without download permissions: login: test_bob, password: 123456
A test account with download permissions: login: test_john, password: 654321
A file is always permitted to be downloaded by its uploader.

I love this example provided here.

I’m wondering about something with uploaded images.

I often upload an image and then change my mind… delete the image, and maybe upload a different one.

I’m assuming that unused uploaded files, like that, are still stored on my instance somewhere.

Is there some kind of auto-remove feature that removes a file that’s not actually displayed somewhere or attached to any topics? I’m assuming not.

It would be helpful to see a list of the files being used on our instance, like the example @tobiaseigen gave, but also see where the asset is used/displayed… or that it’s NOT being used displayed.

Perhaps this is such an uncommon use case that it wouldn’t be worth developing a feature like this. 2mb doesn’t make a huge diff in storage… but if there’s a lot of this happening, in a big forum, over time… maybe it becomes more of a concern ¯_(ツ)_/¯

Update: This feature has been implemented.


Yes, files that are not present in any non-deleted post are “tombstoned” after (7?) days and deleted after another (14?) days.