Image upload permissions

roguemat · 2017-03-07 14:48:59 UTC

We’re running a closed invite-only forum, and have just noticed that uploaded images are accessible without logging in.
Also, files uploaded to categories with limited view permissions, are also viewable by everyone.

I’ve checked the “prevent anons from downloading files” but it doesn’t seem to do anything.

Help?

Falco · 2017-03-07 15:27:43 UTC

Are you on latest? I remember some recent changes around this.

roguemat · 2017-03-07 16:02:22 UTC

v1.8.0.beta5 +106 with a smiley face

codinghorror · 2017-03-07 23:41:47 UTC

Are you using a CDN?

roguemat · 2017-03-17 13:53:00 UTC

Sorry, forgot to respond.
No.

codinghorror · 2017-03-17 21:03:38 UTC

Hmm, not sure, this setting should work. Any ideas @zogstrip?

zogstrip · 2017-03-17 21:05:46 UTC

That setting is only for attachments though. Only attachments hit the rails app. Images are directly served by NGINX.

codinghorror · 2017-03-17 22:50:40 UTC

Ah so the title of this topic is wrong, it is not about file upload permissions, it is image permissions. Bad title, I will fix.

For the record

files = file attachments
images = images, pictures

very different things…

tgxworld · 2017-03-17 23:35:46 UTC

Probably a duplicate of

roguemat · 2017-03-20 08:15:22 UTC

Yeah, you’re right, sorry. But it also shows that to an average user the wording is confusing, as is the behavior difference between uploading a file and image.

@tgxworld, yup, thanks!