We have an instance we we would like anonymous public traffic to freely view/browse the forums, but restrict the ability to download files to people who have accounts (required logged in). I looked through the settings and didn’t see anything alluding to such a capability. This is pretty common configuration/behavior for other forum solutions. wasn’t sure whether there is a philosophical driver for not having this type of functionality, or it just hasn’t come up yet.
FWIW, I am not especially enamored with forums that block access to content until you sign in and use teasers to get people to sign up. I guess I just don’t like to be teased. The private members-only goodies just never seem to be as good as I hope they would be.
Did you test this with an uploaded file that actually existed in the test environment? In my development environment, thin serves existing files in public/uploads/ without going through Rails, and I would imagine that most nginx’s and unicorns in production will behave the same way…
Also, this breaks the recommended way of customizing Discourse’s design by posting design assets as attachments in a staff thread; and any images embedded in posts render as broken/missing without an explanation or error message.