Setting/Ability to Require account to download files


(Eric Schleicher) #1

We have an instance we we would like anonymous public traffic to freely view/browse the forums, but restrict the ability to download files to people who have accounts (required logged in). I looked through the settings and didn’t see anything alluding to such a capability. This is pretty common configuration/behavior for other forum solutions. wasn’t sure whether there is a philosophical driver for not having this type of functionality, or it just hasn’t come up yet.

Eric

+1 for this feature.


(Robin Ward) #2

I don’t think there’s a philosophical reason to do this; we just implemented the easiest case first.

@zogstrip how hard would it be to add a site setting to prevent anons from downloading files?


(Dave McClure) #3

We ended up creating a separate private sub-category for downloads.

That works well for us, but perhaps isn’t the best fit for everyone.


(James Milligan) #4

I’ve popped this in as a bug about a month ago, although it probably fits better as a feature request.


(Eric Schleicher) #5

So in this use case, on’y authorized (which presumes authenticated) people can see topics for that sub category? did i get that right.


(Dave McClure) #6

yeah, authenticated users are trust_level_0.

We have it set like so:


(Tobias Eigen) #7

Yes, but as @lake54 wrote in Attachments available to any user with link those attachments are still accessible to people with the URL. So not foolproof in terms of limiting access to attachments.

FWIW, I am not especially enamored with forums that block access to content until you sign in and use teasers to get people to sign up. I guess I just don’t like to be teased. The private members-only goodies just never seem to be as good as I hope they would be.


(Dave McClure) #8

Agreed. Our use case is pretty specific and it happens to work fine for us, but YMMV.


(Régis Hanol) #9

Not very hard :wink:

https://github.com/discourse/discourse/commit/eb34ecfc0c2133ee977801774a5721d453b64443


(Jens Maier) #10

Did you test this with an uploaded file that actually existed in the test environment? In my development environment, thin serves existing files in public/uploads/ without going through Rails, and I would imagine that most nginx’s and unicorns in production will behave the same way…

Also, this breaks the recommended way of customizing Discourse’s design by posting design assets as attachments in a staff thread; and any images embedded in posts render as broken/missing without an explanation or error message.


(Jeff Atwood) #11

@zogstrip the site setting should mention this risk. I’ll try to edit it in.

Prevent anonymous users from downloading files. WARNING: this will prevent any site assets posted as attachments from working.


(Régis Hanol) #12

This topic was automatically closed after 24 hours. New replies are no longer allowed.