We have an instance we we would like anonymous public traffic to freely view/browse the forums, but restrict the ability to download files to people who have accounts (required logged in). I looked through the settings and didn’t see anything alluding to such a capability. This is pretty common configuration/behavior for other forum solutions. wasn’t sure whether there is a philosophical driver for not having this type of functionality, or it just hasn’t come up yet.
Eric
+1 for this feature.
I don’t think there’s a philosophical reason to do this; we just implemented the easiest case first.
@zogstrip how hard would it be to add a site setting to prevent anons from downloading files?
We ended up creating a separate private sub-category for downloads.
That works well for us, but perhaps isn’t the best fit for everyone.
I’ve popped this in as a bug about a month ago, although it probably fits better as a feature request.
So in this use case, on’y authorized (which presumes authenticated) people can see topics for that sub category? did i get that right.
Yes, but as @lake54 wrote in Attachments available to any user with link those attachments are still accessible to people with the URL. So not foolproof in terms of limiting access to attachments.
FWIW, I am not especially enamored with forums that block access to content until you sign in and use teasers to get people to sign up. I guess I just don’t like to be teased. The private members-only goodies just never seem to be as good as I hope they would be.
Agreed. Our use case is pretty specific and it happens to work fine for us, but YMMV.
Not very hard 
https://github.com/discourse/discourse/commit/eb34ecfc0c2133ee977801774a5721d453b64443
Did you test this with an uploaded file that actually existed in the test environment? In my development environment, thin serves existing files in public/uploads/ without going through Rails, and I would imagine that most nginx’s and unicorns in production will behave the same way…
Also, this breaks the recommended way of customizing Discourse’s design by posting design assets as attachments in a staff thread; and any images embedded in posts render as broken/missing without an explanation or error message.
@zogstrip the site setting should mention this risk. I’ll try to edit it in.
Prevent anonymous users from downloading files. WARNING: this will prevent any site assets posted as attachments from working.
This topic was automatically closed after 24 hours. New replies are no longer allowed.
