I’m thinking of building a client extranet using WordPress. I will be using Members to create user groups for individual companies and assigning individual WordPress users to their respective companies.
I then also need to restrict access to media items – Word documents, PDF’s etc. These documents are very sensitive and MUST only accessible by users with the correct permission.
I’m planning on using a redirect as explained in this article – http://wordpress.stackexchange.com/questions/37144/how-to-protect-uploads-if-user-is-not-logged-in to stop direct access to the individual files and by adapting the dl-file.php script, I can check whether the logged in person is allowed access.
The difficulty I am having is finding a way of applying any kind of access level on a Media Attachment which can be checked. I wouldn’t have thought this would be too hard as effectively uploaded media creates a post in the wp_posts table so it should be feasible to add member_role_meta?
If the worst comes to the worst I guess I’ll write my own plugin for this but I just thought I’d check if anyone has any thoughts of achieving this with the Members plugin?
I intentionally disabled this behavior because too many users were confused between attachment (the post) and the media file itself.
I just opened a ticket to make this possible to enable though:
- You must be logged in to reply to this topic.