I’m thinking of building a client extranet using WordPress. I will be using Members to create user groups for individual companies and assigning individual WordPress users to their respective companies.
I then also need to restrict access to media items – Word documents, PDF’s etc. These documents are very sensitive and MUST only accessible by users with the correct permission.
I’m planning on using a redirect as explained in this article – http://wordpress.stackexchange.com/questions/37144/how-to-protect-uploads-if-user-is-not-logged-in to stop direct access to the individual files and by adapting the dl-file.php script, I can check whether the logged in person is allowed access.
The difficulty I am having is finding a way of applying any kind of access level on a Media Attachment which can be checked. I wouldn’t have thought this would be too hard as effectively uploaded media creates a post in the wp_posts table so it should be feasible to add member_role_meta?
If the worst comes to the worst I guess I’ll write my own plugin for this but I just thought I’d check if anyone has any thoughts of achieving this with the Members plugin?
I intentionally disabled this behavior because too many users were confused between attachment (the post) and the media file itself.
I just opened a ticket to make this possible to enable though:
Can you explain more about how this works (or point me to relevant documentation)? Do I just remove the override rule from add_meta_boxes() to enable this? Would I then load these media files to the media library and would they be inaccessible by those not authorised? Once the media file is protected, where/how is it stored? Can I specify the path? Is it also protected from people accessing it directly via the URL? Thanks.
If/When the above-linked ticket is fixed, you’d need to simply add the filter to enable it. This will block media post content.
However, you’d need to build a custom plugin to handle hiding the attached media file.
- You must be logged in to reply to this topic.