Member roles on Media Attachments?

  • Resolved the_lar

    (@the_lar)


    7 years, 12 months ago

    Hi,

    I’m thinking of building a client extranet using WordPress. I will be using Members to create user groups for individual companies and assigning individual WordPress users to their respective companies.

    I then also need to restrict access to media items – Word documents, PDF’s etc. These documents are very sensitive and MUST only accessible by users with the correct permission.

    I’m planning on using a redirect as explained in this article – https://wordpress.stackexchange.com/questions/37144/how-to-protect-uploads-if-user-is-not-logged-in to stop direct access to the individual files and by adapting the dl-file.php script, I can check whether the logged in person is allowed access.

    The difficulty I am having is finding a way of applying any kind of access level on a Media Attachment which can be checked. I wouldn’t have thought this would be too hard as effectively uploaded media creates a post in the wp_posts table so it should be feasible to add member_role_meta?

    If the worst comes to the worst I guess I’ll write my own plugin for this but I just thought I’d check if anyone has any thoughts of achieving this with the Members plugin?

    Many thanks
    Kevin

Viewing 5 replies - 1 through 5 (of 5 total)

  • I intentionally disabled this behavior because too many users were confused between attachment (the post) and the media file itself.

    I just opened a ticket to make this possible to enable though:
    https://github.com/justintadlock/members/issues/120

    Justin,

    Can you explain more about how this works (or point me to relevant documentation)? Do I just remove the override rule from add_meta_boxes() to enable this? Would I then load these media files to the media library and would they be inaccessible by those not authorised? Once the media file is protected, where/how is it stored? Can I specify the path? Is it also protected from people accessing it directly via the URL? Thanks.

    If/When the above-linked ticket is fixed, you’d need to simply add the filter to enable it. This will block media post content.

    However, you’d need to build a custom plugin to handle hiding the attached media file.

    Ah, thanks. It’s the media files themselves that’s the problem. Wouldn’t have the knowledge to build my own plug-in for that!

    Subscribing…

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Member roles on Media Attachments?’ is closed to new replies.