As designed Album Permissions "Owner Only" doesn't work for videos

51463

51463

Well-known member
I made a Secret Album and uploaded a video and image to it, with permissions set to:

View media in album: Owner Only
Add media to album: Owner Only

upload_2015-8-22_20-37-15.webp


But when i logout as a guest or sign in with a test account, and i access the image using the right click get url.
i get this message:

You do not have permission to view media within this album.


But when i visit the video. I am able to access and view it.

The image link looks like this:
Code: 
http://testforum.com/media/tulips.146/full?d=1440290115

The video link looks like this
Code: 
http://testforum.com/data/xengallery_videos/0/166-a3ac7ddabb263c2d00b73e8177d15c8d.mp4


Captur1e.webp



So members can be sneaky and give someone else the video file link and secretly watch it.



thanks,
 
This is to be expected, unfortunately.

The video URL points directly at the file on the file system and there is no way to programmatically prevent that from being accessed. The image link is actually pointing at XF code where we can control its privacy with code and provide error messages if necessary.

FWIW in this sense the video URLs work in the same way as thumbnails. Thumbnails aren't privacy controlled either. You can share the URL of a thumbnail and everyone can see it regardless of the permissions or privacy on the album/media.

In case you're wondering, there's technical reasons why this needs to be like this. There seems to be difficulty with most browsers actually serving the video unless the file is referenced directly.
 
I would also note that you'll find most other services work like this (like Facebook). If someone can view the content, it's trivial for them to share it anyway, so it's generally not worth a significant trade off to prevent this.
 
But it matters when the only people allowed to view videos are Premium Members,

So if they share the secret link on another forum, then everyone will watch it without paying


There must be a way... Because there is lots of websites online that require you to be a Premium member to view videos. And you can't view the videos unless you have permission, There is no secret link straight to the video.


I guess i'll have to hire a developer to fix the permissions bug.

When theres a will, theres a way
 

Similar threads

Kangy
  • Question Question
MG 2.0 Adjust album permissions and rating
Replies
4
Views
589
Kangy
Kangy
Divvens
  • Question Question
Disallow "Owner Only" View Permissions For Gallery
Replies
6
Views
1K
Divvens
Divvens
Back
Top Bottom