Give Explicit Attachment Viewing Permissions?


Well-known member
Okay... I have my XenPorta mod:

I also have attachments, that are viewable by registered users. Attachments are NOT viewable by unregistered/unverified users. I would like to keep attachments not viewable by unregistered/unverified.

However, on the portal, and only the portal, I want to explicitly give attachment viewing permissions to everyone. So that if I use the ATTACH bbcode to embed an attached image to an item, that attachment is viewable by everyone who views the portal page, even if they aren't logged in,
I haven't looked closely at the code behind it; but I don't think it's a trivial task. The attachments are viewed and embedded using this url format: /attachments/ When you access an attachment, the controller doesn't know from where it was embedded or accessed. So it's a bit hard to selectively grant permissions that way.

When accessing an attachment, you can fetch the posts displayed on your portal and the associated attachments. Then do a check if the attachment being accessed is in your list. But then, I don't think it's a good idea to have such a huge performance overhead.
Top Bottom