Paid Request: Send me a PC with your estimated cost. I'm looking for a way to create a whitelist of domains that can always view attachments regardless of the visitors actual usergroup permissions. For example, if my site is on MainSite.com and a request comes from SecondarySite.com (they'd be viewing as a guest) then they can view attachments regardless of the permissions set up in the ACP for the guest usergroup. You can get as fancy as you'd like (eg: creating a new Options group in the ACP) or basic (eg: hard-coding the whitelisted domains in the listener) but the one limitation is that it must be done using an XF listener and not by hacking up any existing XF code. I know I need to be looking at extending the Attachment model but I'm just not seeing the full picture at the moment of how exactly to go about it.