metadatamanagement icon indicating copy to clipboard operation
metadatamanagement copied to clipboard

Published 20 hours ago verified publisher icon dzhw

Allow authenticated users to see hidden attachments

Open rreitmann opened this issue 5 years ago • 2 comments

~~Currently any attachment/file is marked as hidden, however the public user can still access it, if she comes with the right url. Simply returning a 404 or even better a 403 would hide it from the public user and from the authenticated user since we are offering plain links to the file which are accessed by the browser without the authentication header. We could set a cookie containing the authentication token...~~

rreitmann avatar Sep 11 '19 09:09 rreitmann

This is a leftover of #2278

rreitmann avatar Sep 11 '19 09:09 rreitmann

Currently any attachment/file is marked as hidden, and the public user cannot access it, if she comes with the url. However the authenticated user can also not access it since the authentication token is not sent via a cookie....

rreitmann avatar Sep 16 '19 09:09 rreitmann