20 Jan, 2008

Drupal's Private Organic Groups and file attacments

Anybody used og module for Drupal knows what powerfully features this modules give users - ability to organize themselves in public groups, private groups... Private groups gives your Drupal users opportunity to share content only accessible to other group members. BUT user will be maybe tempted to think that file attachments to private group nodes are also private, and that is off course very wrong. Drupal stores files in to publicly available 'files' folder. Every node file attachment is available with next url http://drupalsite/files/somefile.txt. So although content of og private node is really private, attachments for that node are not.

Setting Drupal to use private file system would solve this issue, but also would create many problems. And use or galleries with lots of pictures on private file system have big impact on performance - because every request for picture goes through complete Drupal bootstrap process.

The right solution would be to use modules like private_upload or og_files and setting protected folders for that kind of files with .htaccess files.

For more info about this problem read here.

ivica's blog

Comments

michael hofmockel (not verified)

13 Oct, 2009

Not quite right. No need for other modules.

Actually, this is not all together informed. If you deploy any "private groups" your files directory should be located outside the webroot. You would of course have to change the files serving type to "private".

If you allow "private groups" don't put files in:
/var/www/OG_drupal/sites/default/files

Put your files out side the web root:
code - /var/www/OG_drupal
files - /var/www/OG_files

Anonymous (not verified)

18 May, 2011

not really right either

as you can't revert the location of the file should you open up the group :( Its best to give members of a group specific permissions to download files from the private download module on a basis of whether they are a member - og users roles would do that

Post new comment

Your name:

E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

Subject:

Comment: *

Web page addresses and e-mail addresses turn into links automatically.
Internal paths in single or double quotes, written as "internal:node/99", for example, are replaced with the appropriate absolute URL or path. Paths to files in single or double quotes, written as "files:somefile.ext", for example, are replaced with the appropriate URL that can be used to download the file.
Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><br><p>
Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA

This question is for testing whether you are a human visitor and to prevent automated spam submissions.

What code is in the image?: *

Enter the characters shown in the image.

Contact

MontenaSoft e.U.

Erne Seder Gasse 8/3/403
A-1030 Vienna, Austria

office@montenasoft.com
www.montenasoft.com

tel: +43 (0) 699 19084898
fax: +43 (0) 1 91 6789 5