Search code examples
phpelgg

Modify view uploaded file access in Elgg

Admins/logged-in-users are able to set the current access control when they upload a file. Three types of access are: public, private and logged-in-users:

  • public: files uploaded can be viewed and accessed by users who are not logged in

  • private: no one will be able to view the files uploaded except for user and admin

  • logged-in-users: only logged in users and admins are able to view and access the uploaded file.

Functionality

Files that are uploaded can be viewed and accessed in regards to the access control set by the user.

Hence, when a public user(not logged into account) can view and access the uploaded file which access setting has been set to public, but will not be able to see the files which control access setting has been set to either 'private' or 'logged in user'.

Task

What I would like to do is to change the control access, such that public users (not logged into account), cannot view or access the uploaded file. Hence, even if the user has set the control access setting to public, non-logged in user cannot view and access that uploaded file, therefore, all the public user can see is an empty list.

Therefore, I would like to ask is should I be changing the Elgg framework within the directory /Elgg/views/default/output/access.php to achieve the desired outcome or can I change it within the view of the plugin mod: Elgg/mod/plugin/views/default/object?

Solution

  • Elgg is designed to be plugin-centric, so the proper approach is to create your custom plugin that will override elements you need from core and 3rd party plugins alike. We explain motivation here: http://learn.elgg.org/en/1.12/guides/dont-modify-core.html

    What I understand, you wan't to force files to be restricted to logged-in users or more. There is an access level for that already, you just need to enforce it.

    We need to change two elements:

    1. file saving displayed edit form to not display unwanted access levels
    2. file saving action to reject unwanted access value

    Ad. 1 You could override the view forms/file/uploads and replace call to input/access with custom version that filters unwanted values. It's better than altering input/access view that's used all over the place.

    Ad. 2 You can either override whole file/upload action (which is nasty due to copying ton of logic) or just use plugin hook that will do additional control. Here you have the hook that allows you to break action when you detect invalid input value: http://learn.elgg.org/en/1.12/guides/hooks-list.html#action-hooks