php - Modify view uploaded file access in Elgg
Get the solution ↓↓↓Solution:
Elgg is designed to be plugin-centric, so the proper approach is to create your custom plugin that will override elements you need from core and 3rd party plugins alike. We explain motivation here: http://learn.elgg.org/en/1.12/guides/dont-modify-core.html
What I understand, you wan't to force files to be restricted to logged-in users or more. There is an access level for that already, you just need to enforce it.
We need to change two elements:
- file saving displayed edit form to not display unwanted access levels
- file saving action to reject unwanted access value
Ad. 1 You could override the viewforms/file/uploads
and replace call toinput/access
with custom version that filters unwanted values. It's better than alteringinput/access
view that's used all over the place.
Ad. 2 You can either override wholefile/upload
action (which is nasty due to copying ton of logic) or just use plugin hook that will do additional control. Here you have the hook that allows you to break action when you detect invalid input value: http://learn.elgg.org/en/1.12/guides/hooks-list.html#action-hooks
Answer
Solution:
As stated by Paweł Sroka, it is highly unadvisable to modify the main Elgg core framework. Hence, the proper approach is to either create a plugin or to modify the existing plugin.
Hence, as mentioned in the question, the main task is to prevent any non-login user from having the access to view and access the listed items. Therefore, what I have done is to implement 'gatekeeper()'
gatekeeper() -> function to allow user to manage how code gets executed by applying access control rules. Furthermore, when applied, it will forward non-login user to front page thus protecting the content of the restricted page from being viewed.
Finally, 'gatekeeper()' is implemented within the following directory prior to my question: elgg/mod/plugin/pages/plugin/all.php
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: to enable extensions, verify that they are enabled in your .ini files
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.