There are 2 ways of exposing uploaded file content:
- insecure - location of uploaded file on server is exposed in the url
- secure - only upload filename is exposed, but
OnViewFileevent is used to check access permissions to that file
By default insecure mode is used, because usually information, that is uploaded by users should be accessible to other users as well. However in some cases secure mode is preferred. Here is how both mode can be set from a unit config:
'Fields' => array(
// secure
'FieldName' => array('type' => 'string', 'direct_links' => false, 'default' => ''),
// insecure (default, when 'direct_links' no specified)
'FieldName' => array('type' => 'string', 'direct_links' => true, 'default' => ''),
),
Problem with secure mode is in fact, that developer can't change the way how link to a file is build and this code is hardcoded in kUploadFormatter class:
upload_formatter.php
$url_params = Array (
'no_amp' => 1, 'pass' => 'm,'.$object->Prefix,
$object->Prefix . '_event' => 'OnViewFile',
'file' => rawurlencode($value), 'field' => $field_name
);
return $this->Application->HREF('', '', $url_params);
Need to ponder on how we can extract this logic and move it into more appropriate place, like EventHandler class.