File access for not logged in people - Moodle 3.10

File access for not logged in people - Moodle 3.10

by Dave Emsley -
Number of replies: 1

Hi there,

I'm trying to produce a system that allows a registered user to email a link so that a prospective employer etc can see their "profile" on the moodle site.  I'm fine with the Moodle certificates but my block currently allows students to upload external certificates as PDFs.

When the student views their own external certificates they can see them but giving the same URL to someone else that person cannot see the files. 

For example - I can see www.moodlesite.com/pluginfile.php/2/block_cpd/attachments/0/BlankPDFFile.pdf

However when the same URL is sent to a fellow student or an employer with no Moodle access they get the error message:  "Sorry, the requested file could not be found".

  • Is this a permissions issue? 
  • Or is it an issue with the way I'm doing the file handling?

Many Thanks

Dave


Average of ratings: -
In reply to Dave Emsley

Re: File access for not logged in people - Moodle 3.10

by Davo Smith -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
I think your problem may well be here: https://github.com/moodle/moodle/blob/18aafd0ed4d89447cf7a6ac54c8aa7b710299563/lib/filelib.php#L5001

If the context is CONTEXT_BLOCK, then there are checks in place to make sure the user is logged in (if the block is in the context of a course, or if $CFG->forcelogin is set), then a check to see if the user has capability 'moodle/block:view' in the context.

If the context is not CONTEXT_BLOCK, then it is entirely up to your block_cpd_pluginfile() function to determine if the user has permission to see the file or not (so that can include granting every request for files in the 'attachments' file area, if you so wish).
Average of ratings: Useful (1)