Security deeplinks are working! :((

Permalink 18 17 Browser Info Environment
Hi,

i have some sites closed by groups filter,
only open for admin and one other group.
Works fine, thanks for that ;)
But o0_h
deeplinks to content from that site, bypass the rule and will show to everybody..

i hope that i only forgot to klick an option rule anywhere,
or i did not read that i need for this a in moonshine dancing shaman too.
If yes, please type LoL and give me a hint.
If not, please, can you fix this?

Test-links: bc.guide
must show a login page ..
and this link must be dead too, for no members, and for "only registered" members...
http://bc.guide/application/files/2714/8855/4085/Hanf-Art-BCGuide02...


Status: New
Mnkras replied on at Permalink Reply
Mnkras
This isn't really a bug, its how it is intended to work,

If you move your files to a non-public location (using File storage locationshttps://documentation.concrete5.org/editors/dashboard/system-and-mai... then all file downloads will be routed through the view_file page which will check permissions on the files.

Mike
Buschmann replied on at Permalink Reply
Hmm, O,k THANKS
that will be work perhaps..
i can set folder-content view rights...
but this sucks a bit,
so i must splitt folder content by sites and rights..
OR
i must set permissions each file by file, so i can`t use multi-selection to set rights for more than one file in once click...
Mnkras replied on at Permalink Reply
Mnkras
I don't understand when you say:

so i must splitt folder content by sites and rights..

You can either set default permissions to require users be logged in, or make a folder and have everything in the folder require users to be logged in.

concrete5 Environment Information

V8 chrome and mozilla..

Browser User-Agent String

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36