Implement canRead for attached files

[luke-]

Currently uploaded files in a conversation are not specially protected, only by the individual link including the GUID.
It would be good to check here also if the user is a participant of the conversation.

[usirg]

thanks, looking forward to it 😁

[luke-]

Maybe rel: humhub/humhub#6451

[martin-rueegg]

Also related:

• the changes made in Introduce state and other fields to file table and implement interfaces,
  which are outdated but will be updated once
• Introduce Archiveable, Deletable, Editable, Readable, & Viewable Interfaces #6451 and
• Introduce Statable interfaces and implementation #6430
  have made their way into core.

[Gilbertdelyon]

May I ask a newbie question? (only for my personnal knowledge)
In HH I guess all images are are served by PHP. url example
https://mydomain.xyz/index.php?r=file%2Ffile%2Fdownload&guid=c99b3fe3-1234-5678-95fc-c9bd4450a800
Php will the execute the file download request, check permissions and send the file, probably with a readfile() or readfile_chunked() function.
I worry if this couldn't increase too much the server load when the site is populated with a lot of images and videos?

[Gilbertdelyon]

I worry if this couldn't increase too much the server load when the site is populated with a lot of images and videos?

Why do I ask this question?
I am also administrating a DRUPAL web site (DRUPAL is based on Symfony framework).
DRUPAL media files are all public by default.
You can activate a private file system, but it is not easily available for common users. You have to modify the settings.php file of the site, and tthe documentation says:

This adds to server load and download time, since Drupal must resolve the path for each file download request, but allows for access restrictions to be added......

In the opposite, HH medias are "private" (url must be resolved in any case), without any warning.
I have no idea about the side effects on server load and pages loading time

[luke-]

@Gilbertdelyon You're right, when the download is handled by the PHP application, there is additional load. This can be reduced, when sendfile is activated. PHP then only performs the initial session & authorization check and then passes the download on to the web server.

e.g. https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/#enabling-sendfile
https://docs.humhub.org/docs/admin/performance#x-sendfile

[Gilbertdelyon]

@luke-
Unfortunately, in our Apache shared hosting X-sendfile is not available. So, I guess some php fread($file) or readfile_chunk($file, CHUNK_SIZE) will be used in HH.
But I dont know how significantely it can increase the load and downgrade usability.