DOCS Note about custom File->canView()

See silverstripe#8493 [ci-skip]
open-sausages · May 22, 2019 · 74c869f · 74c869f
1 parent c82c152
commit 74c869f
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/docs/en/02_Developer_Guides/14_Files/03_File_Security.md b/docs/en/02_Developer_Guides/14_Files/03_File_Security.md
@@ -59,7 +59,14 @@ Note that even if the permissions above allow access,
 you need to have access to a mechanism to view or edit file information. 
 Most commonly this is through the "Access to Files section" permission.
 Custom implementations (e.g. APIs or custom file viewers) can have
-further restrictions in your project.  
+further restrictions in your project. 
+
+<div class="warning" markdown="1">
+When implenting your own `canView()` logic through [extensions](/developer_guides/extending/extensions),
+existing unprotected files are not retroactively moved to the protected asset store.
+While those new permissions are honoured in the CMS, protected files through custom `canView()`
+can still be downloaded through a public URL until they a `write()` operation is triggered on them.
+</div>  
 
 ## Asset stores