Help:Restricting Access to Uploaded Files
From QED
Unless specific restrictions are in place, anyone can view an uploaded file, and any logged-in user can upload or re-upload a file. This help page describes how to impose access restrictions on a specific file and its description page, the general principle being that the rules governing access to a file are the same as the rules for accessing its description page.
For example, if you can view the description page of an image, you should be able to view the image itself; and conversely, if you want to restrict access to an image, it is sufficient to restrict access to the description page.
Some restrictions are based on the file name and so are permanent in nature. Other restrictions are contingent in nature. This help page is organized accordingly.
| In order to restrict read-access .... | permanently | contingently |
|---|---|---|
| to logged-in users | include © in filename | [[Category:Restricted]] |
| based on ACLs of Course:X | use X© as prefix | {{Folder:Course:X}} |
| based on ACLs of folder X | — | {{Folder:X}} |
| based on ACLs of folder NS:X | — | {{Folder:NS:X}} |
Contents |
Permanent Restrictions
Limiting Read-Access to Logged-In Users
If read-access to an uploaded file is permanently to be restricted to logged-in users, then it is recommended that a copyright symbol should be included in its name. You can do this by copying-and-pasting this symbol: ©
Limiting Read-Access based on Course ACLs
If read-access is permanently to be restricted based on the ACLs for a course, the file name should be prefixed with the string X© where Course:X is the QED folder for the course. In this case, access will always be restricted to logged-in users whether or not the course ACLs have been activated.
Note: Since filenames cannot be changed, this mechanism provides a more secure method for restricting access than the {{Folder:Course:X}} method described below.
Contingent Restrictions
Limiting Read-Access to Logged-In Users
- Adding [[Category:Restricted]] to a description page will limit access to the uploaded file as well as the description page to logged-in users, so long as the page remains categorized in this manner.
Limiting Write-Access to Logged-In Users
Adding [[Category:Protected]] to a description page will prevent the file from being re-uploaded, so long as the page remains categorized in this manner.
Folder:NAMESPACE:Folder
If you wish the ACLs of an existing folder to govern access to an uploaded file and its description page, add {{Folder:NAMESPACE:FOLDER}} to the description page, where NAMESPACE:FOLDER is the top-level page of the folder. For the main namespace, simply use the form {{Folder:FOLDER}}. For example:
- {{Folder:Lumi}}
- {{Folder:Project:Lumi}}
Please note:
- the restrictions only apply while the flag appears on the description page;
- read-access will only be restricted if the read-access ACL page has been protected, and similarly for write-access;
- it is recommended that some text be included on the Template:Folder:FOLDER or Template:Folder:NAMESPACE:FOLDER page;
- space characters in the folder name may be replaced by underscores but they must not be omitted;
- adding such a flag to a description page also causes the page to appear as though it were in that folder in so far as the folder has been customized with respect to logo, left sidebar, and CSS.
