Download other user issue files as logged in user

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Upload a file from user_1 browser , download and in browser history it show 
the following link (example :
   http://localhost/backend/r.php/filesystem/<string> copy the link

2. Now open new browser and loggin with user_2  and paste link to download the 
file in user_2 browser
3.  it starts downloading 

What is the expected output? What do you see instead?
There is no  access rights for user_2 to access user_1 files

If I know the download URL and logged in with other some user , still can I 
download the file ?

What version of the product are you using? On what operating system?
2_0_2

Please provide any additional information below.

Original issue reported on code.google.com by psbhara...@gmail.com on 11 Dec 2014 at 7:55

[GoogleCodeExporter]

Files and their ids are not user related, but folder related.

The download link contains item unique id, which points into certain file under 
Mollify folder. So this same id can be used by any user that has the access to 
same folder defined in Mollify (Configuration->Folders).

This merely sets the file reference, permissions are different story where you 
can grant or deny file/folder access for different users.

Original comment by samuli.j...@gmail.com on 11 Dec 2014 at 10:28

• Changed state: Invalid