Prompt for login on acl protected media

[dwgreen1]

Users frequently share documents and will use the direct link to PDFs and other files that were loaded to the media manager. The URLs generally look like this:

http://examplesite.org/_media/meetings:agenda.pdf

The exception is for files protected by acl. If a user is already logged in and uses a direct link, things are OK; for those who have not authenticated first, they are thrown a "Forbidden" message. Request to change this to prompt the user to log in instead?

[Klap-in]

line 72 of https://github.com/splitbrain/dokuwiki/blob/master/inc/fetch.functions.php sets the message.

Is a very simple html page with a link to the login page an idea for the 403 status? Or are there more ways to get a 403?

[dwgreen1]

I also found that line, and I thought about adjusting it. It's a simple solution, although ideally it would behave the same way DokuWiki does when a user tries to access any restricted page. That is, it produces a "Sorry, you don't have enough rights to continue." message and presents you with the usual login screen.

[splitbrain]

I guess the user would expect the download to continue after logging in, so a link to the standard form would not be enough.

[ysalmon]

In my dokuwiki, I modified fetch.php as follows :

// die on errors
if($data['status'] > 203) {
        global $ACT;
        $ACT = "denied";
        act_dispatch();
        exit;

This does the trick of displaying the login page and starting to download if login is successful. However, the login page "stays on air".

EDIT : replacing show with denied for newer versions of Dokuwiki.

[robinro]

The solution by @ysalmon sounds nice to me. Even if it is only a redirect to the login page without starting the download after login it would improve the current situation. :+1: it would be nice to have this fixed.

[ysalmon]

It seems that with newer versions of Dokuwiki, one needs to use the denied action instead of show.

I wonder why this is still not nicely managed by Dokuwiki, though.