[AndrewD]

Quote:

Originally Posted by josiespencer

My ultimate goal is that all file downloads are done via hard coded URL links posted in posts that look like this "http://uber-goober.com/forums/local_links.php?action=jump&linkid=931". This makes a popup box appear and the user can download just that one file.

OK, understood

Quote:

Originally Posted by josiespencer

(1) When I new user signs on for the first time he finds a file he wants to download:

(2) So he clicks the hyperlink and gets the prompt for accepting the download terms:

(3) He clicks Continue and gets:

(4) He clicks Go and sees:

I understand.

Quote:

Originally Posted by josiespencer

(5) OK, first of all he isn't supposed to see this screen ever, he is just supposed to get a popup box asking him where he wants to save the file. Regardless, now he can do/see things he shouldn't be able to see. So he clicks on Categories to get a list of those:
(6) And then clicks on the LDM hyperlink and gets a list of all files in the LDM category:
(7) And now he can search for any file he wants including hidden files:

I understand that you don't want people to go via the main LDM pages but I am surprised that they can see entries that you don't want them to see, particularly hidden entries.

If you don't want people to see hidden entries, then you should take away *can_view_hidden* permission from their usergroups.

Quote:

Originally Posted by josiespencer

If I switch "off" the can_view_category for that users usergroup, he never gets the download acceptance terms in (3), instead he gets this:

This is true, and correct behaviour.

The basic problem is that the "accept rule" forms were not designed with your route through LDM in mind. I think it's easy enough to change. I will see what I can do.