Plugin for Omeka Classic. Allows to hide specific files (for copyright or any other reason) from visitors and users
This version introduces a robust security layer to ensure that hidden files are protected across all Omeka entry points:
- Access Control: Unauthorized users (based on plugin settings) will encounter a
403 Forbiddenerror when trying to accessfiles/showorfiles/editfor a hidden file. - ACL Integration: The "Hidden Files" admin list is now strictly protected by Omeka's Access Control List. Only authorized roles can browse it.
- SQL Safety: All database interactions use prepared statements to prevent SQL Injection vulnerabilities.
The plugin is now fully integrated with the Omeka REST API. When a file is flagged as hidden:
- Data Masking: Internal filenames and original file paths are completely removed from the API response.
- Placeholder Media: Direct links to original files and thumbnails are replaced with a secure placeholder icon (
file_hidden.png). - Context Aware: Administrators and file owners can still see full data via API, while the public sees the restricted version.
To enable the "Public" checkbox in the file edit page, ensure your admin theme (or core) fires the following hook in admin/themes/default/files/edit.php:
<?php fire_plugin_hook("admin_files_panel_buttons", array('view'=>$this, 'record'=>$file)); ?>
This is a stub. I'm still adding checks to hide original file information on both Admin and Public side, so it should still be used to experiment, and not on production.
Use it at your own risk.
It’s always recommended to backup your files and your databases and to check your archives regularly so you can roll back if needed.
See online issues on the plugin issues page on GitHub.
This plugin is published under the CeCILL v2.1 licence, compatible with GNU/GPL and approved by FSF and OSI.
In consideration of access to the source code and the rights to copy, modify and redistribute granted by the license, users are provided only with a limited warranty and the software’s author, the holder of the economic rights, and the successive licensors only have limited liability.
In this respect, the risks associated with loading, using, modifying and/or developing or reproducing the software by the user are brought to the user’s attention, given its Free Software status, which may make it complicated to use, with the result that its use is reserved for developers and experienced professionals having in-depth computer knowledge. Users are therefore encouraged to load and test the suitability of the software as regards their requirements in conditions enabling the security of their systems and/or data to be ensured and, more generally, to use and operate it in the same conditions of security. This Agreement may be freely reproduced and published, provided it is not altered, and that no provisions are either added or removed herefrom.
Copyright Daniele Binaghi, 2021