File item protected by custom precondition

Question

Let's say I have:

• a file item
• a view that returns True if current user has rights to access that file (computed by multiple rules like type of user, the context of file item, etc.)

How can I set the view result as a precondition rule to prevent untrusted users to see the file's content?

The default view of the contents of a File or Image seems to be running only when opening the file as mysite/file/view. If I open the file as mysite/file the code is not executed and I receive the file for any user.

I found something here: Using the File Precondition Property

Is this possible in Plone to block access to a file or image using a rule computed at runtime? (I mean block all possibilities to open/download it including direct link, /view, at_download, etc.)

Answer 1

Assign a workflow to the content-types "Image" and "File" and grant permissions via workflow-states.

Answer 2

I presume that you want to keep things simple and easy, with minimal intervention to the content types. For that, you'd need some type of custom security manager. You could maybe play with local roles. The idea is that you want to grant, through workflow, view access to a certain role. If the logic for a user having that role is complex, then you need to move that logic in a security plugin.