That is true - the default config is “Public” file system, which means uploads to logs, assets, and areas are not behind password protection. But you do have to know the URL to see them. Note that this is not the case for CSVs uploaded to the importers.
The other option is to switch to use the “Private” filesystem in Drupal. I’d love to switch to that as a general default if we can figure out the migration path.
most of the tutorials/instructions are based around content types
Right, so Drupal comes with it’s own entity type called
node (aka content types), but we don’t use that. We provide our own (
So we’d need to make changes in a few places I believe: there is a global setting at
/admin/config/media/file-system. That may be all we need to do. It is also possible to override the default on each file and image field instance (on each log/asset/plan type). I think that’s probably the process you found, only it was related to nodes.
The bigger question is: do we need to also migrate existing files to a new location in the process? I’m not sure how changing this setting will affect existing files, if at all. If you are interested in testing that, please do and let me know what you find!
This might be worth opening a GitHub or Drupal.org issue for, instead of just a discussion post.