Integrate Dokuwiki ACL for file endpoint

README.md

@@ -31,15 +31,11 @@ It also ships a small file-serving endpoint (`lib/plugins/luxtools/file.php`) us
 to deliver files and generate cached thumbnails.
 
 
-## Important security note
+##  Note on security
 
 The file-serving endpoint (`lib/plugins/luxtools/file.php`) runs inside DokuWiki
-and can enforce a simple access restriction based on the currently logged-in
-user.
-
-This is intentionally *not* full per-page ACL integration; it is a pragmatic
-allowlist to avoid “anyone with a guessed URL can fetch the file”.
-
+and enforces access via per-page ACL: the requester must have at least read
+access to the wiki page that rendered the link.
 
 ## Installation
 
@@ -60,33 +56,25 @@ luxtools is configured via its dedicated admin page:
 
 Key settings:
 
-- **access_allow**
-  Allowed users/groups for the file-serving endpoint.
-  - Entries can be separated by newlines, commas, or whitespace.
-  - Use `@group` to allow a whole group.
-  - Leave empty to allow any authenticated (logged-in) user.
-  - Anonymous users are always denied.
-
 - **paths**
   Allowed base filesystem roots (one per line). Each root can be followed by:
   - `A> /Alias/` (optional) alias used in wiki syntax and open links
-  - `W> https://...` (optional) web base URL used for links instead of `file.php`
 
   Example:
 
   ```
   /srv/share/Datascape/
   A> /Scape/
-  W> https://files.example.example/Datascape/
   ```
 
-  If no `W>` line is configured, luxtools links will use the plugin endpoint:
+  luxtools links use the plugin endpoint:
 
   `lib/plugins/luxtools/file.php?root=...&file=...`
 
-  Note: if you configure a `W>` web URL to an external file server, that server
-  must enforce access itself; DokuWiki ACLs and `access_allow` only apply to
-  `file.php`.
+  The generated URLs also include the current wiki page id (`id=...`) so
+  `file.php` can enforce ACLs for the host page.
+
+
 
 - **scratchpad_paths**
   Scratchpad file map (one file path per line, followed by an `A>` alias line).