I've modified the module to only display entries in the results whose parent nodes are filtered by db_rewrite_sql. If I understand correctly (and I have to admit I am having a difficult time with db_rewrite_sql), this means that any module that restricts access using hook_db_rewrite_sql (like taxonomy access) will only return nodes that the current user has access to. Nodes, and therefore attachments, that the user doesn't have access to should not show up in the results list. I'd appreciate it if you could test the search_attachments_5_1-dev-db_rewrite_sql.tgz version above and let me know how it works.
I've added db_rewrite_sql to solve this
Hi Moses,
I've modified the module to only display entries in the results whose parent nodes are filtered by db_rewrite_sql. If I understand correctly (and I have to admit I am having a difficult time with db_rewrite_sql), this means that any module that restricts access using hook_db_rewrite_sql (like taxonomy access) will only return nodes that the current user has access to. Nodes, and therefore attachments, that the user doesn't have access to should not show up in the results list. I'd appreciate it if you could test the search_attachments_5_1-dev-db_rewrite_sql.tgz version above and let me know how it works.
This fix should also address Andrew's question.