Make uploaded files private...?

@baris, many thanks.

I'm curious though...what would it take to apply group-level permissions? Is that something that the asset manager plugin would offer, if it were functional?

They end up something like: http://hostname:4567/mynodebb/assets/uploads/files/abc.pdf

(Edit: actually, they all get prefixed with a random string timestamp in milliseconds, so it's more like http://hostname:4567/mynodebb/assets/uploads/files/1496954435705-abc.pdf)

Right...that's what I was hoping it would do. But it's not happening for me (i.e., I can access the URL to an uploaded file from anywhere, without being logged-in). What might I be missing?

I would like to make access to files uploaded to my NodeBB private. I found this short thread that suggests the option to "Make uploaded files private" will do exactly this: Make Uploaded Files Private Setting Explanation

However, as far as I can determine, enabling this setting has no effect. If I upload a file, I can copy its URL, and access it from anywhere. Is there something I'm missing?

I've got NodeBB 1.5.1 installed on a windows machine (with Node 4.4.3). Is there anything more that should be done to enable this feature, beyond flipping a simple switch in the settings, or does it not actually do what I think it does?

I tried the asset manager plugin referenced at the end of the above thread, but it appears to be unmaintained, and hasn't worked since at least NodeBB 1.1.2.

Any suggestions?