This problem is documented in the issue here but has not got a response yet.
The documentation says that the the download allow/deny permission function gets the userId and fileObj but when I tried this, the userId is just a value false.
UserImages.deny({
download: function(userId, fileObj) {
// use userId to determine if download should be allowed.
console.log(userId); // <=== This for some reason always prints `false` even when the user is logged in
return false;
}
});
Looking at the issue, this might be a bug but I can't confirm.