Comment 3 for bug 1356638

Ok, the way I see this problem is:

If I add a file to site files in the root dir (not public folder) I can see this image if I add it to a static page (as admin) but if I log in as a non admin I can't see it.

I believe this is related to the site config setting "Access to site files"
 -- "If checked, logged-in users will have access to site files in subfolders. By default, only files in the top level directory are accessible to them."

So it's failing on the check for allowing download of artefact if the artefact is in the site -> files root dir.

It looks to be this line in artefact/file/download.php
        $fileinloggedinmenu = $fileinloggedinmenu && record_exists('site_menu', 'file', $fileid, 'public', 0);

it's only allowing access to site files if they exist in the site_menu

But that doesn't seem in keeping with the statement "By default, only files in the top level directory are accessible to them."

Do we even need the record_exists('site_menu', 'file', $fileid, 'public', 0) bit?