Admins/logged-in-users are able to set the current access control when they upload a file. Three types of access are: public, private and logged-in-users:
public: files uploaded can be viewed and accessed by users who are not logged in
private: no one will be able to view the files uploaded except for user and admin
logged-in-users: only logged in users and admins are able to view and access the uploaded file.
Functionality
Files that are uploaded can be viewed and accessed in regards to the access control set by the user.
Hence, when a public user(not logged into account) can view and access the uploaded file which access setting has been set to public, but will not be able to see the files which control access setting has been set to either 'private' or 'logged in user'.
Task
What I would like to do is to change the control access, such that public users (not logged into account), cannot view or access the uploaded file. Hence, even if the user has set the control access setting to public, non-logged in user cannot view and access that uploaded file, therefore, all the public user can see is an empty list.
Therefore, I would like to ask is should I be changing the Elgg framework within the directory /Elgg/views/default/output/access.php to achieve the desired outcome or can I change it within the view of the plugin mod: Elgg/mod/plugin/views/default/object?
Elgg is designed to be plugin-centric, so the proper approach is to create your custom plugin that will override elements you need from core and 3rd party plugins alike. We explain motivation here: http://learn.elgg.org/en/1.12/guides/dont-modify-core.html
What I understand, you wan't to force files to be restricted to logged-in users or more. There is an access level for that already, you just need to enforce it.
We need to change two elements:
Ad. 1 You could override the view forms/file/uploads and replace call to input/access with custom version that filters unwanted values. It's better than altering input/access view that's used all over the place.
Ad. 2 You can either override whole file/upload action (which is nasty due to copying ton of logic) or just use plugin hook that will do additional control. Here you have the hook that allows you to break action when you detect invalid input value: http://learn.elgg.org/en/1.12/guides/hooks-list.html#action-hooks
As stated by Paweł Sroka, it is highly unadvisable to modify the main Elgg core framework. Hence, the proper approach is to either create a plugin or to modify the existing plugin.
Hence, as mentioned in the question, the main task is to prevent any non-login user from having the access to view and access the listed items. Therefore, what I have done is to implement 'gatekeeper()'
gatekeeper() -> function to allow user to manage how code gets executed by applying access control rules. Furthermore, when applied, it will forward non-login user to front page thus protecting the content of the restricted page from being viewed.
Finally, 'gatekeeper()' is implemented within the following directory prior to my question: elgg/mod/plugin/pages/plugin/all.php