Jump to:

10930 Posts in 2613 Topics by 1810 members

All other Modules

SilverStripe Forums » All other Modules » SecureFiles 0.21 Released - Testers + Translations please!

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2 3 4 5 6
Go to End
Author Topic: 5665 Views
  • Hamish
    Avatar
    Community Member
    712 Posts

    SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    Hi all,

    There is a new SecureFiles (v0.21) available here:

    http://silverstripe.org/secure-files/

    There have been a number of improvements:

    You can now apply decorators in your _config to decide how you want Secure Files to manage permissions. From the base install, only ADMINS and users with the SECURE_FILES permission will be able to access secure files. You can then apply the Group Permission Decorator or Member Permission Decorator (or both) to add the functionality you want.

    It's also easy to extend - simply create a new decorator that implements canViewSecured() and you can add new permission systems.

    Should be compatible with 2.3.x and 2.4b

    Translations would be welcome.

    Future enhancements:

    • -Time restricted permissions
    • -Auth Token permission - provide an auth token to access a particular file. Useful for 'paid content' systems
    • -Access logging
    • -GUI improvements within the CMS

    Note: this is not the same module that is available via svn.silverstripe.com or open.silverstripe.com.

    See latest updates at: http://polemic.net.nz/svn/silverstripe/modules/SecureFiles/trunk/
    tickets etc at: http://polemic.net.nz/trac/

    Regards
    Hamish

  • Marcus
    Avatar
    Administrator
    86 Posts

    Re: SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    What are the main differences between this and the one available via svn.silverstripe.com?

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    The silverstripe.com one is a fork of an earlier version - I don't know who is responsible for ongoing maintenance.

    The version available at http://silverstripe.org/secure-files/ has a number of modes of operation and is 'developer friendly' in that you can add new permission rules easily. I'm also making sure it is v2.3 and v2.4 compatible.

  • UncleCheese
    Avatar
    4085 Posts

    Re: SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    Okay, Hamish, I'm officially confused. I'd really like to use this module to prevent the public from browsing a folder that is full of resumes uploaded from a contact form. I have gone to the Security tab, with your two decorators enabled in the _config.php, and I set the permissions to a single member, but I can still browse to /assets/Uploads/myfile.pdf and download. Is there a step that I'm missing?

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    Have you ticked "folder is secure" and saved the folder? This will write an htaccess file that sets up the required rules.

    Also, you'll still have access if you're an Admin user.

  • Juanitou
    Avatar
    Community Member
    323 Posts

    Re: SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    Hi Hamish!

    I haven’t found the time to test the module, so the following translations lack context, but they should be good enough for the moment. I’ll update they later if needed. BTW, there’s a typo in the comment MEMBER PERMISSION.

    @UC: I’ll send you French and Spanish translations for some of your modules… waiting for an appropriated rainy Sunday!

    Best regards,
    Juan

    Attached Files
  • UncleCheese
    Avatar
    4085 Posts

    Re: SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    Hi, Hamish,

    Yes, the folder is marked as secure. Here's the .htaccess in my secure "Uploads" folder:

    RemoveHandler .php .phtml .php3 ,php4 .php5 .inc
    RemoveType .php .phtml .php3 .php4 .php5 .inc
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^(.*)$
    RewriteRule (.*) sapphire/main.php?url=%1&%{QUERY_STRING} [L]

    Is that right?

  • UncleCheese
    Avatar
    4085 Posts

    Re: SecureFiles 0.21 Released - Testers + Translations please! Link to this post

    Never mind... I get it now.. I must have been logged in as an admin. Very nice module, Hamish! We'll be rolling this out everywhere.

    5665 Views
Page: 1 2 3 4 5 6
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.