Jump to:

10928 Posts in 2612 Topics by 1809 members

All other Modules

SilverStripe Forums » All other Modules » member with access to securefiles cant access secure file

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1145 Views
  • theoldlr
    Avatar
    Community Member
    103 Posts

    member with access to securefiles cant access secure file Link to this post

    Hi all,

    I installed the secure files module, have uncommented the "security by member group" line in the module's _config.php, rebuilt the database... all the normal steps. I created a group and assigned 2 users to the group.

    Both in the Security section of the CMS and the security tab for my secured folder, I have assigned the group access to secured files. The files in the secured folder are uploaded through a form by any visitor to the site, which then sends an email to the 2 members of the group previously mentioned with a link to download the file. Clicking the link takes you to the login form with a message that says, "not authorized," which seems right to me, but once you login as a member of the group the file still cannot be downloaded. If I un check the "folder is secure" box, the file downloads no problem.

    Any reason I cannot access a secured file this way?

    Thanks!

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: member with access to securefiles cant access secure file Link to this post

    Hi there,

    Which versions of Secure Files and SilverStripe are you using?

    Only thing I can ask at the moment is, are you sure the member is in the group with secure access? Adding a user to a group with "secure file access" should bypass all the other checks, so they definitely should have access. Being in a group that has access to a particular folder is more complex, but it should be overridden by that setting anyway.

    Please double check the user is logged in, is in the correct group and the file is in the correct place.

  • theoldlr
    Avatar
    Community Member
    103 Posts

    Re: member with access to securefiles cant access secure file Link to this post

    Hamish,

    I am using silverstripe 2.4 with Secure Files v0.3. I have attached a few screenshots that show all the permissions and group membership to this post. Screenshot 5 occurs when you attempt to reach the file without being logged in... after logging in you get screenshot #6. If the folder is not secured, it will download as it should. If you login in advance and then visit the exact url you also get screenshot 6.

    Thanks!

    Attached Files
  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: member with access to securefiles cant access secure file Link to this post

    Thanks for the screenshots. Yeah, you've clearly got it set up correctly.

    Could to post the htaccess file that should have been created in the ForFab folder? Also the relevant _config.php file for SecureFiles.

    If they're normal, you might need to debug the process that grants permission to see if there is something awry.

  • theoldlr
    Avatar
    Community Member
    103 Posts

    Re: member with access to securefiles cant access secure file Link to this post

    Here is the .htaccess:

    <IfModule xsendfile_module>
    XSendFile on
    </IfModule>
    RemoveHandler .php .phtml .php3 .php4 .php5 .inc
    RemoveType .php .phtml .php3 .php4 .php5 .inc
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^(.*)$
    RewriteRule (.*) sapphire/main.php?url=%1&%{QUERY_STRING} [L]

    and here is the _config.php

    <?php
    /**
    * Secure Files Module Configuration
    *
    * @package securefiles
    * @author Hamish Campbell
    * @copyright copyright (c) 2010, Hamish Campbell
    */

    Director::addRules(50, array(ASSETS_DIR . '/$Action' => 'SecureFileController'));
    AssetAdmin::require_css('securefiles/css/SecureFiles.css');
    // -------------------------------

    /**
    * Apply optional permission methods here. Include them in the reverse
    * order that you would like them to appear in the CMS.
    */

    // Assign file security by individual member:
    // DataObject::add_extension('File', 'SecureFileMemberPermissionDecorator');

    // Assign file security by member group:
    DataObject::add_extension('File', 'SecureFileGroupPermissionDecorator');

    // Create time-limited access tokens:
    // DataObject::add_extension('File', 'SecureFileTokenPermissionDecorator');

    // -------------------------------
    DataObject::add_extension('File', 'SecureFileDecorator');

    /**
    * For large files or heavily trafficed sites use x-sendfile headers to by-pass
    * file handling in PHP. Supported in lighttpd and in Apache with mod_xsendfile
    * available at http://tn123.ath.cx/mod_xsendfile/
    */
    // SecureFileController::use_x_sendfile_method();

    /**
    * For testing or debug purposes, you can force this module to use the internal
    * Sapphire send file method. Not recommended for production sites.
    */
    // SecureFileController::use_ss_sendfile_method();

    1145 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.