Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Testers Required - SecureFiles 0.1.1 Module


Go to End
Reply

27 Posts   5524 Views

Avatar
Hamish

24 February 2009 at 10:55pm (Last edited: 4 March 2010 1:40pm), Community Member, 712 Posts

THIS THREAD IS OBSOLETE. Please see new version updates here: http://silverstripe.org/all-other-modules/show/280202#post280202

Hey all,

Attached is an early build of a module I am working on - 'SecureFiles' allows content managers to set file access permissions on folders. Files within these folders will be subject to permission checks through sapphire.

As you might not know, files uploaded to you SilverStripe site are open to the internet - that is, anyone who knows the right URL will be able to get to your files.

Features:

  • New CMS tab 'Security' for folders, allows content editors to give specific users access to specific folders
  • Privileges are inherited from parent folders
  • Uses apache rewrite rules to direct secure folders through an optimized controller. Unsecured folders are still allowed direct access (so they will load at the same speed)
  • New permission code "Access to Secure Files" overrides folder specific privileges
  • Prevent Google indexing your private files!

This is an early version, so documentation is still sparse, however it should be this easy to install:

1. Extract to your SilverStripe directory

2. Run dev/build?flush=1

I would like to here about any bugs of feedback you might have, so please add to this thread.

----

EDIT: this now lives at [url]http://polemic.net.nz/secure-files-module/[/url]

SVN: [url]http://polemic.net.nz/svn/silverstripe/modules/SecureFiles/[/url]

Log Tickets and feature requests: [url]http://polemic.net.nz/trac/newticket?component=Secure%20Files[/url]

Attached Files
Avatar
Hamish

24 February 2009 at 10:59pm (Last edited: 4 March 2010 1:40pm), Community Member, 712 Posts

... I don't know how this ended up in this forum. Supposed to be in "All-other-modules". Oh well :/

Avatar
Liam

25 February 2009 at 9:08am (Last edited: 4 March 2010 1:40pm), Community Member, 470 Posts

This is exactly what I needed on a project a long time ago!

I can still use it, so I'll install and test. I need a few days at least, as I'm swamped with other work right now.

Thanks a lot though. This is a really good module by the sounds of it. Will come in handy.

Avatar
Hamish

25 February 2009 at 12:57pm (Last edited: 4 March 2010 1:40pm), Community Member, 712 Posts

Hey LeeUmm, glad to have you trying it out.

Avatar
sorich87

1 March 2009 at 5:17am (Last edited: 4 March 2010 1:40pm), Community Member, 14 Posts

I will test it also because I need similar functionnality for an ecommerce which will sell music.

Avatar
slamby

11 March 2009 at 1:33am (Last edited: 4 March 2010 1:40pm), Community Member, 21 Posts

I installed and tested the module. It works like expected.

There is a small issue with the member drop down box: When the select box opens the first two fields are blank. Could it be that DropdownField already brings the functionality to show $optionArray[0] as ' '?

If I uncomment like:
//   $optionArray = array( '0' => '');

the select box behaves shows a blank field first and 2nd and so forth the users will be shown.

Thanks for the good work.

BTW: Did you ever thought about supporting group permissions instead of or in addition to members?

Avatar
Hamish

11 March 2009 at 9:49am (Last edited: 4 March 2010 1:40pm), Community Member, 712 Posts

Yeah, group permissions are the next thing on the list. Basically, to be fully featured, I think it will need the following:

1. Administrator override (existing - "Access secured files" permission level)

2. User level permission management (existing functionality)

3. Group level permission management (to do)

...and basically with precedence in that order, so that Admin overrides User level permissions which override group level permission.

4. Hook into security auditing (to do)

Avatar
weberho

24 March 2009 at 4:45am (Last edited: 4 March 2010 1:40pm), Community Member, 15 Posts

I'm currently evaluating the SecureFile extension (v.1.1.3); it works nicely but I get an error:

"I can't handle sub-URLs of a SecureFileController object" when I try to access the URL listed below where the "Dokumente-Login" is set as secure Foder.

http://staging.test.com/assets/Uploads/Dokumente-Login/SFF/Spppppp/Zur-Eignung-von-MultifingermessungenSpppppp.pdf

Do you need more information to solve that problem?

Best regards,
Johannes

Go to Top