Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Testers Required - SecureFiles 0.1.1 Module


Go to End
Reply


27 Posts   5655 Views

Avatar
Hamish

Community Member, 712 Posts

24 February 2009 at 10:55pm

Edited: 04/03/2010 1:40pm

THIS THREAD IS OBSOLETE. Please see new version updates here: http://silverstripe.org/all-other-modules/show/280202#post280202

Hey all,

Attached is an early build of a module I am working on - 'SecureFiles' allows content managers to set file access permissions on folders. Files within these folders will be subject to permission checks through sapphire.

As you might not know, files uploaded to you SilverStripe site are open to the internet - that is, anyone who knows the right URL will be able to get to your files.

Features:

  • New CMS tab 'Security' for folders, allows content editors to give specific users access to specific folders
  • Privileges are inherited from parent folders
  • Uses apache rewrite rules to direct secure folders through an optimized controller. Unsecured folders are still allowed direct access (so they will load at the same speed)
  • New permission code "Access to Secure Files" overrides folder specific privileges
  • Prevent Google indexing your private files!

This is an early version, so documentation is still sparse, however it should be this easy to install:

1. Extract to your SilverStripe directory

2. Run dev/build?flush=1

I would like to here about any bugs of feedback you might have, so please add to this thread.

----

EDIT: this now lives at [url]http://polemic.net.nz/secure-files-module/[/url]

SVN: [url]http://polemic.net.nz/svn/silverstripe/modules/SecureFiles/[/url]

Log Tickets and feature requests: [url]http://polemic.net.nz/trac/newticket?component=Secure%20Files[/url]

Attached Files
Avatar
Hamish

Community Member, 712 Posts

24 February 2009 at 10:59pm

Edited: 04/03/2010 1:40pm

... I don't know how this ended up in this forum. Supposed to be in "All-other-modules". Oh well :/

Avatar
Liam

Community Member, 470 Posts

25 February 2009 at 9:08am

Edited: 04/03/2010 1:40pm

This is exactly what I needed on a project a long time ago!

I can still use it, so I'll install and test. I need a few days at least, as I'm swamped with other work right now.

Thanks a lot though. This is a really good module by the sounds of it. Will come in handy.

Avatar
Hamish

Community Member, 712 Posts

25 February 2009 at 12:57pm

Edited: 04/03/2010 1:40pm

Hey LeeUmm, glad to have you trying it out.

Avatar
sorich87

Community Member, 14 Posts

1 March 2009 at 5:17am

Edited: 04/03/2010 1:40pm

I will test it also because I need similar functionnality for an ecommerce which will sell music.

Avatar
slamby

Community Member, 21 Posts

11 March 2009 at 1:33am

Edited: 04/03/2010 1:40pm

I installed and tested the module. It works like expected.

There is a small issue with the member drop down box: When the select box opens the first two fields are blank. Could it be that DropdownField already brings the functionality to show $optionArray[0] as ' '?

If I uncomment like:
//   $optionArray = array( '0' => '');

the select box behaves shows a blank field first and 2nd and so forth the users will be shown.

Thanks for the good work.

BTW: Did you ever thought about supporting group permissions instead of or in addition to members?

Avatar
Hamish

Community Member, 712 Posts

11 March 2009 at 9:49am

Edited: 04/03/2010 1:40pm

Yeah, group permissions are the next thing on the list. Basically, to be fully featured, I think it will need the following:

1. Administrator override (existing - "Access secured files" permission level)

2. User level permission management (existing functionality)

3. Group level permission management (to do)

...and basically with precedence in that order, so that Admin overrides User level permissions which override group level permission.

4. Hook into security auditing (to do)

Avatar
weberho

Community Member, 15 Posts

24 March 2009 at 4:45am

Edited: 04/03/2010 1:40pm

I'm currently evaluating the SecureFile extension (v.1.1.3); it works nicely but I get an error:

"I can't handle sub-URLs of a SecureFileController object" when I try to access the URL listed below where the "Dokumente-Login" is set as secure Foder.

http://staging.test.com/assets/Uploads/Dokumente-Login/SFF/Spppppp/Zur-Eignung-von-MultifingermessungenSpppppp.pdf

Do you need more information to solve that problem?

Best regards,
Johannes

Go to Top