Jump to:

3462 Posts in 1065 Topics by 740 members

Data Model Questions

SilverStripe Forums » Data Model Questions » File upload field walkthrough?

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 4947 Views
  • Judge
    Community Member
    79 Posts

    File upload field walkthrough? Link to this post

    I wonder if anyone can help walk though implementing a file upload with me? Hopefully it will help others and fill in a few gaps in the documentation.

    Basically this is where I would like to get to:

    The database model is:

    Resumes --< Documents +-- Files

    So Resumes can have many Documents. Each Document can have one File.

    All files will stored under assets in a date-stamped folder:


    The datestamp itself is not important, but it helps spread the files over a multiple directories. The resumes folder will not be directly accessible - users always have to go through a page to ensure they have permission before they are able to access an uploaded file (generally a user can only access files that are attached to a Resume that they own, but some may be set to be publicly accessible - that's a detail for later).

    Users can upload a file or replace an existing file. Users cannot browse the file directories to attach existing files or move files around between Documents.

    For now I just want this working inside a default ModelAdmin page, so privileges are not really the issue at this stage.

    That should cover the use-case, but I'll add anything I think of to this initial post.

  • Judge
    Community Member
    79 Posts

    Re: File upload field walkthrough? Link to this post

    This is the approach I have tried so far:

    class ResumeDocument extends DataObject {
    static $db = array('Notes' => 'Text');

    static $has_one = array(
    'Resume' => 'Resume', // The master record.
    'Document' => 'File', // The uploaded file.

    function getCMSFiled() {
    $fields = parent::getCMSFields();

    $FileField = new FileField('Document', 'Upload Resume Document');

    // Set the directory.
    $FileField->setFolderName('resumes/' . date('Y/m/d'));

    // Add this upload field to the form.
    $fields->replaceField('Document', $FileField);

    return $fileds;

    This will create a DocumentID column in the database. The update form for this Document in the admin screens then provides a browse field allowing a file to be uploaded. Submitting the form will upload the file, place it in the directory structure (creating the directories as needed - very nice) and save the ID of the File in the DocumentID column.

    That is okay so far, except that when I go back into the record, there is no indication of the file that is attached.

    However, if I change the name of the field from"Document" to "DocumentID" (or even remove the getCMSFields method completely, leaving SS to put in its own default file browser) then the FileField is displayed as an AJAX-enabled uploader. This good *except* that now the server-side options are ignored; the file is uploaded to the "Uploads" root folder and not into the specified directory structure. The user is also given the ability to browse the server to attach a new file.

    So - is there anything in between these two extremes? Can a file be uploaded into the right place, by being processed through this model (and consequently allowing upload privileges to be managed here too, in the same place)?

    I also wonder about the security of the AJAX file browser. If it does not go through my model to do its browsing, then does that mean all files in the assets folder are completely open to browsing to any third party sending the appropriate requests to the application? Even if htaccess blocks the folder, is there still a means for them to browse the structure and file names?

  • Judge
    Community Member
    79 Posts

    Re: File upload field walkthrough? Link to this post

    One thing that confuses me:

    The FileField form field has a warning at the top:

    CAUTION: Doesn't work in the CMS due to ajax submission, please use {@link FileIFrameField} instead.

    However, when I use it, it does not have any AJAX in it. It is just a plain out file upload field with a browse button.

    When I use the FileIFrameField it *does* use AJAX. It incorporates the FileField basic field within it, but then wraps a few layers of iframe, and an AJAX file browser around it.

    The thing that confuses me is how it works. I cannot see how FileIFrameField invokes all that AJAX. Where does it come from? Also why the warning in FileField? Is it an old warning that no longer applies, or is it just that my system is not actually working as it should? If I use it, expecting there to be no AJAX, will I get a surprise after a future upgrade to the SS core when the AJAX suddenly starts working? Or perhaps my using it "in the CMS" (whatever that means - in the admin back end? In the front end?) the AJAX is being automatically disabled?

    -- Jason

  • timwjohn
    Community Member
    98 Posts

    Re: File upload field walkthrough? Link to this post

    For anyone that stumbles here, there's a new(ish) set of file upload fields by the reverend Uncle Cheese, called Uploadify. Use them for all your file upload needs: http://www.leftandmain.com/silverstripe-modules/2010/08/26/two-new-modules-uploadify-and-postale/

Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.