THIS THREAD IS OBSOLETE. Please see new version updates here: http://silverstripe.org/all-other-modules/show/280202#post280202

Hey all,

Attached is an early build of a module I am working on - 'SecureFiles' allows content managers to set file access permissions on folders. Files within these folders will be subject to permission checks through sapphire.

As you might not know, files uploaded to you SilverStripe site are open to the internet - that is, anyone who knows the right URL will be able to get to your files.

Features:

• New CMS tab 'Security' for folders, allows content editors to give specific users access to specific folders
  
• Privileges are inherited from parent folders
  
• Uses apache rewrite rules to direct secure folders through an optimized controller. Unsecured folders are still allowed direct access (so they will load at the same speed)
  
• New permission code "Access to Secure Files" overrides folder specific privileges
  
• Prevent Google indexing your private files!
  

This is an early version, so documentation is still sparse, however it should be this easy to install:

1. Extract to your SilverStripe directory

2. Run dev/build?flush=1

I would like to here about any bugs of feedback you might have, so please add to this thread.

----

EDIT: this now lives at http://polemic.net.nz/secure-files-module/

SVN: http://polemic.net.nz/svn/silverstripe/modules/SecureFiles/

Log Tickets and feature requests: http://polemic.net.nz/trac/newticket?component=Secure%20Files

... I don't know how this ended up in this forum. Supposed to be in "All-other-modules". Oh well :/

This is exactly what I needed on a project a long time ago!

I can still use it, so I'll install and test. I need a few days at least, as I'm swamped with other work right now.

Thanks a lot though. This is a really good module by the sounds of it. Will come in handy.

Hey LeeUmm, glad to have you trying it out.

I will test it also because I need similar functionnality for an ecommerce which will sell music.

I installed and tested the module. It works like expected.

There is a small issue with the member drop down box: When the select box opens the first two fields are blank. Could it be that DropdownField already brings the functionality to show $optionArray[0] as ' '?

If I uncomment like:
// $optionArray = array( '0' => '');

the select box behaves shows a blank field first and 2nd and so forth the users will be shown.

Thanks for the good work.

BTW: Did you ever thought about supporting group permissions instead of or in addition to members?

Yeah, group permissions are the next thing on the list. Basically, to be fully featured, I think it will need the following:

1. Administrator override (existing - "Access secured files" permission level)

2. User level permission management (existing functionality)

3. Group level permission management (to do)

...and basically with precedence in that order, so that Admin overrides User level permissions which override group level permission.

4. Hook into security auditing (to do)

I'm currently evaluating the SecureFile extension (v.1.1.3); it works nicely but I get an error:

"I can't handle sub-URLs of a SecureFileController object" when I try to access the URL listed below where the "Dokumente-Login" is set as secure Foder.

http://staging.test.com/assets/Uploads/Dokumente-Login/SFF/Spppppp/Zur-Eignung-von-MultifingermessungenSpppppp.pdf

Do you need more information to solve that problem?

Best regards,
Johannes