Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

SecureFiles 0.21 Released - Testers + Translations please!


Go to End


44 Posts   11566 Views

Avatar
Hamish

Community Member, 712 Posts

4 March 2010 at 10:47am

Edited: 04/03/2010 10:51am

Hi all,

There is a new SecureFiles (v0.21) available here:

http://silverstripe.org/secure-files/

There have been a number of improvements:

You can now apply decorators in your _config to decide how you want Secure Files to manage permissions. From the base install, only ADMINS and users with the SECURE_FILES permission will be able to access secure files. You can then apply the Group Permission Decorator or Member Permission Decorator (or both) to add the functionality you want.

It's also easy to extend - simply create a new decorator that implements canViewSecured() and you can add new permission systems.

Should be compatible with 2.3.x and 2.4b

Translations would be welcome.

Future enhancements:

  • -Time restricted permissions
  • -Auth Token permission - provide an auth token to access a particular file. Useful for 'paid content' systems
  • -Access logging
  • -GUI improvements within the CMS

Note: this is not the same module that is available via svn.silverstripe.com or open.silverstripe.com.

See latest updates at: http://polemic.net.nz/svn/silverstripe/modules/SecureFiles/trunk/
tickets etc at: http://polemic.net.nz/trac/

Regards
Hamish

Avatar
Marcus

Administrator, 89 Posts

6 March 2010 at 3:49pm

What are the main differences between this and the one available via svn.silverstripe.com?

Avatar
Hamish

Community Member, 712 Posts

6 March 2010 at 5:15pm

The silverstripe.com one is a fork of an earlier version - I don't know who is responsible for ongoing maintenance.

The version available at http://silverstripe.org/secure-files/ has a number of modes of operation and is 'developer friendly' in that you can add new permission rules easily. I'm also making sure it is v2.3 and v2.4 compatible.

Avatar
UncleCheese

Forum Moderator, 4102 Posts

9 March 2010 at 10:20am

Okay, Hamish, I'm officially confused. I'd really like to use this module to prevent the public from browsing a folder that is full of resumes uploaded from a contact form. I have gone to the Security tab, with your two decorators enabled in the _config.php, and I set the permissions to a single member, but I can still browse to /assets/Uploads/myfile.pdf and download. Is there a step that I'm missing?

Avatar
Hamish

Community Member, 712 Posts

9 March 2010 at 1:05pm

Have you ticked "folder is secure" and saved the folder? This will write an htaccess file that sets up the required rules.

Also, you'll still have access if you're an Admin user.

Avatar
Juanitou

Community Member, 323 Posts

9 March 2010 at 10:32pm

Hi Hamish!

I haven’t found the time to test the module, so the following translations lack context, but they should be good enough for the moment. I’ll update they later if needed. BTW, there’s a typo in the comment MEMBER PERMISSION.

@UC: I’ll send you French and Spanish translations for some of your modules… waiting for an appropriated rainy Sunday!

Best regards,
Juan

Avatar
UncleCheese

Forum Moderator, 4102 Posts

10 March 2010 at 7:48am

Hi, Hamish,

Yes, the folder is marked as secure. Here's the .htaccess in my secure "Uploads" folder:

RemoveHandler .php .phtml .php3 ,php4 .php5 .inc
RemoveType .php .phtml .php3 .php4 .php5 .inc
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteRule (.*) sapphire/main.php?url=%1&%{QUERY_STRING} [L]

Is that right?

Avatar
UncleCheese

Forum Moderator, 4102 Posts

10 March 2010 at 8:07am

Never mind... I get it now.. I must have been logged in as an admin. Very nice module, Hamish! We'll be rolling this out everywhere.

Go to Top