Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

SecureFiles 0.21 Released - Testers + Translations please!

Go to End

44 Posts   8375 Views


Community Member, 712 Posts

4 March 2010 at 10:47am

Edited: 04/03/2010 10:51am

Hi all,

There is a new SecureFiles (v0.21) available here:

There have been a number of improvements:

You can now apply decorators in your _config to decide how you want Secure Files to manage permissions. From the base install, only ADMINS and users with the SECURE_FILES permission will be able to access secure files. You can then apply the Group Permission Decorator or Member Permission Decorator (or both) to add the functionality you want.

It's also easy to extend - simply create a new decorator that implements canViewSecured() and you can add new permission systems.

Should be compatible with 2.3.x and 2.4b

Translations would be welcome.

Future enhancements:

  • -Time restricted permissions
  • -Auth Token permission - provide an auth token to access a particular file. Useful for 'paid content' systems
  • -Access logging
  • -GUI improvements within the CMS

Note: this is not the same module that is available via or

See latest updates at:
tickets etc at:



Administrator, 89 Posts

6 March 2010 at 3:49pm

What are the main differences between this and the one available via


Community Member, 712 Posts

6 March 2010 at 5:15pm

The one is a fork of an earlier version - I don't know who is responsible for ongoing maintenance.

The version available at has a number of modes of operation and is 'developer friendly' in that you can add new permission rules easily. I'm also making sure it is v2.3 and v2.4 compatible.


Forum Moderator, 4102 Posts

9 March 2010 at 10:20am

Okay, Hamish, I'm officially confused. I'd really like to use this module to prevent the public from browsing a folder that is full of resumes uploaded from a contact form. I have gone to the Security tab, with your two decorators enabled in the _config.php, and I set the permissions to a single member, but I can still browse to /assets/Uploads/myfile.pdf and download. Is there a step that I'm missing?


Community Member, 712 Posts

9 March 2010 at 1:05pm

Have you ticked "folder is secure" and saved the folder? This will write an htaccess file that sets up the required rules.

Also, you'll still have access if you're an Admin user.


Community Member, 323 Posts

9 March 2010 at 10:32pm

Hi Hamish!

I haven’t found the time to test the module, so the following translations lack context, but they should be good enough for the moment. I’ll update they later if needed. BTW, there’s a typo in the comment MEMBER PERMISSION.

@UC: I’ll send you French and Spanish translations for some of your modules… waiting for an appropriated rainy Sunday!

Best regards,


Forum Moderator, 4102 Posts

10 March 2010 at 7:48am

Hi, Hamish,

Yes, the folder is marked as secure. Here's the .htaccess in my secure "Uploads" folder:

RemoveHandler .php .phtml .php3 ,php4 .php5 .inc
RemoveType .php .phtml .php3 .php4 .php5 .inc
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteRule (.*) sapphire/main.php?url=%1&%{QUERY_STRING} [L]

Is that right?


Forum Moderator, 4102 Posts

10 March 2010 at 8:07am

Never mind... I get it now.. I must have been logged in as an admin. Very nice module, Hamish! We'll be rolling this out everywhere.

Go to Top