Not Honouring Pemissions in V8.3.2
Permalink Browser Info Environment
I have created a folder for each member with view permissions for only that member how ever all files a being listed by the addon on all members pages.
Have checked the permissions and they are correct.
The two test members I have set up can see each others files.
My big concern here is that I already have a site using this addon to display confidential client files based on this method.
It is running V8.1 and V1.0.12 and is working as expected. If i Up date that site to the latest C5 version and update the addon confidential files may be displayed to all members.
Colin
Have checked the permissions and they are correct.
The two test members I have set up can see each others files.
My big concern here is that I already have a site using this addon to display confidential client files based on this method.
It is running V8.1 and V1.0.12 and is working as expected. If i Up date that site to the latest C5 version and update the addon confidential files may be displayed to all members.
Colin
Type: | Discussion |
---|---|
Status: | In Progress |
I believe this is a core change that has removed permissions from File Sets -https://www.concrete5.org/developers/bugs/8-1-0/fileset-permissions-...
It may be possible to adjust the template to check each file, but I haven't tested this yet.
There is a call canViewFile() against each file that adjusts the URL in the template, that might instead be able to more broadly check before even trying to output a file.
It may be possible to adjust the template to check each file, but I haven't tested this yet.
There is a call canViewFile() against each file that adjusts the URL in the template, that might instead be able to more broadly check before even trying to output a file.
Thanks for the prompt reply.
To the best of my knowledge and as per my first post it does work correctly with C5 V8.1 and V1.0.12 of your add on.
Shouldn't it check file permissions as you can over ride set/folder permissions?
Colin
To the best of my knowledge and as per my first post it does work correctly with C5 V8.1 and V1.0.12 of your add on.
Shouldn't it check file permissions as you can over ride set/folder permissions?
Colin
After further testing I have found that although all files in the set are showing files with out view permissions showing "invalid file" when clicking on link.
So the issue is just that all files are showing in the list of available files.
A side note to this is that it also occurs on the Document Library block provided with the core.
Colin