Ticket #409 (closed Enhancement: fixed)

Opened 8 years ago

Last modified 7 years ago

disable fileupload?

Reported by: JuergeN Owned by: jri
Priority: Major Milestone: Release 4.1
Component: DeepaMehta Standard Distribution Version: 4.0.14
Keywords: Cc: dgf, Malte
Complexity: 2 Area:
Module: deepamehta-files

Description

Fileupload is a nice feature, but is there a way to disable it? I still want to display /present files in the file dir, but I do not want users to be able to upload new ones.

Also, if enabled one should be able to define a limit for maximum filesize i.m.o..

Change History

comment:1 Changed 7 years ago by jri

  • Status changed from new to accepted
  • Cc dgf, Malte added
  • Complexity changed from 3 to 2
  • Module set to deepamehta-files
  • Milestone set to Release 4.1

Yes, file operations should be a matter of access control.

It would perfectly fit the existing Access Control mechansim:

  • Allow "Create Folder" only if the current user has CREATE permission for the "Folder" type
  • Allow "Upload File" only if the current user has CREATE permission for the "File" type

Realize it this way would be easy.

So, guest users would not be able to upload files and create folders. Also for logged in users file operations could be access controlled by workspace assignments: to disable file operations for certain users you can assign the user to a workspace the File/Folder? types are not assigned to.

Just a side note: I don't like file size limits because this a purely technical measurement with no real connection to user work. If someone wants deliberately abuse the system as file storage she can do anyway. For normal users on the other hand file limits just hinder workflow.

Thanks JuergeN for bringing this up!

comment:2 Changed 7 years ago by Jörg Richter

Files plugin: enable access control (#409).

File operations are matter of access control:

  • "Upload File" is enabled only for users who have CREATE permission for the "File" type.
  • "Create Folder" is enabled only for users who have CREATE permission for the "Folder" type.

Thus, by default guests can neither upload files nor create folders.
For logged in users file operations can be access controlled by workspace assignments: to disable file operations for certain users you can assign the users to a workspace the File/Folder? types are *not* assigned to.

See ticket 409.

comment:3 Changed 7 years ago by jri

  • Milestone changed from Release 4.1 to Release 4.2

comment:4 Changed 7 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed
  • Milestone changed from Release 4.2 to Release 4.1

Realized in 4.1

Note: See TracTickets for help on using tickets.