Developer forum

Does anyone have any ideas on this? I'm sure I'm missing something dumb. Probably a setting to turn on or something.

Hi Scott,

I am experiencing the same as you. I'd expect it to work too :(

Hi Scott

File publisher does not look at the file permissions - you can add a call to Dynamicweb.LoginHandler.HasAccessToFile to check permissions in your Razor template, but only for the file - not the folder. Before the permissions will take effect, you need to register the root folder in the control panel for user management, see dump #1.

Also remember to disable read access to the files in IIS.

Search weighted will honor the permissions.

BR Nicolai

Hi Nicolai,

There is no Dump #1 :)

Any way we can access the permissions in the template?

Thanks,

Adrian

Hi Nicolai,

I'm working on this with Adrian, so he'll test it out. We may have more questions on how to best extend the File publisher to support file permissions since it's a key component for this project, for folders and files. We'll see what we can do with the dump #1 and take it from there.

Regarding the read access to the files in IIS, Adrian mentioned something about that too. Why would we do that if files are read by some users and not other users? Removing access to the files in IIS seems like something that would block access for all users and not just some Dynamicweb users. Is that right, or am I overlooking something?

Thanks,

Scott

Here is dump #1 :-)

@Adrian. You can call Dynamicweb.LoginHandler.HasAccessToFile

@Scott. If files can be read like /Files/VerySecretFolder/ForYourEyesOnly.pptx, IIS will serve it without asksing Dynamicweb. So you have to remove iis read access to that folder. Dynamicweb will then serve the files using /admin/public/dwsdownload.aspx that will handle permissions.

I can see that this behavior might be a little pre-integrated mode related - we could maybe/probably configure IIS so we could check permissions from one of the global.asax events instead.

I can have someone checkout if there are any performance issues of adding permissions checks to the filepublisher module so you do not have to do that in templates.

BR Nicolai

Hi Nicolai,

It would be a nice addition to the functionality if the permissions would already be applied in the filepublisher module.

I can start prototyping the functionality for our project now and maybe update it later witha newer version of the filepublisher?

We will be using DW8 for this project. Do you think the change can be included in one of the future hotfixes for DW8?

Thanks,

Adrian

Hi Nicolai,

That's interesting about the IIS permissions. Now that you explain it, it makes sense, especially pre-integrated mode. 

Thanks for looking into supporting permissions in the filepublisher module. We're also planning to use the Search, weighted module for the search part of our file library, so it would be nice for that to have identical support for permissions.

Thanks,

Scott

@Adrian

As a general rule, we do not add new features to 8 branch anymore unless there is a really good reason. It also depends if it can be merged or has to be recoded on 8.

BR Nicolai

Hi Nicolai,

Understood.

It makes sense.

We'll have to use the template option you suggested until we migrate to DW9.

Thanks,

Adrian

Hi Nicolai,

Adrian and I talked about this and we're ok with that. If you build it for DW9, we can take care of creating a custom module for DW8. The Filepublish module is pretty straight forward. Frontend.vb currently has 245 lines of code, so even if that grows for this extra functionality, we believe that we'll be able to create a DW8 version from your properly done DW9 version.

Is that your approval to do it.  We'll also use the search component along with the file publisher module. If so, what time estimate can you give so that we can plan our project accordingly? 

Thanks,

Scott

Interesting topic. We're currently running into the same problem (I think), but I don't fully understand the answer from Nicolai.

Our files are handled by /admin/public/dwsdownload.aspx, but they are still shown to everyone who has the link. How can I set permissions for files that are in the secure folder? From the documentation I don't get an answer so I expected the "back-end" permissions to work as front-end permissions, but that doesn't seem the case.

Maybe it's the term file publisher, what is meant by that? We've just added files as links through the text editor, where you can select a file in the files folder and it automatically creates the dwsdownload.aspx for it.

Thanks in advance for any help!

Kind regards,

Manon

Hi MAnon,

File Publisher is a module in DW. You can select the folders you want to expose for browsing and download just as you do with the regular File explorer in Windows.

You also have the option to forco download or allow the user to open the file in browser (useful for PDF files).

I don't see how it can solve your case if you add the links in the HTML editor.

You gonna need a custom module to handle permissions after listing the files.

Adrian

You need to set the secure folder under users control panel:

http://doc.dynamicweb.com/documentation-9/platform/advanced-settings/control-panel#2544

The you get a small lock on the root folder, see dump.

You also have to define in IIS that files in that folder cannot be downloaded.

BR Nicolai

Thanks Adrian and Nicolai for your answers.

@Adrian, I don't see a module file publisher. Not really sure how to switch it on..

@Nicolai, we're working in DW 8.9.1.6.  The files folder is the secure folder and has a different icon. From your previous remark that if IIS doesn't allow downloads the files will be handled through /admin/public/dwsdownload.aspx made me think the settings in IIS are correct. However if I just use the link off the file in a clean browser, with no login I still can download the file. However I am not quite sure where I would set the permissions on that file or the secure folder, so I am guessing that's what's missing here.

See the attachment for the file folder icon.

Hi Manon

I believe that is covered in the manual: http://manual.dynamicweb-cms.com/Default.aspx?ID=6617

Ehm, I think we don't understand each other :'( What are you refererring too in the manual, there's nothing about the secure folder there. That part about permissions is about the permissions in the back-end, right? 

In the control panel under users, define the secure folder. Then set permissions on the folder in filemanager. They are both frontend and backend.

See dump... You have to set the secure folder to a subfolder of /Files/Files.

BR Nicolai

Thank you! I selected a folder under files (not just files) and now it works. If I understand and tested correctly, subfolders of the secure folder can't be given other permissions, only the permissions on the secure folder work in the front-end? That would be very useful to shield files for specific groups, users etc. Another way to achieve the same function would be if you could set more then one secure folder.

Hi Nicolai,

I have reached the point where I try this approach.

I have managed to set up the Search Weighted module and now I am trying to check the permissions in the template.

I have looked up the LoginHandler method you suggested and in the API documentation it is marked as Obsolete.

The documentation suggests using CheckFolderAccess but I cannot find this method listed. I could find CheckSecureFolderAccess instead.

Am I missing something?

Thanks,

Adrian

Hi Adrian

The name of the method is changing in 9.3 - hence the comment in the docs. You can still use CheckSecureFolder and that is your only option on 9.2. The method will remain in 9.3

Hi Nicolai,

Thanks a lot. I am afraid I was not clear in my message. We are still using DW8. And probably this project will never be upgraded to DW9. Or at least not very soon.

Thanks,

Adrian

ok, then maybe do not look at the DW9 api docs. :-)

:)

Right. I was convinced I have looked in the DW8 API.

I believe I am confused. I am getting old :)

Adrian

Know the feeling!

For DW8, is it ok to use this method: http://doc.dynamicweb.com/api8/#Dynamicweb~Dynamicweb.Content.Files.Permission~HasAccess.html ? Or this one: http://doc.dynamicweb.com/api8/#Dynamicweb~Dynamicweb.Content.Files.Permission~HasAccessFrontend.html ?

If so, what is the format of the folderName parameter? I mean, it is /jaycodealer/Files/Files/Files Repository/ServiceParts/Publications, /Files/Files Repository/ServiceParts/Publications or just Publications?

Thanks,

Adrian