Developer forum

Forum » Development » Is FilePublisher best choice for document repository?

Is FilePublisher best choice for document repository?

Kurt Moskjær Andersen
Kurt Moskjær Andersen
Reply

Hi,

I need to create a document repository, where customers can login and browse through folders and files.
They should be able to create their own folders from the frontend, as well as upload new files.

The base folder is given by the customernumber, and each customer is not allowed to look into other customers folders.

I've looked into the FilePublisher module and would like to extend this, in order to use the builtin permissions in DW, but as I can see, there is no ability to set permission on folders - only files. Is it better to just use plain FileSystemObject to achieve this?

I'm using DW 9.6.6

--
Best regards
Kurt Moskjaer Andersen


Replies

 
Jeppe Eriksson Agger Dynamicweb Employee
Jeppe Eriksson Agger
Reply
This post has been marked as an answer

Hi Kurt,

There are multiple things to consider when implementing a Document repository in Dynamicweb.

The first thing to be aware of, and the most critical, is that as long as files are present in the Files folder, anyone can access them. With some exceptions, all files in the Files folder are accessible if you know the url for them: <domain.tld>/Files/<your path here>. This, of course, is to make the website work with javascript, css, images and so forth. You would have to do some creative stuff in the Web.config to block the files.

Secondly, while you could use the Secure Extranet Folder feature built into Dynamicweb, I don't think it would solve all your problems. It only allows for a single secured folder and you would have to assign all customers to have access. Which defeats the purpose of having their own segregated folders.

Thirdly, the FilePublisher module is used to publish lists of files in the Files folder, but it doesn't support conditional base paths. What I mean is that while it can show a list, you cannot change the folder it lists based on the current user.

The isn't really anything suitable that comes with Dynamicweb out-of-the-box that fits the request. My recommendation would be to create it from scratch. You could have a separate folder outside the Files folder and block it in Web.config. That way no one can access those files without using your mechanisms.

I hope this helps you to find a solution.

- Jeppe

Votes for this answer: 1
 
Kurt Moskjær Andersen
Kurt Moskjær Andersen
Reply

Hi Jeppe,

Thank you for your answer.

I've done my own investigation since this post and the best way of doing this, is to make a custom solution, where the files are located outside the Files-folder.

I then have to make my own way of permissions-checking, as well as handling the creation of folders.

--
Best regards
Kurt Moskjaer Andersen

 

You must be logged in to post in the forum