rejetto forum

Limit Folder List by Account

bobwolfson · 4 · 1687
« previous next »
Pages: 1

0 Members and 1 Guest are viewing this topic.

Offline bobwolfson

  • Occasional poster
  • *
    • Posts: 10
    • View Profile
on: August 03, 2015, 11:47:47 PM
I'm looking for a way to configure/alter HFS so that (a) until an account logs in no files/folders are displayed in the list, and (b) after logging in the account should see only those folders to which it has access.

I'm working in a business that receives data files from each of our customers every quarter.  We have a main share on our network where these files need to go, and within it a folder is allocated for each customer:

MainShare
   Customer1Data
   Customer2Data
   ...

I'd like to use HFS to create 1 account per customer, and give each account Upload rights only to their folder in the share.  But I don't want a customer to even see that there are folders for other customers - our customers should not be aware of who our other customers are.

E.g. when Customer1 surfs to our HFS site, he should only initially see a login challenge - no folders/files.  Then after he logs in, he should only see Customer1Data.  At no time should he see that there even exists a Customer2Data folder.

In general, I don't want to be limited to 1 folder per customer.  That is, maybe Customer1 should have access to 2 folders for their data: Customer1SalesData and Customer1InventoryData.  Until they login to their account, they should see neither (i.e. no folders at all).  After they login, they should see only these 2 folders.  And at no time should any account that doesn't have permissions for either of these folders be able to see that they exist.  (Note that some accounts, i.e. "administrative" accounts, should be allowed to have access to and see all the folders.)

Can something like this be done?


Offline bobwolfson

  • Occasional poster
  • *
    • Posts: 10
    • View Profile
Reply #1 on: August 04, 2015, 03:33:02 PM
I think I figured it out for myself.  Perhaps there's a better way, but I changed the template section responsible for building the rows in the file/folder list.  Basically, I surrounded each piece of the list with:

{.if|{.and|{.get|can access.}|{.length|%user%.}.}| ...  .}

I.e., I only add a piece to the list if a user is logged in ({.length|%user%.}) and if the user can access the folder/file ({.get|can access.}).

The full section of list-building code now looks like this (new code in blue):

[file=folder=link|private]
{.if|{.and|{.get|can access.}|{.length|%user%.}.}|
   <tr class='{.if|{.mod|{.count|row.}|2.}|even.}'><td>
        <input type='checkbox' class='selector' name='selection' value="%item-url%" {.if not|{.or|{.get|can delete.}|{.get|can access.}|{.get|can archive item.}.}|disabled='disabled'.} />
      {.if|{.get|is new.}|<span class='flag'>&nbsp;NEW&nbsp;</span>.}
      {.if not|{.get|can access.}|<img src='/~img_lock'>.}
      <a href="%item-url%"><img src="%item-icon%"> %item-name%</a>
      {.if| {.length|{.?search.}.} |{:{.123 if 2|<div class='item-folder'>{.!item folder.} |{.breadcrumbs|{:<a href="%bread-url%">%bread-name%/</a>:}|from={.count substring|/|%folder%.}/breadcrumbs.}|</div>.}:} .}
      {.123 if 2|<div class='comment'>|{.commentNL|%item-comment%.}|</div>.}.}

[+file]
{.if|{.and|{.get|can access.}|{.length|%user%.}.}|<td>%item-size%B<td>%item-modified%<td>%item-dl-count%.}

[+folder]
{.if|{.and|{.get|can access.}|{.length|%user%.}.}|<td class='nosize'>folder<td>%item-modified%<td>%item-dl-count%.}

[+link]
{.if|{.and|{.get|can access.}|{.length|%user%.}.}|<td class='nosize'>link<td colspan='2'>.}


(Note the change in red altered the display so the lock symbol only appears next to things the user doesn't have access to.  But this change was mooted by the larger change - since things the user can't access aren't displayed at all!)

A minor issue with this mod is that the code that colors even/odd rows differently (<tr class='{.if|{.mod|{.count|row.}|2.}|even.}'>) references the count within the total file/folder list, not the list filtered by whether the user has access or not.  As a result, the list's rows don't alternate colors as intended. 

If anyone sees a reason why this won't fly, or if anyone knows of a better way to accomplish the desired behavior, please let me know.

Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2059
    • View Profile
Reply #2 on: August 04, 2015, 03:59:07 PM

your solution is viable but too difficult to manage

the account should see only those folders to which it has access.
Menu> Virtual File System> List protected items only for allowed users

create your directories and for each change its properties to allow only those accounts that have rights of view and write,
 if more than one person should have the same access to a specific directory, it is more simple to create a GROUP for this directory with the correct access rights,
 then just add the member to this group to enjoy the same rights on the directory by inheritance group permissions

To force the loging before the user can access resources in the default template, you can make any modification to create your home page in a specific section [login-link], and once connected the user will have access to the page resources through section [login-link]

See attached tpl from build 2.3e as example


Offline bobwolfson

  • Occasional poster
  • *
    • Posts: 10
    • View Profile
Reply #3 on: August 04, 2015, 07:19:55 PM
OK, that's much easier!  Thank you.

Pages: 1