Versions Compared

Old Version 6

changes.mady.by.user Blair McKenzie

Saved on

compared with

New Version Current

changes.mady.by.user Geoff Bowers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Mockup
Status change flow
Status change flow
Version11
NameStatus change flow
Mockup
Delete flow
Delete flow
Version11
NameDelete flow
Mockup
Security change flow
Security change flow
Version3
NameSecurity change flow

Examples

Hopefully this section will give you some ideas of what these changes are are good for and how to use them.

Case 1: Secure the entire file library to Member users

  1. Create a dmFileView permission
  2. Assign the dmFileView permission to Member

Once this is done, future uploaded files should be uploaded to the secure file directory and automatically restricting access to Member users. The action of creating the dmFileView permission should also prompt FarCry to move all public files to the secure file directory.

Case 2: Secure some files to Member users

  1. Extend farBarnacle into your project
  2. Override the ftJoin attribute on the referenceid property to include "dmFile"
  3. Update the COAPI metadata, or use updateapp
  4. Edit the "View" permission, and add File to the list of types that it applies to
  5. Extend dmFile into your project
  6. Add a property: <cfproperty ftSeq="40" ftFieldset="Access" name="viewPermission" type="boolean" hint="Dummy field to control view permissions" required="no" ftLabel="Access" ftType="permissions" ftPermissions="View" bSave="false" />
  7. Deploy the new property from the Admin webtop tab

Let's review what is happening here:

  • In steps 1-3 we are setting up the security system to allow you to add permissions to specific file objects - object permissions.
  • In step 4 we have added the View permission to dmFile. The risk with doing this is that now NO-ONE has permission to view any file - not even the SysAdmin users. Typically this is something you will at the start of a project, not after users have already been uploading files.
  • Steps 5-7 add a permission controller to the file edit form. You may have already seen the Manage Permissions page that allow you to restrict access to parts of the site tree. This page is available for every object that has object permissions set up. But to access it for a file you need to 1) Go to the file overview page 2) Click on the Miscellaneous pane 3) Click Manage Permissions 4) Choose the role you want to change 5) Change the permission 6) Click Save. By adding this dummy property with the permissions formtool, you provide users with a way to manage access to the file like they edit any other property.

Unfortunately there isn't any way to automatically grant a permission to a role, like SysAdmin, for new objects. Eventually we will add a ftDefaultRoles attribute (or something (smile). Until then there are the following approaches:

  • Add a afterSave function that adds these permissions
  • Train your users to always select SysAdmin and SiteAdmin as well as the user roles they need to specify
  • Give your SysAdmin users every role

Case 3: Open the entire file library

This is the default setup of core. All draft files are stored in the secure file directory, and are moved to the public directory on approval.