I have been testing/trying to implement elFinder using the private file system rather than the public file system. In this particular distro I am building my private file system resides in /sites/default/private

I will be using this for an Aegir set up, which is beyond the scope of this question, but just in case: In Aegir the private file system resides inside each "site" folder: sites/www.domain.com/private. For dev I am just using the location above.

So it seems everything works except I cannot view or download the files. I see elFinder generates its own .htaccess file using _www as the main user. If I remove the .htaccess and DO NOT reload elFInder I can see the file, but the moment I reload elFinder it generates a new .htaccess and it is back to not being available (forbidden).

In the configuration panel I have sites/default/private/elfinder for Custom Path and /sites/default/private/elfinder for Custom URL, set to Relative.

So I am trying to figure out how can I mod this puppy so the private file system works: Not accessible to non-users but the logged in users can actually download and view the files.

Any chance I could get some info or hints on what could be modified to make this happen? Or maybe I am missing something....

Comments

3rdLOF’s picture

3rdLOF commented

A corrections to the initial post: elfinder DOES NOT generate the .htaccess file as I thought.

It appears that elFinder uses an unmanaged file system, that is, is not included in the database's file table and thus has no awareness of the download methods.

I tried looking into applying the hook_file_download_access()

http://api.drupal.org/api/drupal/modules--file--file.api.php/function/ho...

But I think this goes beyond my current skills. I tried looking at how other file management modules implement this, Media module being the most complete and D7.

Without this, elFinder cannot be used for managing private files and leaves all files exposed to anonymous users.

ph0enix’s picture

ph0enix commented

Hi.

As I know .htaccess creating by Drupal core function file_check_directory() - and it is for security purporses. This function used at:

/**
  * prepare directory for files
  */
function elfinder_prepare_directory($directory) {
  $rc = NULL;

  if (VERSION < 7) {
    $rc = file_check_directory($directory, FILE_CREATE_DIRECTORY);
  }
  else {
    $rc = file_prepare_directory($directory, FILE_CREATE_DIRECTORY);
  }

  return $rc;
}

elFinder have 2 filesystem connector options:

1. root - Path to root directory. Required parameter
2. URL - URL of root directory. Required parameter

If you want to use Private File System, you should set directory to private directory path and url to private file downloader script like http://localhost/getfile.php?file=path/to/file (I didn't discovered Drupal API about that so don't know how it implemented there). So when you will insert link to wysiwyg editor for example, unregistered user can't load file since wrapper will reject access for unauthorized user. If you want to resirict file viewing in browser too, you should set access control options depending on current user using 'perms' php connector setting.

http://elrte.org/redmine/projects/elfinder/wiki/Connector_Configuration_...

Filesystem connector configuration setting at elfinder_connector() in elfinder.module

ph0enix’s picture

ph0enix commented

BTW, currently I'm working on elFinder hooks implementation, so it can simplify module extending.

ph0enix’s picture

ph0enix commented
Status: Active » Fixed

Since Mar 13 dev version elFinder has generic hook api. See elfinder_bueditor and elfinder_ffs submodules for example.

3rdLOF’s picture

3rdLOF commented

Thanks for the info, though I am not sure how to implement any of it nor how it all ties together. They way I understand it is that all elFinder files are unmanaged files, and thus Drupal has not means to track access and who can view the files. I am not as concerned so much with the editor use as much as keeping all elfinder files private, otherwise all files would be available to anonymous users with a simple link to the file.

But aside from this, I cannot seem to get elFinder to work with all set ups except when setting all the "Public" as far a Quick Preview, viewing the file or downloading it. Here is all the combos I tried.

All these tests done with brand new directories and files for each to make sure it was all clean.

-----------

A) WIth File System set to Public Files. (sites/default/files) - Public local files served by the webserver.

1- elFinder set to Use system defaults (sites/default/files)
2 - I access elFinder via http://drupal7/admin/content/files
3 - Upload an image file.

Everything works "Preview with Quick Look" shows the image file, path and text of link is correct and clicking file link or double clicking file icon show the actual image as - BUT every single directory also under "files" is listed, something we certainly do not want as that would allow users to access to other file folders for system-only things like Backup & Migrate, Sweaver, Ctools folders, fontyourface, etc. Stuff we want to keep registered users from accessing.

In addition to this -as explained above- the files are accessible to anonymous users even if elfinder is not.

This works but it limits it usability greatly.

--------------

B) WIth File System set to Public Files. (sites/default/files) - Public local files served by the webserver. - Same as A

1- elFinder set to Specify custom path (sites/default/files/elfinder OR %files/elfinder). This would set elFinder root to use ONLY the "elfinder" folder inside files, which would solve he problem mentioned above by giving elfinder its own unique directory.
2 - I access elFinder via http://drupal7/admin/content/files
3 - Upload an image file.

Now the root directory works as intended - only elfinder content is accessible, BUT:

- Preview with Quick Look shows no image.
- Text of link in "Preview with Quick Look" is correct (sites/default/files/elfinder/test_project.png) but the link itself is incorrect: http://drupal7/admin/content/sites/default/files/elfinder/test_project.png This makes elfinder show the content page instead of the actual file when clicking on the Preview with Quick Look or double clicking the file itself. In both cases the popup works fine, but it just sends me back to the "content" page. No image.

----------

C) WIth File System set to Private Files. (sites/default/private) Private local files served by Drupal.

1- elFinder set to Use system defaults (sites/default/private). This would set elFinder to use ONLY the "private" folder, which still shows other folders show and does not give its own unique root, but just to test it
2 - I access elFinder via http://drupal7/admin/content/files
3 - Upload an image file.

- Preview with Quick Look shows the generic icon.
- Text of link in Preview with Quick Look is incorrect (system/files/elfinder/test_project.png) and the actual link is also incorrect: http://drupal7/system/files/elfinder/test_project.png This make elfinder show a Page Not Found when clicking on the Preview with Quick Look or double clicking the file itself. In both cases the popup works fine. No image.

----------

D) WIth File System set to Private Files. (sites/default/private) Private local files served by Drupal.

1- elFinder set to Specify custom path (sites/default/private/elfinder OR %files/elfinder). This would set elFinder to use ONLY the "elfinder" folder inside "private" with its own unique root.
2 - I access elFinder via http://drupal7/admin/content/files
3 - Upload an image file.

Now the root directory works as a unique root directory BUT:

- Preview with Quick Look shows the generic icon.
- Text of link in Preview with Quick Look is correct (sites/default/private/elfinder/test_project.png) but the actual link is not: http://drupal7/admin/content/sites/default/private/elfinder/test_project.png This make elfinder show the content page again when clicking on the Preview with Quick Look or double clicking the file itself. In both cases the popup works fine, but it just sends me back to the "content" page. No image.

----------------
In ALL cases changing the Selected file url type makes no difference as in for far as the errors listed above.
In ALL cases clearing the cache make no difference neither. (Don't know that it should, but just in case)

I also try combining the public/private file systems (eg Setting the file system to "public" but the elfinder to private) with the same results.

I hope all this makes sense.

3rdLOF’s picture

3rdLOF commented

This post was HEAVILY edited after its initial post. If you are reading this via email and not getting the edits, please recheck it to make sure the final version as the original was missing one test and had some mistakes and formatting issues.

3rdLOF’s picture

3rdLOF commented
Status: Fixed » Needs work
nuez’s picture

nuez
Primary language Dutch
Location Madrid, Spain
commented

I´m also interested in the possibility to use a private file system in Elfinder.

I have been trying to figure out how this works. I have set up de ELFINDER, with a custom url "private://"

When trying to open the file in the ELFINDER it will lead to : private://name_of_file.ext. So if the file you are trying to download is registered as a private file by drupal, (it will be in the field_managed table), it works like a charm. That might be the case if you have already uploaded the file via a private file field of a node.

Nevertheless, uploading new files through the ELFINDER will not create 'file objects' in DRUPAL. I don´t know how exactly the ELfinder module works, but the trick might be to add a 'file_save' function when the file is uploaded, that creates a record of the file in the databases of Drupal. Same thing when the file is modified, copied or moved.

NOW: i´ve seen in the latest DEV version of the module that there is already such a modification (file_save on file save, line 329), so i guess you are working on it,

ph0enix’s picture

ph0enix commented

Now there are new elFInder 2.0 in development which have powerful extension api and will support more interesting features like filesystem mount, drag and drop file uploading.

So for now my priority is 2.0 compatible module. Currently I have working module for 7.x which is supporting both public and private filesystems, all file operations using Drupal File API, so all changed files have records in database.

Currently elFinder 2.0 development version is not suitable for end user so I'm not publishing it.

Snicers’s picture

Snicers commented

I am having these same issues. I am told that it is because elFinder is trying to deliver the private files in a public manner. Is there a fix or guide to using elFinder to create private files and manage them?

c4rl’s picture

c4rl commented
Status: Needs work » Postponed

Seems like the status should be postponed since this issue allegedly depends on elFinder 2.0.

nonprofit’s picture

nonprofit commented

@ph0enix,

What is the status of elFinder 2.0? I'm specifically interested in using it within a private file system.

Thanks!

ph0enix’s picture

ph0enix commented

2.0 integration is still under development. It will support private filesystem, multiple root directories and per role profile assignment. Development version will be published when it will be suitable for public testing.

nonprofit’s picture

nonprofit commented

Thanks for the update.

hlan’s picture

hlan commented

+1

hosais’s picture

hosais commented

+1

ph0enix’s picture

ph0enix commented
Version: 7.x-1.x-dev » 7.x-2.x-dev
Status: Postponed » Active
ph0enix’s picture

ph0enix commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.