I would love to see this module have instead of just role access control but also have user access control over the users file folders that are created with this module . This would allow for a feature I believe is becoming more and more popular on the web and that is file or Project Collaboration such as with Video, Graphic and Audio files. When you have a site with multiple users you may not want everybody to share files instead you may only want a few users to have access to each others folders so they can work privately on a project. These users also need the ability to set these privately shared folders up themselves without being full administrators also. I would like to see when you try to open the folder of say another user, this action would prompt for a key to enter into it. This key could be assigned by the owner of that folder and they could pass that key around to other user on the site via PM or chat etc. Any idea if this can be added to this module.

Thanks in advance, Eric

Comments

hugafish’s picture

hugafish commented

Unless I missed this somewhere else, If I set The maximum size of a file a user can upload (in megabytes) to 1 and The maximum size of all files a user can have on the site (in megabytes)to 10. This program still lets me upload an mp3 file that is 3.9 megabytes in size. I have the php.ini set to allow for 5 megabytes for my other audio upload module I use on the main parts of my site. I would like to keep this php.ini setting to this because users upload entire songs on my site, the WebFM feature is for a more private file collaborating area where I want the files to be set to not exceed 1 megabyte in size and the total allowance of accumulative file uploads to not exceed 10 megabytes. I have also set the file type to allow for mp3 files.Is there something else I need to do in order to have this work because right now it's set to the above figures but it still allows for a 3.9 megabyte upload. Help please, thanks Eric.

hugafish’s picture

hugafish commented

I found the problem to this and it was that I was logged in as admin and the admin over rides the settings of the webfm file size limitations and uses the php.ini settings instead, I guess this is ok since it is the admin user that is the only one effected. If I log in as normal or premium user role types on my site, the file setting limitations work fine.

Danai-1’s picture

Danai-1 commented

Hi!

I'd like to suggest something similar: a full integration with the Taxonomy Access module.

Because now Anonymous users can try "/webfm_send/XXX" untill they get what they want. Even though I have set the root directory for Anonymous users to public/, they can still gain access to directories of other roles.

I would also like to see support for directories *outside* public_html/ or wherever Drupal is installed; now WebFM complains that directory paths can't start with a slash '/'. This way, you don't have to worry that people can actually download files by trial and error, and only allow downloads if Taxonomy Access gives the user permission.

Cheers!

/Danai

hugafish’s picture

hugafish commented

Hi Danai, is this Taxonomy Access module going to crash my system if I install it? and if not does it mean that all my other modules will work as is if I install it. I am using AjaxIM Module for chat, webFM Module, Audio Module for Audio file uploads,Cafe Press Module,Invite Module,Account Reminder Module,Activity Module,Admin Message Module,Flash Video Module,Inactive User Module,Token Module,Webcal Module(inoperative at the moment),SWFtools Module with the Wijering Flash players,Buddy List(especially Important for my site),Captcha Module,Views Module,Voting Module and most of the core components including taxonomy included with Core Module. I have tested all of these components for awhile now on my site, went active(live) and now have a growing user base. I can't afford down time to restructure an already live site. Can I install this module like I have all of the other Modules and everything just kinda fits into place so far with most of them. Is this one like that too? I glanced at the taxonomy access Module page and noticed tac_lite module for individual user control they mentioned? Also what about that core Taxonomy thing is that something different? Please help out with a little more detail if you can, is there a tutorial on this Taxonomy access control module somewhere. I'm not a programmer and I haven't quite figured out the snippets stuff yet, every time I think I'm following the directions to one of those snippet tutorials my site crashes with errors, so I would like to stay away from modules that require tweaking PHP with snippets. I'm using Drupal 5.X. Any help with this will be greatly appreciated.

Thanks, Eric

Danai-1’s picture

Danai-1 commented

[The Drupal Handbook or Howto will help you further, as well as the main page of the Taxonomy Access module.]

I have Taxonomy Access in Drupal 5.x, and it works like a charm with Page and Story. The Event module doesn't support TAC. I use or have used TAC in conjuction with some of the modues that you mention (WebFM, Captcha, Views), and it didn't interfere. WebFM doesn't use TAC. TAC is also useful for Views: you can easily bring together certain published nodes that are only viewable for a specific target audience.

The core Taxonomy module allows you to put "tags" for each node. Drupal uses weird and awkward terminology for its features, but that's basically what taxonomy is all about: you create a few groups ("categories") like "Composer", "Country", "Era", "Instrument", etc. Such a group is called a "vocabulary" (list). In the vocabulary called "Instrument" you could put "terms" like "piano", "organ", "voice", "piccolo", etc.

The Taxonomy Access module allows you to have fine-grained access control for your nodes: you create for example a vocabulary like "Audience", and you have terms like "Administrator", "Group1", "Group2", "Authenticated", "All". And another vocabulary such as "Message type" with terms like "Admin content", "Group1 content", "Group2 content", "Public message", "Finance" (only for admins and those of group1; group2 can only read it, e.g.), "White paper" (public), "Dissertation" (only readable for group2), etc.

When you switch on the TAC module, every node will be unreadable by default for the regular user (you could make it readable by default in the TAC settings in the Users menu), so you'll have to go through all of the nodes to apply the settings you want. You could automate this through some basic SQL commands (see the drupal.org website for enough SQL examples that give you an idea).

As previously written, TAC integrates well with Page and Story, and Views (and derivatives like Views Tabs, etc.). However, it doesn't mean that it's integrated into every module; in fact, only a few things support it, but most of the core functions work nicely. If only Drupal (5.x) had TAC as a core module; it would have simplified things a lot more when it comes to access permissions and such, so every contributory module could take advantage of it.

I'd like to see something like Disknode or WebFM having a true ACL system, and I think that the quickest and easiest way would be to integrate TAC within the module. I know WebFM is only meant to be an administrator tool, not as a complete replacement for Drupal's somewhat slimmed down file exchange system, but I see that many people do use it as some kind of public repository system.

Cheers

/Danai

Danai-1’s picture

Danai-1 commented

I stand corrected: Disknode is fully compatible with Events as well. Silly me, I forgot to allow Disknode being attached to content types such as Events.

/Danai

hugafish’s picture

hugafish commented

I'll look into the TAC further and thanks for the insight also, very much appreciated. For my site so far I have no reason to block blog, audio,forum, book, story or page content, it's basically a straight forward CMS where all of that stuff is concerned. I am very desperately trying to find a way in short of programming my own perl and Mysql file access system(the only programming I barely understand) to get this privatized file sharing thing to happen. I was hoping that the webFM could be used, it really is slick. I will have to learn a great deal more though on how all of these things work before I could even think to tackle a programming task like this. I think a module called the buddy file system would be a great task for some of you existing Drupal programmers out there reading this post. A file system that allows access to a users personal file system by that users buddies only and also a select group of those buddies also would be absolutely necessary, with limitation settings etc. Just a creative thought I felt like throwing out here, I'm sure it's been thought of or mentioned somewhere else before. Thanks again Danai for all of the help, I will look into this more and I'm going to check out that Disknode thing too.

Eric

robmilne’s picture

robmilne commented
Status: Active » Closed (works as designed)

Because now Anonymous users can try "/webfm_send/XXX" untill they get what they want.
This has been fixed in 5.x--2-2.

Allowing users to create directories is possible as is a public/private flag for files, however I am supposed to be retired from this project and I won't be implementing these features. I jumped in to make this rev simply to address a glaring security hole wrt the webfm_send func.

hugafish’s picture

hugafish commented

What would it take for you to implement this feature, or could you possibly pass this idea on to another friend perhaps maybe. I know what you mean though and would not expect you to come out of your retirement just to do this feature. At least that is great news to hear that it could be done and maybe someone could take that challenge on, that would be great. Thanks for chiming in with this good news. Eric

robmilne’s picture

robmilne commented

I am too busy with other projects to continue dev of the module. If and when another maintainer takes hold of the reins who is willing to advance the module I'll advocate for these features. In the meantime nothing is stopping anyone from submitting a patch to implement any functionality.

hugafish’s picture

hugafish commented

Awesome help I will ask around to see if someone is willing to do this for me and of course that would include everyone else as well thanks and I totally understand what it means to have a plate full of projects. Again thanks robmilne for all of your help.

Eric

Danai-1’s picture

Danai-1 commented

Three cheers for robmilne! Thanks for fixing it; I certainly appreciate it!

/Danai