By mattmm on

I'm looking for feedback from anyone that has setup WebFM or a similar module with user/group view/edit permissions.

Example: Sales group has 3 members. They have their own file store where only the 3 of them have access. However, Tom in the sales group is also the VP and needs access to Support and Accounting File stores.

Is this possible with any of the current file manager mod's or in a combination of mod's? Thanks in advance.

Categories: Drupal 5.x

Comments

Jeff Burnz’s picture

Jeff Burnz commented

I think for Webfm you would have give tom a special role (say VP) and have his root folder higher up than both Sales, Support & Accounts.

Would have to look something like this:

VP
- Sales
- Support
- Accounting

Sales, for example, would have their root folder set as VP/Sales, whereas Toms root folder is just "VP".

www.sitespring.eu

Pimp your Drupal 8 Toolbar - make it badass.
Adaptivetheme - theming system for people who don't code.
mattmm’s picture

mattmm commented

I didn't realize you could give roles, different root folders. Guess I will have to dig around more to find that. Thanks for your help!

mattmm’s picture

mattmm commented

Ah I see it now. Now the question is, what if I wanted to give someone access to a particular group, but not in a hierarchal order like your VP top down approach. I'm wondering if actually symlinking folders of the file system would work...time to give it a shot, more to come later.

Jeff Burnz’s picture

Jeff Burnz commented

Let us know it that works or you come up with an alternative solution, be interested to hear about that.

www.sitespring.eu

Pimp your Drupal 8 Toolbar - make it badass.
Adaptivetheme - theming system for people who don't code.
mattmm’s picture

mattmm commented

OK here is what I've got so far...

I created an admin for every group and a role to match. Then created every user with a matching role for their username. First create the 'root' or 'home' directory for the group admin, then create the same home directories below the group admin; to be used for the individual users. Logging in with the user admin, yields the individual user accounts under the admin. Also, symlinking the group folder to a user's home directory also works - it's just clunky.

Obviously, this doesn't scale well - would probably be better if you could give multiple roles in webfm to an individual user. Has anyone else tried to tackle this before?

robmilne’s picture

robmilne commented

Some basic rules for users in a role with 'access webfm' rights:

  • The role root directory defines the domain and all subdirectories are accessible to the user.
  • The user cannot navigate above the role root directory.
  • Only files in the webfm_file table are accessible. Files uploaded by the user are owned by the user and are automatically in the database. Only module admins can view/operate on files not in the database.
  • The user has full control over files that he/she owns that stay within the root domain. File permissions can be locked down so that only the owner/admins can see or operate on a file. File permissions can be opened up so that anyone within the role can view or operate on the file.

Roles can be subsets of roles or they can be exclusive. Users can be members of multiple roles and will consequently have a separate left-hand tree for each unique root directory (roles can share the same root directory).

Example: Sales group has 3 members. They have their own file store where only the 3 of them have access. However, Tom in the sales group is also the VP and needs access to Support and Accounting File stores.

Create a unique 'Sales' role for the 3 people. Give that role 'access webfm' rights and setup a unique root directory that is directly beneath webfm root for this role in webfm settings. Now only administrators and those 3 people have access to that directory. Tom is also a member of another role that has 'access webfm' rights to the 'Support' directory. Tom will have two left-hand trees. One for 'Sales' and one for 'Support'. He can move files that he owns between the two realms or files that are marked with the 'Role Full Access' permission.

Alternatively the 'Sales' root dir could be a sub_dir of 'Support' in which case all users of the role with the 'Support' root will have access to 'Sales'.

There is no such animal as a role administrator. A module administrator has the keys to the store the same as #1 user.

mattmm’s picture

mattmm commented

Thanks for this well detailed response! I will jump deeper into this tomorrow and see how this works out.

Galedon’s picture

Galedon commented

Hey,

i have some question about this module

i have make the WebFM attachments active - i put a file attachments table to the node body.

i can see as admin the file in the node - i can download this.

but i want to do that anonymous user see the file but doesn´t download this.

anonymous user must register to download the file

thx

db

PS: sorry for my bad english ;)

robmilne’s picture

robmilne commented

Give the anonymous role the right to view webfm attachments.

If you are referring to links to a file inside the node body (rather than in the attachment table), that file must have its permissions set to public.

Galedon’s picture

Galedon commented

sorry - it´s not work !

i have put 4 files on the node

file permissions set:

1 File Public download:
1 File Role View/Download:
1 File Role Attach:
1 File Role Full Access:

when i go to the Access control i check the

view webfm attachments

all files are can anonymous user view AND download !

when the view webfm attachments not checked - you can´t see any file :(

what´s wrong ?

4cornersusa.com’s picture

4cornersusa.com commented

Upon new user creation I would like the following to happen automatically; 1> create the folder in the file structure, 2> create role with WebFM admin for that user that is maped tohte folder in the file structure. 3> because these are WebFM exclusive roles I would like them to be prefixed (ie.) customer_ or staff_

Now because of the multitued of options like, Ajax, or PHP module hack and because my experience is more on the theming and Installation, I would be looking for input as to how to go about this proceedure.

Thanks for the basic Rules. That did a lot to explain the logic.

greycanyon’s picture

greycanyon commented

WebFM works fantastic using the admin user (or any other user that has been granted all rights to everything).

However, when I set limited permissions so that regular users can only View / open the documents (but not upload, delete or anything else), the standard users are presented with empty web folders along with an "no trees found" error - using fire fox.
The users don't even get that much on Internet Explorer, just a "Line: 3499, Char: 3 Error: "XMLHttpRequest" is undefined, Code:0" error.

Any ideas what I am doing wrong?

Thanks very much

Matilda’s picture

Matilda commented

Hi,

I had the same problem and fixed it - in Germany we say "Ich sehe den Wald vor lauter Bäumen nicht" :)

Go to 'Web File Manager Settings".
1. On the top you have to sign in the WebFM root directory (for example 'Testdirectory')
2. If Testdirectory ist the same to show for non-Admin users you have to sign in 'Testdirectory' in 'Settings for authenticated user role'

Best regards,
Matilda

jozzhart’s picture

jozzhart commented

Hello,

I'm having the same problem as greycanyon...... and I'm not sure what you mean Matila, when you say

"you have to sign in 'Testdirectory' in 'Settings for authenticated user role'"

Can you please elaborate?

Thanks
Jozz

jozzhart’s picture

jozzhart commented

Hello All,

I found the problem was that an authenticated user can't have access to the same directory as the administrator. Doesn't make any sense to me, but that is the way the module is set up. Hopefully this is changed in the future.

robmilne’s picture

robmilne commented

"Access webfm" rights are role based. For any particular user to access webfm he/she must be a member of a role(s) with this permission. Before a particular role with "access webfm" rights can actually access the file manager a "root directory" must be set in the settings of the webfm module. Each role with "access webfm" rights is given a fieldset in webfm settings to control the root directory.

arturo.herrero’s picture

arturo.herrero commented

I have similar problem

I need 3 roles: root, internal and external

- Root is de WebFM administrator
- Each user of external upload and view they owns files
- The users of internal can see all of files of any user in external role

administrador@root
  |_ boss@internal
      |_ worker1@external
      |_ worker2@external

Boss can see the files of worker1 and worker2. Worker1 only view his own files and Worker2 only view his own files.

Help please??

roberthindle’s picture

roberthindle commented

I've managed to get all of this working, but what I am trying to achieve is to allow my clients to upload source files for us to use, much like an integrated ftp system. I can assign the users to a role called clients and give them the ability to access only their own files, but as you can only set the root directory on a role basis, all files no matter which client has uploaded it ends up in the same directory. It is true that the clients can't see each others files but it's a pain from my end, because when we come to access and download the files, we would need to be able to easily work out which have come from what client. I would much rather have a folder for each client and the client to be able to access that folder (inc making subdirectories within it). Is there some way of doing this?

Thanks
Rob