Download & Extend
Filebrowser » Issues

view directory listings permission has no effect

Posted by ralessi on June 3, 2009 at 7:33am
Project:Filebrowser
Version:6.x-2.0-rc10
Component:Administrative Interface
Category:bug report
Priority:critical
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

I just noticed that the "view directory listings" permission has no effect on RC10.

Anonymous users can browse directory listings even if the "view directory listings" box is unchecked for their role. Further testing showed me that this permission has no effect at all whatever the role may be. So I had to temporarily switch back to an older version of Filebrowser.

Thank you in anticipation for your efforts.

Robert

Login or register to post comments

Comments

#1

Posted by Yoran Brault on June 16, 2009 at 10:49pm

Are you sure you didn't check "Leave node permissions to an external module" in module settings ?

#2

Posted by ralessi on June 18, 2009 at 11:52pm

I couldn't find this particular option. Could you give me the path so I can check this out?

Thanks!

Robert

#3

Posted by ralessi on June 19, 2009 at 9:14am

Ok. I found the path (admin/settings/filebrowser).

Box is unchecked, and I don't use nodeaccess module.

The curious thing is that I can't see any link leading to filebrowser admin page, either in the admin/settings page or in the admin/by-module page, as you can see in the attached screenshot.

Any suggestion about that?

Many thanks again,

Robert

AttachmentSize
capture1.png 10.2 KB

#4

Posted by Yoran Brault on July 19, 2009 at 12:43pm
Status:active» postponed (maintainer needs more info)

If you can see this, you should have something wrong with your Drupal as this menu is directly managed by Drupal and permission are correctly defined :

$items['admin/settings/filebrowser'] = array (
'title' => 'File Browser',
'description' => 'Configure File Browser.',
'page callback' => 'drupal_get_form',
'page arguments' => array ('filebrowser_admin_settings'),
'access arguments' => array ('administer site configuration'),
'file' => 'filebrowser.admin.inc',
'type' => MENU_LOCAL_TASK
);

#5

Posted by ralessi on July 23, 2009 at 8:56am

Yes, I can see this, but the problem remains the same.

To check this out, I started over with a fresh drupal installation and only installed Filebrowser as a third party module. The problem is still the same: I can't see any filebrowser admin link in the admin/settings page, but I nevertheless can access the Filebrowser admin page by typing its url...

If I can do anything to help you further, just let me know.

Thx,

Robert

#6

Posted by pthompsen on August 26, 2009 at 1:36pm

I have noticed the same behavior, with both the current rc10 release and the dev release. Users of any role can see directory listings (and download files) by going directly to the URL, regardless of permissions. This problem has been reported before... I'm curious as to whether ANYONE has actually gotten this module to respect permissions, and how.

#7

Posted by SeahamPaul on September 7, 2009 at 1:55pm

I've had exactly the same problem (pthompsen) when I 'upgraded' from rc4 - no permissions were honoured.

So, I completely uninstalled filebrowser and ensured its mysql table & folders had gone. I also deleted all the content that used it. Then installed nodeaccess to allocate the permissions I wanted. Then installed rc10, created the content from scratch and everything works.

I was even able to allocate difference access permissions to different filelisting pages. - Result.

Congrats to all involved, Paul

#8

Posted by Breakerandi on October 13, 2009 at 11:12am

I had the same problem (even anonymous can view the directory listings when this is unchecked in the permissions), but I don't want to use nodeaccess module.. Is there any solution?

#9

Posted by Yoran Brault on October 22, 2009 at 7:25am

Could you give a try at the last dev (as soon as package is built or by using CVS) ?.

#10

Posted by Breakerandi on October 22, 2009 at 11:23am

Sorry, I got no idea how csv works, but of course I will try the next release as soon as it is available.

#11

Posted by Stefan Vaduva on January 28, 2010 at 3:29pm

I have the same problem. If i'll have some time, I'll try to debug the module to see what's happening. For now I use this hack:

- duplicate node.tpl.php and rename it to node-dir_listing.tpl.php
- at the top of node-dir_listing.tpl.php add

<?php
//Redirect users to homepage if they are not logged in.
global $user;
if(!$user->uid) {
    drupal_goto('');
}
?>

- clear your cache

--
http://vamist.ro

#12

Posted by Yoran Brault on March 4, 2010 at 11:47pm
Status:postponed (maintainer needs more info)» fixed

Normally fixed in dev version if you can give it a try.

#13

Posted by System Message on March 18, 2010 at 11:50pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

#14

Posted by jenyum on March 26, 2010 at 2:48am

Just a note to say using the dev. version fixed this issue for me, but now I notice there is no admin/settings/filebrowser at all. (Takes me to the main site configuration admin page.) I'm having some other issues and wondering if there's a setting I need to change, but there's no setting page.

#15

Posted by dead_account_ki... on March 26, 2010 at 6:26am

No, that's normal, there is no settings for this module, everything is in the node form when creating a directory listing.