view directory listings permission has no effect
ralessi - June 3, 2009 - 07:33
| Project: | Filebrowser |
| Version: | 6.x-2.0-rc10 |
| Component: | Administrative Interface |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | postponed (maintainer needs more info) |
Description
I just noticed that the "view directory listings" permission has no effect on RC10.
Anonymous users can browse directory listings even if the "view directory listings" box is unchecked for their role. Further testing showed me that this permission has no effect at all whatever the role may be. So I had to temporarily switch back to an older version of Filebrowser.
Thank you in anticipation for your efforts.
Robert
#1
Are you sure you didn't check "Leave node permissions to an external module" in module settings ?
#2
I couldn't find this particular option. Could you give me the path so I can check this out?
Thanks!
Robert
#3
Ok. I found the path (admin/settings/filebrowser).
Box is unchecked, and I don't use nodeaccess module.
The curious thing is that I can't see any link leading to filebrowser admin page, either in the admin/settings page or in the admin/by-module page, as you can see in the attached screenshot.
Any suggestion about that?
Many thanks again,
Robert
#4
If you can see this, you should have something wrong with your Drupal as this menu is directly managed by Drupal and permission are correctly defined :
$items['admin/settings/filebrowser'] = array ('title' => 'File Browser',
'description' => 'Configure File Browser.',
'page callback' => 'drupal_get_form',
'page arguments' => array ('filebrowser_admin_settings'),
'access arguments' => array ('administer site configuration'),
'file' => 'filebrowser.admin.inc',
'type' => MENU_LOCAL_TASK
);
#5
Yes, I can see this, but the problem remains the same.
To check this out, I started over with a fresh drupal installation and only installed Filebrowser as a third party module. The problem is still the same: I can't see any filebrowser admin link in the admin/settings page, but I nevertheless can access the Filebrowser admin page by typing its url...
If I can do anything to help you further, just let me know.
Thx,
Robert
#6
I have noticed the same behavior, with both the current rc10 release and the dev release. Users of any role can see directory listings (and download files) by going directly to the URL, regardless of permissions. This problem has been reported before... I'm curious as to whether ANYONE has actually gotten this module to respect permissions, and how.
#7
I've had exactly the same problem (pthompsen) when I 'upgraded' from rc4 - no permissions were honoured.
So, I completely uninstalled filebrowser and ensured its mysql table & folders had gone. I also deleted all the content that used it. Then installed nodeaccess to allocate the permissions I wanted. Then installed rc10, created the content from scratch and everything works.
I was even able to allocate difference access permissions to different filelisting pages. - Result.
Congrats to all involved, Paul
#8
I had the same problem (even anonymous can view the directory listings when this is unchecked in the permissions), but I don't want to use nodeaccess module.. Is there any solution?
#9
Could you give a try at the last dev (as soon as package is built or by using CVS) ?.
#10
Sorry, I got no idea how csv works, but of course I will try the next release as soon as it is available.