Hi all,

There is a new SecureFiles (v0.21) available here:

http://silverstripe.org/secure-files/

There have been a number of improvements:

You can now apply decorators in your _config to decide how you want Secure Files to manage permissions. From the base install, only ADMINS and users with the SECURE_FILES permission will be able to access secure files. You can then apply the Group Permission Decorator or Member Permission Decorator (or both) to add the functionality you want.

It's also easy to extend - simply create a new decorator that implements canViewSecured() and you can add new permission systems.

Should be compatible with 2.3.x and 2.4b

Translations would be welcome.

Future enhancements:

• -Time restricted permissions
  
• -Auth Token permission - provide an auth token to access a particular file. Useful for 'paid content' systems
  
• -Access logging
  
• -GUI improvements within the CMS
  

Note: this is not the same module that is available via svn.silverstripe.com or open.silverstripe.com.

See latest updates at: http://polemic.net.nz/svn/silverstripe/modules/SecureFiles/trunk/
tickets etc at: http://polemic.net.nz/trac/

Regards
Hamish

What are the main differences between this and the one available via svn.silverstripe.com?

The silverstripe.com one is a fork of an earlier version - I don't know who is responsible for ongoing maintenance.

The version available at http://silverstripe.org/secure-files/ has a number of modes of operation and is 'developer friendly' in that you can add new permission rules easily. I'm also making sure it is v2.3 and v2.4 compatible.

Okay, Hamish, I'm officially confused. I'd really like to use this module to prevent the public from browsing a folder that is full of resumes uploaded from a contact form. I have gone to the Security tab, with your two decorators enabled in the _config.php, and I set the permissions to a single member, but I can still browse to /assets/Uploads/myfile.pdf and download. Is there a step that I'm missing?

Have you ticked "folder is secure" and saved the folder? This will write an htaccess file that sets up the required rules.

Also, you'll still have access if you're an Admin user.

Hi Hamish!

I haven’t found the time to test the module, so the following translations lack context, but they should be good enough for the moment. I’ll update they later if needed. BTW, there’s a typo in the comment MEMBER PERMISSION.

@UC: I’ll send you French and Spanish translations for some of your modules… waiting for an appropriated rainy Sunday!

Best regards,
Juan

Hi, Hamish,

Yes, the folder is marked as secure. Here's the .htaccess in my secure "Uploads" folder:

RemoveHandler .php .phtml .php3 ,php4 .php5 .inc
RemoveType .php .phtml .php3 .php4 .php5 .inc
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteRule (.*) sapphire/main.php?url=%1&%{QUERY_STRING} [L]

Is that right?

Never mind... I get it now.. I must have been logged in as an admin. Very nice module, Hamish! We'll be rolling this out everywhere.