itsberni

Obviously there is still a problem with the file permission. When i'm integrating a file-field as an array ( maximum files allowed = 0 ) the files can be accessed when a used has logged in. Everthing works fine! But now i've integrated a second file-upload ( as part of a repeater field ) in the same template. this field is adjusted as a single field file ( maximum files allowed = 1 ). The problem is now, that the permissions to this files are denied although the user is logged in. That means, the files from the array ( case one ) are available - the files as part of the repeater field are denied. Is there anything to consider, when using a file-field within a repeater in a secured template? EDIT: When i'm logged in as a superuser, all files can be accessed. Any Ideas?

Great! Exactly that was the problem. Now the access is denied, when i've been locked out - nearly perfect. But now, when i'am locked in, the pdf-files are only accessible via download. That means they do not open in the browser-window ( no file-url is visible in the browser-line ). Is this a normal behaviour? Before the permission-issue, the files opened in the browser ( file-url was visible in the browser-line ). Anyway, i'm very grateful for putting me on the right way! Thanks guys!

hey arjen, ok, now i've changed into the master branch. Same issue. In the used template there is no authorisation defined ( manage authorisation = no ). I'am a bit confused about the rewrite-rule in the .htaccess -> "Access Restrictions: Keep web users out of dirs that begin with a period". But i should have to rename the dirs in /-folder not in /.folder ?!? ( or it's too late right now ). Btw. after the change to the master-branch the folders are still going to rename automaticly from /-folder into /folder. but - that i find out now - only after an access occurs to a file in this particular folder.

i wanna pick up this issue once again. I found out, that pw removes the prefix /-folder. So after a refresh /-folder becomes /folder again. Is this helpful to solve the problem?

Hey arjen, I've downloaded the 2.3.1 directly from the processwire-homepage. @Soma, This issue i cannot reproduce. My /-folder is going to rewrite by the .htaccess into /folder and that /folder can be reached by link/url, no matter wheater you´re logged in as a user or not.

Hey, right - the folders are prefixed with a "-" and the htaccess has got this entry: RewriteRule "(^|/)\." - [F] After the user has logged out, the folders can be still achieved without the prefix ( link to the file: ..../site/assests/files/123/test.pdf ) neither when i delete and upload the file over the backend once again. I´m really confused at that point...

Hey pw-guys, i´ve just began to work with pw. a very nice cms. thanks to ryan for that great work! i want to realize a one page-layout. All works fine, but there are particular sections ( PDF-files ), that should only be accessable after login into the page as a user ( to offer some downloads ). Also that works fine, but after the user has logged out, the files are still available via url. Because of different fields the single sections from the page are each realized with a separate template. That means the data from section1 cames from template section1 and so on. do you have any ideas, how to fix this? The settings in the config.php are $config->pagefileSecure = true; $config->pagefileSecurePathPrefix = '-‚; I would be grateful for any tipps. Greetz Bernd