999design Posted October 21, 2019 Share Posted October 21, 2019 Hi everyone Our client has asked for the following features: CLIENT REQUIREMENT 1"Ability to pre-publish files with a publish-at date, before which the files are not visible or accessible. Also the ability to un-publish files with a publish-end date, after which the files are not visible or accessible. The above should not permit url farming / guessing. Simply not linking the new files on the site is insufficient. Also, if the page containing these files is unpublished the files should also be inaccessible."Our Thoughts... We had considered creating an area within the page tree for pages that contain each file, allowing us to use a page reference filed to select the relevant file. Our thinking was that publishing/unpublishing these pages as and when required would allow files to be accessed/inaccessible... However, we've tried unpublishing a page to see if the files associated with it are also unpublished/inaccessible, but the file it is still visible if you have the path. CLIENT REQUIREMENT 2"Deleting data / documents from the CMS should make the data inaccessible but the documents should still be viewable by admins."Our thoughts... It's almost like they need some kind of holding pen for a file, between being deleted completely and just not visible through any url. Has anyone tried to do anyhting like this before and do you have any pointers? We've seen this module http://modules.processwire.com/modules/fieldtype-secure-file/ but it doesn't appear to be compatible with version 3. Thanks in advance for any help. Link to comment Share on other sites More sharing options...
wbmnfktr Posted October 21, 2019 Share Posted October 21, 2019 It looks like you could use: $config->pagefileSecure More details here: https://processwire.com/api/ref/config/ and of course via search in the forum. ? 1 Link to comment Share on other sites More sharing options...
999design Posted October 21, 2019 Author Share Posted October 21, 2019 @wbmnfktr wow, wasn't expecting it to be that simple. Thank you very much for such a quick response. ? It appears that this only kicks in to effect on newly added files though, so I guess it would be wise to set this up ahead of creating a new site and adding any content? Do you know of any way for this to consider pre-existing files? Thanks Link to comment Share on other sites More sharing options...
wbmnfktr Posted October 21, 2019 Share Posted October 21, 2019 4 minutes ago, 999design said: It appears that this only kicks in to effect on newly added files though, so I guess it would be wise to set this up ahead of creating a new site and adding any content? Do you know of any way for this to consider pre-existing files? Just a guess but I think this will work for already existing pages and files as well. I never used this feature for any of my projects - at least I can't remember so. Just give it a try in a dev environment on your local machine. Shouldn't take more than 30 minutes to get this up and running for a test ride. If I remember this correctly @Jens Martsch - dotnetic could answer this probably. Link to comment Share on other sites More sharing options...
999design Posted October 21, 2019 Author Share Posted October 21, 2019 @wbmnfktr just tried it out there and it doesn't seem to work on pre-existing files I'm afraid. I'm not sure whay that would be, but now that I know, we can try to build it into our solutions from the beginning. This is for a new project so we'll set it up before adding any content. Thanks again for the help. Much appreciated. Link to comment Share on other sites More sharing options...
wbmnfktr Posted October 21, 2019 Share Posted October 21, 2019 I think you didn't run in this trap but just to mention it: test it with another browser and a real guest/visitor and not with the admin/superuser. Yes... enabling this by default should do the trick then. Link to comment Share on other sites More sharing options...
999design Posted October 21, 2019 Author Share Posted October 21, 2019 Thanks @wbmnfktr good suggestion. I did already try this though, logged into the cms on Firefox and with an incognito windo open in Chrome to view the front end site. Thanks 1 Link to comment Share on other sites More sharing options...
dotnetic Posted October 22, 2019 Share Posted October 22, 2019 @999design To deal with pagefileSecure and existing files please take a look here: https://github.com/processwire/processwire-issues/issues/1006 pagefileSecure will only prevent access for users that don't have view permission for the template, where the file is included. You will need a view template or hook that checks if a file should be shown or not (based on dates). One problem that you have with pagefileSecure ist, that if you know the path and are logged in into ProcessWire the file is viewable/downloadable regardless of the date you set. 1 Link to comment Share on other sites More sharing options...
999design Posted October 22, 2019 Author Share Posted October 22, 2019 Thanks for the information @Jens Martsch - dotnetic we'll certainly take a look through that. Luckily that shouldn't be a problem as our client who will be creating the files that are to be secured, will be the only person that is logged in. Good to know that though. Thanks again Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now