search

trippo / ResponsiveFilemanager

Completely Responsive Filemanager with integration for tinyMCE,CKEditor and CLEditor editor
http://responsivefilemanager.com
Other
815 stars 365 forks source link

Restrict access to specified folder and child folders only (not allow user to browse to parent folders) #294

Open gordon-matt opened 7 years ago

gordon-matt commented 7 years ago

Is it possible to restrict the users to their own root folders? I have 2 different situations:

1) I am implementing a "Tenants" feature for my CMS, so multiple sites can run on the same instance. However, this means they must not share the same media folders. I would like to have something like this:

I can pass "fldr" parameter and that is a good start, but the users can still use the "home icon" to browse to the root folder and then access files for the other tenants. This is not good.

2) The second situation is mostly the same as the first one, but for individual users... so example sturcture I would like my CMS to have is:

I think it would be good to have a new parameter like: "rootFolder" or something, so it will be same as "fldr" but will restrict the users so they cannot browse to parent folders.. and the home icon will redirect make to that specified root folder. The site security is very important, so we don't have users accessing files that they should not.

cdaveb commented 7 years ago

We have something similar to this implemented on our company's internal admin site- users have access to different folders and we have a custom function that sets the hidden directories based on user permissions (we've tweaked our config to have access to the relevant user session information). It's a bit of a hack but it does the job.

It would be nice if there was a more standard way of doing it.

On 10/26/16 5:43 PM, gordon-matt wrote:

Is it possible to restrict the users to their own root folders? I have 2 different situations:

1) I am implementing a "Tenants" feature for my CMS, so multiple sites can run on the same instance. However, this means they must not share the same media folders. I would like to have something like this:

  • Root
    • Tenant 1
    • Tenant 2
    • etc

I can pass "fldr" parameter and that is a good start, but the users can still use the "home icon" to browse to the root folder and then access files for the other tenants. This is not good.

2) The second situation is mostly the same as the first one, but for individual users... so example sturcture I would like my CMS to have is:

  • Root
    • Tenant 1
    • User 1
    • User 2
    • etc
    • Tenant 2
    • User 3
    • etc
    • etc

I think it would be good to have a new parameter like: "rootFolder" or something, so it will be same as "fldr" but will restrict the users so they cannot browse to parent folders.. and the home icon will redirect make to that specified root folder. The site security is very important, so we don't have users accessing files that they should not.

trippo commented 7 years ago

You can read SET SUBFOLDER AS ROOT AND MULTI-USER USE section on documentation

Il giorno 27 ott 2016, alle ore 02:51, Cari D. Burstein notifications@github.com ha scritto:

We have something similar to this implemented on our company's internal admin site- users have access to different folders and we have a custom function that sets the hidden directories based on user permissions (we've tweaked our config to have access to the relevant user session information). It's a bit of a hack but it does the job.

It would be nice if there was a more standard way of doing it.

On 10/26/16 5:43 PM, gordon-matt wrote:

Is it possible to restrict the users to their own root folders? I have 2 different situations:

1) I am implementing a "Tenants" feature for my CMS, so multiple sites can run on the same instance. However, this means they must not share the same media folders. I would like to have something like this:

  • Root
  • Tenant 1
  • Tenant 2
  • etc

I can pass "fldr" parameter and that is a good start, but the users can still use the "home icon" to browse to the root folder and then access files for the other tenants. This is not good.

2) The second situation is mostly the same as the first one, but for individual users... so example sturcture I would like my CMS to have is:

  • Root
  • Tenant 1
  • User 1
  • User 2
  • etc
  • Tenant 2
  • User 3
  • etc
  • etc

I think it would be good to have a new parameter like: "rootFolder" or something, so it will be same as "fldr" but will restrict the users so they cannot browse to parent folders.. and the home icon will redirect make to that specified root folder. The site security is very important, so we don't have users accessing files that they should not.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/trippo/ResponsiveFilemanager/issues/294#issuecomment-256517951, or mute the thread https://github.com/notifications/unsubscribe-auth/AAeWEf1VQVyCu8VOI_xTva9v5xn5Ih-cks5q3_WTgaJpZM4Kh0-C.

gordon-matt commented 7 years ago

@trippo , thanks for the reply. You probably forgot I am the guy using it in .NET. I wrote the article on CodeProject, "Using Responsive File Manager in ASP.NET MVC". So I am not sure how to set the $_SESSION["RF"]["subfolder"] variable in my case. Is it possible for me to do the same thing some other way? Otherwise, maybe I need to try modify your code to pass a new parameter in the URL and set that $_SESSION["RF"]["subfolder"] variable inside dialog.php? I guess that's what I have to do, but I'm not sure because I don't know much about PHP.

trippo commented 7 years ago

Yes you must edit dialog.php in the top of file where read $_SESSION['RF']["subfolder"] and change to read $_GET['subfolder']

But is not secure because an user can see this in url and can change

Il giorno 28 ott 2016, alle ore 10:58, gordon-matt notifications@github.com ha scritto:

@trippo https://github.com/trippo , thanks for the reply. You probably forgot I am the guy using it in .NET. I wrote the article on CodeProject, "Using Responsive File Manager in ASP.NET MVC http://www.codeproject.com/Tips/1004596/Using-Responsive-File-Manager-in-ASP-NET-MVC". So I am not sure how to set the $_SESSION["RF"]["subfolder"] variable in my case. Is it possible for me to do the same thing some other way? Otherwise, maybe I need to try modify your code to pass a new parameter in the URL and set that $_SESSION["RF"]["subfolder"] variable inside dialog.php? I guess that's what I have to do, but I'm not sure because I don't know much about PHP.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/trippo/ResponsiveFilemanager/issues/294#issuecomment-256870889, or mute the thread https://github.com/notifications/unsubscribe-auth/AAeWEZGD1h_WBMTrIqvXyNG-9_mHOPyiks5q4bk1gaJpZM4Kh0-C.

gordon-matt commented 7 years ago

@trippo , Yes, that is unfortunate. I am very worried about security. However, I don't see any other way to do this. Can you make some kind of option in the config file to use a javascript function to call specified ajax url to get the root directory for a user? Because that way, I can get the correct tenant and user info and return a string for the correct root folder URL. Example, we can put something like this in config file:

getRootFolderUrl = '/url-to-my-ajax-function'

and then your dialog.php can use that to query for correct root folder each time.. is it possible?

Last thing: are you still working on the new JavasScript-only version (Angular) ? If yes, do you have any estimated timeline for when that will be released?

gordon-matt commented 7 years ago

OK I can't figure out how to set a $SESSION variable to some value from an ajax request. So for now I changed some code under the *SUB-DIR CODE_\ section in dialog.php:

From this:

if (!isset($_SESSION['RF']["subfolder"]))
{
    $_SESSION['RF']["subfolder"] = '';
}

to this:

if (isset($_GET['rootFolder']))
{
    $_SESSION['RF']["subfolder"] = $_GET["rootFolder"];
}
else if (!isset($_SESSION['RF']["subfolder"]))
{
    $_SESSION['RF']["subfolder"] = '';
}

and then my href on the iframe becomes something like:

<iframe src="/filemanager/dialog.php?type=0&rootFolder=Tenant2".....

This is not secure, but it works. It would be awesome if you could make a fix in the next version to set some ajax url in the config file and then the dialog.php will call that url to get the correct root folder each time.

gordon-matt commented 7 years ago

Also, how can I pass a parameter to tinymce? I need to do the same thing for that...

UPDATE

Nevermind; I see I can modify the plugin.js file to add this:

var rootFolder = "";
if (typeof editor.settings.filemanager_rootFolder !== "undefined" && editor.settings.filemanager_rootFolder) {
    rootFolder = "&rootFolder=" + editor.settings.filemanager_rootFolder;
}

And then adding this to the tinymce config:

filemanager_rootFolder: "Tenant1"

That's gonna be a pain in the neck, but I can work with it. But please consider providing some way to get that from the dialog.php instead, so we don't have to go through 100s of places in the code to modify these things and also more importantly, for security.

cdaveb commented 7 years ago

What we ended up doing for our custom configuration was comment out the session start and initialized the session via our custom code so that it would have access to the session information we needed to determine which folders were appropriate for the user. This would require you writing a bit of PHP, but you might be able to do something similar and it's a more secure mechanism as you're getting the information you want from the server.

You could also use a cookie to get the information if you set one when the user logs in- that also isn't that secure but at least it wouldn't be visible in the URL and as easily manipulated.

On 11/6/16 4:16 PM, gordon-matt wrote:

OK I can't figure out how to set a $SESSION variable to some value from an ajax request. So for now I changed some code under the *SUB-DIR CODE_\ section in dialog.php:

From this:

if (!isset($_SESSION['RF']["subfolder"]))
{
  $_SESSION['RF']["subfolder"] = '';
}

to this:

if (isset($_GET['rootFolder']))
{
  $_SESSION['RF']["subfolder"] = $_GET["rootFolder"];
}
else if (!isset($_SESSION['RF']["subfolder"]))
{
  $_SESSION['RF']["subfolder"] = '';
}

and then my href on the iframe becomes something like:

<iframe src="/filemanager/dialog.php?type=0&rootFolder=Tenant2".....

This is not secure, but it works. It would be awesome if you could make a fix in the next version to set some ajax url in the config file and then the dialog.php will call that url to get the correct root folder each time.

raknjak commented 7 years ago

@cdaveb do you have an example available please?

cdaveb commented 7 years ago

Our specific code wouldn't be a very good example as it involves including files from our internal PHP libraries. The main thing is you'd just want to start the session via whatever means you normally do in your application by triggering it through the code at the beginning of config.php- then you can read from whatever session variables are stored by your application. If your application is not in PHP then I'm not sure how workable that would be, but it might still be doable depending on how your session information is stored.

If you want to use the cookie approach, you'd just need to make sure that when a user logs in it stores a cookie with the appropriate information you need to display the correct subfolder. As I said this would be less secure as the user could manually change the cookie if they knew what they were doing, but it's a little less obvious than having it in the URL.