Revision history for FilesManagementSolution
Revision [23360]
Last edited on 2016-05-20 07:38:47 by MasinAlDujaili [Replaces old-style internal links with new pipe-split links.]Additions:
[[http://131.202.167.33/hostedimages/Image1.png | The menulet: A new header menu links to the attachments (screenshot)]]
[[http://131.202.167.33/hostedimages/Image2.png | The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png | The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png | How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
[[http://131.202.167.33/hostedimages/Image2.png | The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png | The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png | How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
Deletions:
[[http://131.202.167.33/hostedimages/Image2.png The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
Additions:
>>Working for 1.1.6.0 to 1.1.6.4 (latest)>>===The principle===
Deletions:
Revision [18559]
Edited on 2008-01-28 00:11:57 by JavaWoman [Modified links pointing to docs server]No Differences
Additions:
~~1) //If you are allowed to write a page then you can manage the attachments (add/delete)// On most wikkas the SandBox is writeble for everyone, which means the everyone can upload files there. There could be people who won't want that.
~~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
~&**Link** to files, rather than upload? Would it be possible to add the functionality so that rather than store the files within the Wikki, there was an option box for 'link' as well as upload. This would be useful on internal wikki deployments where you want to avoid file duplication by allowing users to point at the file to create a link to that file on a separate internal server. - RogerD
~~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
~&**Link** to files, rather than upload? Would it be possible to add the functionality so that rather than store the files within the Wikki, there was an option box for 'link' as well as upload. This would be useful on internal wikki deployments where you want to avoid file duplication by allowing users to point at the file to create a link to that file on a separate internal server. - RogerD
Deletions:
~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
**Link** to files, rather than upload? Would it be possible to add the functionality so that rather than store the files within the Wikki, there was an option box for 'link' as well as upload. This would be useful on internal wikki deployments where you want to avoid file duplication by allowing users to point at the file to create a link to that file on a separate internal server. - RogerD
Additions:
**Link** to files, rather than upload? Would it be possible to add the functionality so that rather than store the files within the Wikki, there was an option box for 'link' as well as upload. This would be useful on internal wikki deployments where you want to avoid file duplication by allowing users to point at the file to create a link to that file on a separate internal server. - RogerD
Deletions:
Additions:
~3) **Link** to files, rather than upload? Would it be possible to add the functionality so that rather than store the files within the Wikki, there was an option box for 'link' as well as upload. This would be useful on internal wikki deployments where you want to avoid file duplication by allowing users to point at the file to create a link to that file on a separate internal server. - RogerD
Deletions:
Additions:
=====Files Management Solution=====
===The principle===
As many Wikka users, I find the upload process cumbersome. So I propose a new way relying on 3 developments and a few principles.
1) There will be a menulet action in the header and/or footer menus that will allow the user to:
- know if there are files attached to the current page (special display of the menulet link)
- browse the attached files by clicking on the menulet link
- manage the attachments (add/delete)
1) If you are allowed to read a page then you can read/download the attached files
1) If you are allowed to write a page then you can manage the attachments (add/delete)
Of course all this has to be compliant with the site policy (authorized mimes and maximum sizes).
It is indeed compliant with the ACLs, so it is with my solution of ACLsWithUserGroups.
===My solution===
Three developments to provide a complete solution:
- A handler (FilesHandlerInfo - FilesHandler) allowing to call the file management tool from any page
- An action (ListfilesActionInfo - ListfilesAction) allowing to list and download the attached documents
- A menulet action (WikkaMenulets : attachments) to call the handler via a menu
===Screenshots===
[[http://131.202.167.33/hostedimages/Image1.png The menulet: A new header menu links to the attachments (screenshot)]]
[[http://131.202.167.33/hostedimages/Image2.png The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
===To Do===
As I cannot have the ModRewrite working on my site, it would be nice if someone could test all this with mod_rewrite.
~&It does work with mod_rewrite, but here are some other comments:
~1) //If you are allowed to write a page then you can manage the attachments (add/delete)// On most wikkas the SandBox is writeble for everyone, which means the everyone can upload files there. There could be people who won't want that.
~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
~&--NilsLindenberg
~~&Good points Nils, and both have to be solved. I am going for a long WE but will propose solutions next week. For the 1st point, I think we could restrict the upload to registered users; anyway allowing upload is a matter of trust. For the 2nd point I don't think it is hard to solve.
~~&--ChristianBarthelemy
~~~&Why not an extra acl like "filemanipulation", which would allow upload/delete of files? And Standard to registered users? This would allow a maximal flexibility. --NilsLindenberg
~~~&I'm actually a supporter of an extra acl for "actions on page".....the security/access issues around many of my contributions here would be better with just such an acl (and I've been tempted to hack one in). My forum actions and others currently use a "share=" parameter (to set a token) so that users of the action can be restricted to a specific list w/o allowing page write access. But, that means that anybody **with** pagewrite access can add users. I'd prefer a separate acl for actions where the page owner (and, in my case, therefore owner of the wikkaforum which is linked to the page) can set //users// of the action to one group, and permission to write on the page to a (potentially) different group. Such an acl would, I believe, allow a richer collection of actions/embedded programs to accumulate. My 2 cents. --GmBowen
~~&Actually it's worse than Nils suggests - being able to upload a .php file could enable an attacker to execute arbitrary code... **major** security hole! You'd need a filter that looks at allowable files - and not just by extension either: look at the first few bytes to detect **actual** file type. --JavaWoman
~3) Link to files, rather than upload? Would it be possible to add the functionality so that rather than store the files within the Wikki, there was an option box for 'link' as well as upload. This would be useful on internal wikki deployments where you want to avoid file duplication by allowing users to point at the file to create a link to that file on a separate internal server. - RogerD
----
===The principle===
As many Wikka users, I find the upload process cumbersome. So I propose a new way relying on 3 developments and a few principles.
1) There will be a menulet action in the header and/or footer menus that will allow the user to:
- know if there are files attached to the current page (special display of the menulet link)
- browse the attached files by clicking on the menulet link
- manage the attachments (add/delete)
1) If you are allowed to read a page then you can read/download the attached files
1) If you are allowed to write a page then you can manage the attachments (add/delete)
Of course all this has to be compliant with the site policy (authorized mimes and maximum sizes).
It is indeed compliant with the ACLs, so it is with my solution of ACLsWithUserGroups.
===My solution===
Three developments to provide a complete solution:
- A handler (FilesHandlerInfo - FilesHandler) allowing to call the file management tool from any page
- An action (ListfilesActionInfo - ListfilesAction) allowing to list and download the attached documents
- A menulet action (WikkaMenulets : attachments) to call the handler via a menu
===Screenshots===
[[http://131.202.167.33/hostedimages/Image1.png The menulet: A new header menu links to the attachments (screenshot)]]
[[http://131.202.167.33/hostedimages/Image2.png The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
===To Do===
As I cannot have the ModRewrite working on my site, it would be nice if someone could test all this with mod_rewrite.
~&It does work with mod_rewrite, but here are some other comments:
~1) //If you are allowed to write a page then you can manage the attachments (add/delete)// On most wikkas the SandBox is writeble for everyone, which means the everyone can upload files there. There could be people who won't want that.
~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
~&--NilsLindenberg
~~&Good points Nils, and both have to be solved. I am going for a long WE but will propose solutions next week. For the 1st point, I think we could restrict the upload to registered users; anyway allowing upload is a matter of trust. For the 2nd point I don't think it is hard to solve.
~~&--ChristianBarthelemy
~~~&Why not an extra acl like "filemanipulation", which would allow upload/delete of files? And Standard to registered users? This would allow a maximal flexibility. --NilsLindenberg
~~~&I'm actually a supporter of an extra acl for "actions on page".....the security/access issues around many of my contributions here would be better with just such an acl (and I've been tempted to hack one in). My forum actions and others currently use a "share=" parameter (to set a token) so that users of the action can be restricted to a specific list w/o allowing page write access. But, that means that anybody **with** pagewrite access can add users. I'd prefer a separate acl for actions where the page owner (and, in my case, therefore owner of the wikkaforum which is linked to the page) can set //users// of the action to one group, and permission to write on the page to a (potentially) different group. Such an acl would, I believe, allow a richer collection of actions/embedded programs to accumulate. My 2 cents. --GmBowen
~~&Actually it's worse than Nils suggests - being able to upload a .php file could enable an attacker to execute arbitrary code... **major** security hole! You'd need a filter that looks at allowable files - and not just by extension either: look at the first few bytes to detect **actual** file type. --JavaWoman
~3) Link to files, rather than upload? Would it be possible to add the functionality so that rather than store the files within the Wikki, there was an option box for 'link' as well as upload. This would be useful on internal wikki deployments where you want to avoid file duplication by allowing users to point at the file to create a link to that file on a separate internal server. - RogerD
----
Deletions:
===The principle===
As many Wikka users, I find the upload process cumbersome. So I propose a new way relying on 3 developments and a few principles.
1) There will be a menulet action in the header and/or footer menus that will allow the user to:
- know if there are files attached to the current page (special display of the menulet link)
- browse the attached files by clicking on the menulet link
- manage the attachments (add/delete)
1) If you are allowed to read a page then you can read/download the attached files
1) If you are allowed to write a page then you can manage the attachments (add/delete)
Of course all this has to be compliant with the site policy (authorized mimes and maximum sizes).
It is indeed compliant with the ACLs, so it is with my solution of ACLsWithUserGroups.
===My solution===
Three developments to provide a complete solution:
- A handler (FilesHandlerInfo - FilesHandler) allowing to call the file management tool from any page
- An action (ListfilesActionInfo - ListfilesAction) allowing to list and download the attached documents
- A menulet action (WikkaMenulets : attachments) to call the handler via a menu
===Screenshots===
[[http://131.202.167.33/hostedimages/Image1.png The menulet: A new header menu links to the attachments (screenshot)]]
[[http://131.202.167.33/hostedimages/Image2.png The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
===To Do===
As I cannot have the ModRewrite working on my site, it would be nice if someone could test all this with mod_rewrite.
~&It does work with mod_rewrite, but here are some other comments:
~1) //If you are allowed to write a page then you can manage the attachments (add/delete)// On most wikkas the SandBox is writeble for everyone, which means the everyone can upload files there. There could be people who won't want that.
~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
~&--NilsLindenberg
~~&Good points Nils, and both have to be solved. I am going for a long WE but will propose solutions next week. For the 1st point, I think we could restrict the upload to registered users; anyway allowing upload is a matter of trust. For the 2nd point I don't think it is hard to solve.
~~&--ChristianBarthelemy
~~~&Why not an extra acl like "filemanipulation", which would allow upload/delete of files? And Standard to registered users? This would allow a maximal flexibility. --NilsLindenberg
~~~&I'm actually a supporter of an extra acl for "actions on page".....the security/access issues around many of my contributions here would be better with just such an acl (and I've been tempted to hack one in). My forum actions and others currently use a "share=" parameter (to set a token) so that users of the action can be restricted to a specific list w/o allowing page write access. But, that means that anybody **with** pagewrite access can add users. I'd prefer a separate acl for actions where the page owner (and, in my case, therefore owner of the wikkaforum which is linked to the page) can set //users// of the action to one group, and permission to write on the page to a (potentially) different group. Such an acl would, I believe, allow a richer collection of actions/embedded programs to accumulate. My 2 cents. --GmBowen
~~&Actually it's worse than Nils suggests - being able to upload a .php file could enable an attacker to execute arbitrary code... **major** security hole! You'd need a filter that looks at allowable files - and not just by extension either: look at the first few bytes to detect **actual** file type. --JavaWoman
----
Additions:
CategoryUserContributions
Deletions:
Revision [4651]
Edited on 2005-01-15 17:02:13 by GmBowen [supporting idea of an "actions on page" acls]Additions:
~~~&I'm actually a supporter of an extra acl for "actions on page".....the security/access issues around many of my contributions here would be better with just such an acl (and I've been tempted to hack one in). My forum actions and others currently use a "share=" parameter (to set a token) so that users of the action can be restricted to a specific list w/o allowing page write access. But, that means that anybody **with** pagewrite access can add users. I'd prefer a separate acl for actions where the page owner (and, in my case, therefore owner of the wikkaforum which is linked to the page) can set //users// of the action to one group, and permission to write on the page to a (potentially) different group. Such an acl would, I believe, allow a richer collection of actions/embedded programs to accumulate. My 2 cents. --GmBowen
Additions:
~~~&Why not an extra acl like "filemanipulation", which would allow upload/delete of files? And Standard to registered users? This would allow a maximal flexibility. --NilsLindenberg
Additions:
~~&Actually it's worse than Nils suggests - being able to upload a .php file could enable an attacker to execute arbitrary code... **major** security hole! You'd need a filter that looks at allowable files - and not just by extension either: look at the first few bytes to detect **actual** file type. --JavaWoman
Additions:
~~&Good points Nils, and both have to be solved. I am going for a long WE but will propose solutions next week. For the 1st point, I think we could restrict the upload to registered users; anyway allowing upload is a matter of trust. For the 2nd point I don't think it is hard to solve.
~~&--ChristianBarthelemy
~~&--ChristianBarthelemy
Additions:
~&It does work with mod_rewrite, but here are some other comments:
~1) //If you are allowed to write a page then you can manage the attachments (add/delete)// On most wikkas the SandBox is writeble for everyone, which means the everyone can upload files there. There could be people who won't want that.
~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
~&--NilsLindenberg
~1) //If you are allowed to write a page then you can manage the attachments (add/delete)// On most wikkas the SandBox is writeble for everyone, which means the everyone can upload files there. There could be people who won't want that.
~2) if I upload a file with *.php and use listfiles to list it, and click on it, wikka tries to open it as a method!
~&--NilsLindenberg
Revision [4618]
Edited on 2005-01-14 13:33:07 by ChristianBarthelemy [Screenshots added (thanks to Mike)]Additions:
===Screenshots===
[[http://131.202.167.33/hostedimages/Image1.png The menulet: A new header menu links to the attachments (screenshot)]]
[[http://131.202.167.33/hostedimages/Image2.png The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
[[http://131.202.167.33/hostedimages/Image1.png The menulet: A new header menu links to the attachments (screenshot)]]
[[http://131.202.167.33/hostedimages/Image2.png The handler activated: One click to get the files management handler (screenshot)]]
[[http://131.202.167.33/hostedimages/Image3.png The action: A list of all attachments for the WikkaPage (screenshot)]]
[[http://131.202.167.33/hostedimages/MyWikka.png How it could be with some nice icons: the paper clip icon is the menulet (screenshot)]]
Deletions:
~&I can mount them at my site if you'd like Christian. Send them to me as an attachment & I'll send you the urls. -- Mike B
~~& thank you for the proposal - I sent you an email.
Additions:
~~& thank you for the proposal - I sent you an email.
Additions:
~&I can mount them at my site if you'd like Christian. Send them to me as an attachment & I'll send you the urls. -- Mike B
Deletions:
Additions:
~~&I can mount them at my site if you'd like Christian. Send them to me as an attachment & I'll send you the urls. -- Mike B
Revision [4556]
Edited on 2005-01-12 22:29:18 by ChristianBarthelemy [Who can add some screenshots I took?]Additions:
- manage the attachments (add/delete)
1) If you are allowed to write a page then you can manage the attachments (add/delete)
- A menulet action (WikkaMenulets : attachments) to call the handler via a menu
Add some screenshots {{files}}: there are 3 screenshots I would like to provide but I am not allowed to do it :-(
1) If you are allowed to write a page then you can manage the attachments (add/delete)
- A menulet action (WikkaMenulets : attachments) to call the handler via a menu
Add some screenshots {{files}}: there are 3 screenshots I would like to provide but I am not allowed to do it :-(
Deletions:
1) If you are allowed to write a page then you can manage the attachements (add/delete)
- A menulet action (WikkaMenulets : attachements) to call the handler via a menu
Add some screenshots {{files}}
Revision [4554]
Edited on 2005-01-12 22:26:03 by ChristianBarthelemy [Explanations on my Files Management solution]Additions:
=====Files Management Solution=====
It is indeed compliant with the ACLs, so it is with my solution of ACLsWithUserGroups.
As I cannot have the ModRewrite working on my site, it would be nice if someone could test all this with mod_rewrite.
Add some screenshots {{files}}
It is indeed compliant with the ACLs, so it is with my solution of ACLsWithUserGroups.
As I cannot have the ModRewrite working on my site, it would be nice if someone could test all this with mod_rewrite.
Add some screenshots {{files}}
Deletions:
>>==See also:==
Development: ListfilesAction.>>This is the documentation page for the Listfiles action.::c::
===How to use it?===
This particular action can be called in different ways:
""{{listfiles}}"" displays all the files attached to the current page
""{{listfiles page="AnotherPage"}}"" displays all the files attached to another page (provided that the user is allowed to read it)
""{{listfiles file="MyFile"}}"" displays a link to the file named ""MyFile"" attached to the current page (provided the file exists)
""{{listfiles file="MyFile" title="My title"}}"" same as above with "My title" being the text displayed to the link
""{{listfiles page="AnotherPage" file="MyFile"}}"" display a link to the file named ""MyFile"" attached to ""AnotherPage""
""{{listfiles page="AnotherPage" file="MyFile" title="My title"}}"" same as above with "My title" being the text displayed to the link
Nothing I can think about right now.
