LetoDMS Community Forum
Prohibit File Download - Printable Version

+- LetoDMS Community Forum (https://community.letodms.com)
+-- Forum: LetoDMS Support (https://community.letodms.com/forumdisplay.php?fid=4)
+--- Forum: General Questions (https://community.letodms.com/forumdisplay.php?fid=15)
+--- Thread: Prohibit File Download (/showthread.php?tid=488)

Prohibit File Download - yerg - 04-27-2012

Looking to block download of files
This may be site wide or specific user/group
Doesn't matter for now.

--- edit ---
out/out.ViewDocument.php is the way to go here but only partially

The popup window gives additional tools to allow the file to be downloaded.

Hmmm back to the text editor




RE: Prohibit File Download - steinm - 04-27-2012

(04-27-2012, 01:36 PM)yerg Wrote: Looking to block download of files
This may be site wide or specific user/group
Doesn't matter for now.

I'm thinking out/out.ViewDocument.php is the way to go here but may be wrong.

out/out.ViewDocument.php isn't enough. It just outputs the links to the download page op/op.Download.php. Somebody with some knownledge on how letodms works could easily access the document anyway. If you want to reliably prevent somebody from downloading a document you will have to do it in op/op.Download.php.

The idea isn't bad and it raises the question whether the current access restrictions could be extended by a 'download allowed' option. IMHO, this would be the most reasonable way to go, but I doubt it is easy to accomplish. Access rights have a given order of 'no access', 'read access' and 'write access'. 'download' should probably be between 'read' and 'write'. Internally the access rights are stored as 1,2, and 3. So, adding a new right requires reordering and lots of changes to the database content.

Uwe

RE: Prohibit File Download - yerg - 04-27-2012

(04-27-2012, 02:08 PM)steinm Wrote: out/out.ViewDocument.php isn't enough. It just outputs the links to the download page op/op.Download.php. Somebody with some knownledge on how letodms works could easily access the document anyway. If you want to reliably prevent somebody from downloading a document you will have to do it in op/op.Download.php.

Was just digging round in the files and looking for the download files so thanks for that.