New shared files module details

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

1/10/2010 11:49:00 AM

retroviz

Total Posts 72

View Posts

New shared files module details

Hi,

Is there a demo of the new shared file modules available anywhere? I had a look on the demo site but it looks like this is the original.

I would like to know what new features this module will have as I need to add Amazon S3 support and wondered if this was included.
If not, is the new module just a new front end for the shared files module or is it built differently (data access etc.).

Thanks

Ben

1/11/2010 6:20:12 AM

Joe Audette

Total Posts 18439

View Posts

Re: New shared files module details

Hi Ben,

There are some improvements in the Shared Files feature but you may be confusing some of the talk about UI improvements to the File Manager which is not the same thing. File Manager is for actually managing the server file system and Shared Files is for sharing files in a secure way protected by roles.

Sorry but support for Amazon S3 is not included nor is it on the near term horizon.

In version 2.3.3.2 we added some new grid styles you can use for Shared Files to make it a little prettier. If you upgraded from an older version though you would have to manually add the new css to the list in your style.config. On upgrades we only update the skins in the catalog at /Data/skins, we do not touch skins used by the site at /Data/Sites/[SiteID]/skins because they may have been customized. So you may want to copy skins from the catalog to the site specific directory or compare your custom skin to skins included there.

As far as improvements for Shared Files that are coming in the next release:

tracking of download counts for each file
addition of a description field which is indexed into the search index
files that match a search result now produce a download link in the search results rather than a link to the page containing the Shared Files. This requires rebuilding the search index.
options to show/hide columns in the grid

Best,

Joe

1/11/2010 8:23:11 AM

retroviz

Total Posts 72

View Posts

Re: New shared files module details

Hi Joe,

Sorry yes I must have misread the post. It is the Shared Files module I was referring to, not the File Manager.

In this case I would like to add the functionality to the existing FileShare module so will contribute this back if thats okay.

Virtually everything in the module will stay the same, the only difference is that when UseAmazonS3 is enabled, the file module will upload/download files to/from the specified S3 bucket instead.

Thanks

Ben

1/11/2010 8:29:13 AM

retroviz

Total Posts 72

View Posts

Re: New shared files module details

I have one more question.

I am hiding specific shared files modules from anonymous users.

However, I notice that if I log in and copy the url of one of the files, then log out, I am able to navigate to the file directly, unathenticated.

How can I ensure that only authenticated users are able to download the files.

Thanks

Ben

1/11/2010 8:59:03 AM

Joe Audette

Total Posts 18439

View Posts

Re: New shared files module details

Hiding is not a security feature, it is cosmetic only.

To protect files you make either the view permissions of the page or module allow only specific roles and the download page will enforce that. So you would set the View Roles to "Authenticated Users" which is a role that all users get added to automatically when they register.

I'd be interested to see what you come up with for Amazon S3 support, however if the files will be served by an url that points to an amazon server I do not know how you will secure the files.

The way it works in the Shared Files feature is the we store all the files on disk with a .config extension which is an extension protected by .NET so files with this extension cannot be retrieved by an url directly to the file even if you know what the url is. This allows us to enforce role permissions on files that otherwise IIS would gladly serve up if the url is requested. What we do is check permissions and if the user has permissions then we serve the file with Response.TransmitFile and we change it back to it's original extension as we serve it.

So I don't know how you will enforce security if the files can be retrieved directly by an url to an Amazon S3 server.

Best,

Joe

1/11/2010 10:25:25 AM

retroviz

Total Posts 72

View Posts

Re: New shared files module details

I must admit I still have a lot of reading to do about the S3 API. However, from what I know already, you have access control on your S3 buckets so mojoPortal can authenticate to S3 but a direct link would not.

In this way mojoPortal will still authenticate user to check whether they are allowed to view the file (thanks for info regarding correct permission usage btw) and then it will authenticate to S3.

Will let you know how I get on.

Thanks,
Ben

You must sign in to post in the forums. This thread is closed to new posts.