m (moved CKFinder/Developers Guide/ASP/Configuration/Access Control to CKFinder 1.x/Developers Guide/ASP/Configuration/Access Control) |
|||
(2 intermediate revisions by 2 users not shown) | |||
Line 25: | Line 25: | ||
If you want to restrict the upload, rename or delete of files in the "Logos" folder of the resource type "Images": | If you want to restrict the upload, rename or delete of files in the "Logos" folder of the resource type "Images": | ||
<pre>Set accessControl(1) = DefineAccessControlItem("*", "Images", "/Logos", true, true, true, true, true, false, false, false)</pre> | <pre>Set accessControl(1) = DefineAccessControlItem("*", "Images", "/Logos", true, true, true, true, true, false, false, false)</pre> | ||
− | The above example only refers to file operations in the folder "/Logos" itself. It doesn't restrict operations on the folder so the user can delete or rename the folder. In order to limit users ability to modify the folder (not its | + | The above example only refers to file operations in the folder "/Logos" itself. It doesn't restrict operations on the folder so the user can delete or rename the folder. In order to limit users ability to modify the folder (not its contents) you should change permissions in the parent folder. |
==== Example 2 ==== | ==== Example 2 ==== | ||
Line 35: | Line 35: | ||
=== Sessions === | === Sessions === | ||
− | |||
− | |||
− | |||
− | |||
− | |||
The RoleSessionVar is a session variable name that CKFinder must use to retrieve the "role" of the current user. | The RoleSessionVar is a session variable name that CKFinder must use to retrieve the "role" of the current user. | ||
<pre>CKFinder_Config.Add "RoleSessionVar", "CKFinder_UserRole" | <pre>CKFinder_Config.Add "RoleSessionVar", "CKFinder_UserRole" |
Latest revision as of 07:46, 28 May 2010
Access control is a way you to give your users different permissions while working on folders and files. The default setting in the config.asp file gives permission to every user and permits all the options. In order to change this configuration you must firstly know the basic of the accessControl(0) function placed in the config.asp file.
The syntax of the ACL Items
The syntax of the ACL entries is as followed:
Set accessControl(0) = DefineAccessControlItem("*", "*", "/", true, true, true, true, true, true, true, true)
Functions are definied in the following order:
Function DefineAccessControlItem( _ role, resourceType, folder, _ folderView, folderCreate, folderRename, folderDelete, _ fileView, fileUpload, fileRename, fileDelete )
- role
The role is an attribute which sets the type of the user. It is set to "*" as default and you may treat as 'every user'. You may set this parameter to other name like: 'user' or 'limited_functions'. The name of the user type will be directly connected to the function the user may use.
- resourceType
The resourceType defines the resources handled in CKFinder. A resource type is nothing more than a way to group files under different paths, each one having different configuration settings. e.g. Images, Flash, Files.It is set to "*" as default and means that all of the resources are available.
- folder
Folder determines where your limitations will be used. By placing the folders name you specify the place you want to put your restrictions in. It is set to "/" as default so no folder is set.
- folder and file options
The rest of the variables are bool type and can be set as true or false. True of course enables an option, false disables it.
- other information
Many "AccessControl" entries can be added. All attributes are optional.
Subfolders inherit their default settings from their parents' definitions.
Example 1
If you want to restrict the upload, rename or delete of files in the "Logos" folder of the resource type "Images":
Set accessControl(1) = DefineAccessControlItem("*", "Images", "/Logos", true, true, true, true, true, false, false, false)
The above example only refers to file operations in the folder "/Logos" itself. It doesn't restrict operations on the folder so the user can delete or rename the folder. In order to limit users ability to modify the folder (not its contents) you should change permissions in the parent folder.
Example 2
Set accessControl(1) = DefineAccessControlItem("*", "Images", "/", true, true, false, false, true, false, false, false)
Now a user can view and create a folder, but he will be unable to rename or delete it.
Note:Please, remember to adjust Dim accessControl(0) to Dim accessControl(1) as necessary.
Sessions
The RoleSessionVar is a session variable name that CKFinder must use to retrieve the "role" of the current user.
CKFinder_Config.Add "RoleSessionVar", "CKFinder_UserRole"
To switch between different user roles, simply change the session variable:
<% Session("CKFinder_UserRole")="admin" %>
Example 3
In your config.asp file you can create three different roles:
First role, every user (wildcard "*" is used):
Set accessControl(1) = DefineAccessControlItem("*", "*", "/", true, false, false, false, true, false, false, false)
Second role registered user:
Set accessControl(2) = DefineAccessControlItem("registered", "*", "/", true, true, false, false, true, true, false, false)
Third role admin:
Set accessControl(3) = DefineAccessControlItem("admin", "*", "/", true, true, true, true, true, true, true, true)
You've created three different users permissions. The default user (everybody) is allowed to browse all files and folders. Registered user has also the ability to upload files and create folders. The administrator has full permissions.
Now let's say you have an authentication mechanism somewhere in your web application. Command and assign one of the pre-defined roles to the user:
<% Session("CKFinder_UserRole")="admin" %>
if you want to use the admin role.
<% Session("CKFinder_UserRole")="registered" %>
if you want to use the role assigned to registered users.
<% Session("CKFinder_UserRole")="guest" %>
guest doesn't have assigned any specific permissions, so the default values are used (defined with "*")
<% Session("CKFinder_UserRole")="any_other_value" %>
same situation, default values are used.