[opencms-dev] Multitenant configuration

Christoph Fröhlich cfauto at folge2.de
Mon Dec 10 06:42:17 CET 2012 

Hi Alessandro

you can use a 
-------------
I_CmsGalleryWidgetDynamicConfiguration
----------------
to set the startup folder for your widget dynamically on a per request base.


Just write an implementation of the interface and configure it in the schema like this:
---------------------
<layout element="Downloads" widget="DownloadGalleryWidget" configuration="{class:f3.cms.F3DynamicDownloadWidgetConfiguration}" />
------------------------

We use this in a project where different users should not be able to see files that others have uploaded. Mainly to prevent linking to these files. 

In the getStartup(...) Method we assert or create a dedicated folder for the current user and set the startup for the widget to that folder. 

Regards
Christoph


Am 05.12.2012 um 17:06 schrieb Alessandro Magnolo <alessandro.magnolo at gmail.com>:

> Hello Tobias.
> 
> Opencms version is 8.5.0.
> I have two OUs; each of them have a project within a dedicated folder.
> 
> If I login with an OU user, in the workplace I can see both his OU
> folder and the other OU folder, and their contents. I can upload a
> file in the OU folder but can't upload files in the other OU folder,
> the upload button is grayed out (this is correct).
> 
> If a open a structured content document for edit, in the VfsFileWidget
> I can browse to the other OU folder and link to a file there (this is
> what the original poster was talking about and should be avoided).
> While I'm browsing the other OU folder, I can click the "upload"
> button and upload a file. The file gets stored in the folder where in
> theory I sould be forbidden to write (the one where the upload button
> is grayed out in the workspace).
> 
> The structured document element is defined as:
> <xsd:element name="VariableLink" type="OpenCmsVfsFile" minOccurs="1" />
> 
> With the layout:			
> <layout element="VariableLink" widget="VfsFileWidget"
> configuration="hidesiteselector|projectaware" />
> 
> I didn't set a "startsite" configuration because the same XSD is to be
> used by two (or more) OUs, and each of them should have a different
> startsite. By the way, is there a way to set a different startsite?
> 
> I hope you have enough information to reproduce the bug; tell me if
> you need further assistance.
> 
> Regards,
> Alessandro Magnolo
> 
> 
> On Wed, Dec 5, 2012 at 3:46 PM, Tobias Herrmann <t.herrmann at alkacon.com> wrote:
>> Hi Alessandro,
>> 
>> this should not be possible.
>> Please state which OpenCms version you are using and how you have set up
>> your permissions.
>> We would like to verify the issue and fix it, if it is a bug.
>> 
>> Greetings, Tobias
>> 
>> --
>> 
>> Alkacon Software GmbH - The OpenCms Experts
>> 
>> http://www.alkacon.com
>> http://www.opencms.org
>> 
>> Am 05.12.2012 15:35, schrieb Alessandro Magnolo:
>> 
>>> It gets worse: if you use the DownloadGalleryWidget layout widget, a
>>> user can write in any folder of the entire opencms installation, even
>>> in folders where he can't write using the workplace (AKA Explorer
>>> view).
>>> 
>>> In other words, the DownloadGalleryWidget bypasses the permission
>>> checks on the VFS, that normally don't allow an OU user to write in
>>> other OUs folders. This is extremely dangerous.
>>> 
>>> 
>>> Alessandro Magnolo
>>> 
>>> 
>>> On Wed, Dec 5, 2012 at 11:53 AM, Kunicke, Holger
>>> <holger.kunicke at av-studio.de> wrote:
>>>> 
>>>> Hello List,
>>>> 
>>>> does everybody knows a possibility to restrict the automatism of an
>>>> "OpenCmsVfsFile" field, which transforms absolute into relative URLs, to
>>>> an
>>>> OU or deactivate this completely?
>>>> 
>>>> My reason for this question is:
>>>> We have more clients in one CMS and the probability is given that our
>>>> clients creates links between them.
>>>> 
>>>> Regards
>>>> Holger
>>>> 
>>>> _______________________________________________
>>>> This mail is sent to you from the opencms-dev mailing list
>>>> To change your list options, or to unsubscribe from the list, please
>>>> visit
>>>> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>>>> 
>>>> 
>>>> 
>>>> 
>>> _______________________________________________
>>> This mail is sent to you from the opencms-dev mailing list
>>> To change your list options, or to unsubscribe from the list, please visit
>>> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>>> 
>>> 
>>> 
>> _______________________________________________
>> This mail is sent to you from the opencms-dev mailing list
>> To change your list options, or to unsubscribe from the list, please visit
>> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>> 
>> 
>> 
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
> 
> 
> 

-------------------------------------------------
Christoph Fröhlich
Folge 3 GmbH
Stresemannstraße 161
22769 Hamburg

+49 +40  79 69 48 78
cf at folge3.de
http://www.folge3.de
-------------------------------------------------
Geschäftsführer: Christoph Fröhlich, Anja Künzel
Handelsregister: HRB 105806, Amtsgericht Hamburg 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20121210/88761e0b/attachment.htm>

More information about the opencms-dev mailing list