Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Added option to guard a dir #126

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Feature: Added option to guard a dir #126

wants to merge 1 commit into from

Conversation

ceesvanegmond
Copy link
Contributor

This feature enables developers to set an guardDir in their elfinder configuration.
Sometimes you want that the client can only upload media in specific folder. This folder may change on runtime. This feature enables this. You basically set an data-guarddir on your which is an path, relative to the root media dir. Maybe the word guard is misplaced, but I couldn't find a better name that suits these needs.

@barryvdh
Copy link
Owner

Hmm, this doesn't really seem safe, does it? It uses a GET parameter to set the guard dir?

@ceesvanegmond
Copy link
Contributor Author

@barryvdh Right now, yes. This acutally needs a better implementation than this. Is this an idea that could be merged if it's coded the right way?

@ceesvanegmond
Copy link
Contributor Author

@barryvdh And it's a GET because it's optional.

@barryvdh
Copy link
Owner

Why don't you just change the path in the roots?

@ceesvanegmond
Copy link
Contributor Author

@barryvdh That could be done, but not on runtime right? You have to set this path in the config file.

@barryvdh
Copy link
Owner

Why would you want to do it on run-time? Anything done by Javascript is not secure.

@ceesvanegmond
Copy link
Contributor Author

OK, i'll give an example. Maybe you get the point then.
Were building a CMS, were our client can crud stuff; news for example.
The client is going to add news, therefore an image could be used as a header.
This means that there must be an on the news add/edit page.

In the past this was just a simple <input type=file> attribute, but we were thinking; maybe we could use the standalone version of elfinder for this. It enables the client to get into medialibrary (on a specific level) and upload/edit/etc their stuff. What we want; if client uploads news, we want it to always go in a specific directory especially for news. Same is happening for images specific for users/blogs.

Folder structure:

  • public/media/uploads
  • public/media/uploads/news
  • public/media/uploads/users
  • public/media/uploads/blogs

What we don't want is the client to upload images specific for news; to upload them in another directory then the news directory. That's why we came up with this idea to guard the dir. Cool thing about this is that there could be multiple standalone medialibraries, on the same page, with their own guarded dir.

I hope you understand why we added this feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ceesvanegmond @barryvdh