New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Public status of nested folders inside unpublished folders #6990
Comments
I agree with the points raised. It does make more sense for new folders to start off as private if they're inside a private folder. This would definitely help avoid any mix-ups with files and folders getting shown when they shouldn't be. Seems like a smart move to keep things safe and easy without being extra cautious. |
I support the issue. I would not like to change the complete default behaviour since I know this would confuse a lot of current (power) users of Contao I guess. To have the current situation improved I suggest to
All of the above is about the file manager. @ThomasKettner also mentioned automatically generated member folders. I agree with him but cannot think of a simple rule here. I also see the problem that checking only the parent folder is not enough when the path would be "files/protected/public/protected/new-subfolder" but I would consider that a known limitation. |
When Contao 4 was released the default was that the "public" checkbox was not enabled. By popular demand this was changed, since users where used to folders being public by default - as was the case in Contao 3 and as is likely the most common use-case anyway. I am against changing this behavior for protected folders for the following reason: if you have one or multiple back end user groups for editors, you will want to give them a file mount that is protected. Otherwise, if this is the only mount they receive, they will never be able to create a protected folder themselves. Because you cannot have a protected folder within a public one - only the other way around. If we implemented this change in general, this would basically restore the original behavior when Contao 4 was first released for these back end editors. They would have to specifically always enable the checkbox when they create a new folder within their file mount. Of course you could create two file mounts per back end user group: one "public" one and one "protected" one. But in larger multidomain setups with multiple independent back end user groups I prefer to give just one file mount per user group where they can manage their content freely. |
I can see your point @fritzmg
|
Thank you for your time, @fritzmg. What do you think about the automatically generated user folders. Would that be a valid addition that those could be marked "protected", e. g. in the registration module. |
Automatically generated user folders are never public (their parent can be of course) - or what exactly do you mean? |
Ok. That is fine. |
But that goes against why this was changed originally in the first place. Now you would have to explicitely set every new folder within |
Hm. OK. All I can say is that I would use a user-group1-public and user-group1-protected in the root of files, if I had several user groups with filemounts. This is a personal matter of course. |
Affected version(s)
4.13
Description
As already discussed in Slack, I am tumbling about the process that new folders are set to "published" by default, when nested inside an unpublished folder. I am still not sure whether this is intentional, a bug, or never been thought about.
When protecting a folder I expect the whole content to be protected, no matter what type, by default. This includes files as well as folders. In our experience this is the main logical principle. Having unprotected folders nested in a protected folder should be possible as an exception (I do not see many reasons to do so) and not as a default process. Subfolders often need to be created in order to organize a growing number of files. It seems quite surprising when these are suddenly published.
To turn around this default process would increase security as well as usability. Editors do not need to be extra cautions when creating folders or content.
Same goes with automatically generated member folders. We have several cases where members upload content that should not be public by default. But every member folder created is automatically set to published.
Therefor I strongly advise to change this process in order to increase security.
The text was updated successfully, but these errors were encountered: