Upload delete & access rights : confusing

Phoca Download - download manager
User avatar
fabio42
Phoca Member
Phoca Member
Posts: 25
Joined: 09 Oct 2018, 16:39

Upload delete & access rights : confusing

Post by fabio42 » 18 Mar 2020, 19:53

Hello !
I am trying to make sense out of the "upload" functionality of the phoca download plugin which I find great anyway.
I have 1 category. Let's call it CAT1.
I have multiple users: let's take the case of U1.
For the category (CAT1), my parameters are the following :
ACCESS : the group in which U1 belongs (GROUP 1, let's call it)
ACCESS RIGHTS : I don't know what information to provide. I left it blank as I assume I don't need to choose anything as any user from GROUP 1 will be allowed to view this category in order to upload into this category (this is the feature I'm looking for actually)... right ? please, help me understand the difference (between ACCESS and ACCESS RIGHTS) as the description in the documentation is brief and not evocative to a non-developper.
UPLOAD RIGHTS : I selected "all registered users" because I know ACL groups cannot be included in this list (in my wishlist, I would love to be able to select "GROUP 1"), and I also selected "myself" as a possible uploader (as an administrator)
DELETE RIGHTS : here comes the confusing part. I selected nobody because normally, the user who uploads in this category has automatic deletion rights, correct ? And anyway, for this category, many users are going to upload in CAT1, so I don't want to choose one person among 30 who are going to upload in this category. :x

NOW comes the live testing ...
When U1 uploads a file, then, he is supposed to be able to delete it because he has the rights to. But after uploading the file, the icon "delete" is greyed out, so U1 cannot delete it ... where am I going wrong ? :cry:
Moreover, I tried to select "myself" as a possible deleter (when I say "myself", I mean I am a member of the superuser group), but when I login in the frontend, I can neither see the documents published by U1 nor delete them as well ... I am left confused. I know that I can delete - as a superuser - documents in the backend, but what is the point of proposing in the parameters a multiple selection if only the user who uploaded can delete his OWN file ? The multiple selection leads us to think that you can have many people being able to delete the files of one other person ... don't you think ?
Strangely enough, whatever I do (set myself as user in the ACCESS RIGHTS or not), I can still access CAT1 on the frontend ... how come ? normally if I'm not a user allowed in the ACCESS RIGHTS, I should not be able to have access to CAT1 ?? no ?

THANKS A LOT for clarifying all those points as I dearly need this upload function to work.
Fabio

Tags:

User avatar
Jan
Phoca Hero
Phoca Hero
Posts: 42096
Joined: 10 Nov 2007, 18:23
Location: Czech Republic
Contact:

Re: Upload delete & access rights : confusing

Post by Jan » 22 Mar 2020, 22:17

Hi, first, in frontend, only users who have rights to do, can manage "their" files (delete, publish). You as administrator can manage such files only in administration.

Difference between Access and Access Rights is, that in Access you can set a group which can access (download) the files but if the group is too general, you can specify it more and select e.g. only one user from this group. So then only one user can download such file. (Access rights extend Access and needs to be set correctly - selected user must be included in selected user group)

Upload and Delete rights are not set automatically. Just imagine that you want, users who upload files, cannot delete these files. If you will suppose, user who uploads the file can automatically delete it, then you will be not able control the delete rights.

So no, when you have upload rights, you don't have automatically delete rights.

See similar post with examples:
viewtopic.php?f=31&t=60991&p=160315#p160315

Jan
If you find Phoca extensions useful, please support the project

User avatar
fabio42
Phoca Member
Phoca Member
Posts: 25
Joined: 09 Oct 2018, 16:39

Re: Upload delete & access rights : confusing

Post by fabio42 » 23 Mar 2020, 12:53

Thanks ! Everything is clear now.
ACCESS is access (right) to download and NOT TO viewing the upload categories in the dropdown menu (of the upload view) !!! I was totally misled :x because my aim was to ensure that only ACCESS RIGHT users of a special group had ACCESS RIGHTS to one specific upload category.

Top of the top would be :
- the possibility for the administrator to direct the uploaded files to a directory created on the server (for example : /joomla/category1/). This would be so much easier for the administrator to collect all the files uploaded by users in frontend ! (in one bundle, and not by right clicking one by one on each file to get them because this is kind of a hassle when users upload lots of files)
- the possibility to have custom ACL groups included in "delete rights" and "upload rights"
- the option for the administrator to be a deleter on the front end too (an option chosen ... or not)

Keep up this great work ! Your component remains one of the best ones on the market for the moment ! :twisted:
Fabio

User avatar
Jan
Phoca Hero
Phoca Hero
Posts: 42096
Joined: 10 Nov 2007, 18:23
Location: Czech Republic
Contact:

Re: Upload delete & access rights : confusing

Post by Jan » 23 Mar 2020, 22:23

Hi, I have added them to feature request list.

Jan
If you find Phoca extensions useful, please support the project

Post Reply