掲示板

  1. ホーム
  2. Development
  3. Why site member can upload documents?

Why site member can upload documents?

6年前 に Matthew K. によって更新されました。

Why site member can upload documents?

Junior Member 投稿: 74 参加年月日: 15/08/31 最新の投稿
Hello!
I noticed that a site member with no additional permissions is allowed to add documents to the doclib. Here are the steps I made.
- Install Liferay 6.2 with latest fixpack
- Create new site and new user
- Add this user as a member of the site
- Put asset publisher on a page of that site
- Visit that site with the new user and use asset publisher to add documents

I looked through the permissions of layout, portlet and in general but I haven't found anything which allows the user to add documents with the asset publisher. Why he has write permissions to the doclib of that site and how can I prevent that?
thumbnail
6年前 に Stephen Kostas によって更新されました。

RE: Why site member can upload documents?

New Member 投稿: 20 参加年月日: 09/11/02 最新の投稿
Hey Matthew,
So certain permissions are provided to certain roles by default. The ability to upload documents is something that's included with the Site Member role. Site Members can also view any private pages for the site, so you do need to exercise some care over who is put in a Site Member role for a specific site. In many cases you might have a site that you want to provide public access to, but not allow them to actually become users. In this case, you'll want to use the "Restricted" Membership Type when you create the site, so that users can find and browse the site, but they cannot become members unless added by an administrator.

If you do need to make users site members, there are a couple steps that you can take to prevent them from uploading unwanted documents:

In the Asset Publisher Configuration, under Setup -> Display Settings, you can uncheck the "Show Add Content Button" which will prevent users from
uploading documents through an Asset Publisher.
If you need to add a Documents and Media view to the page, make sure that you use the Documents and Media Display which only displays documents and does not have the option to add them.
Setup a workflow around uploading documents so that any uploaded documents would need to be approved before being displayed somewhere on the site.

Hopefully that helps!

-Steve
6年前 に Matthew K. によって更新されました。

RE: Why site member can upload documents?

Junior Member 投稿: 74 参加年月日: 15/08/31 最新の投稿
Wow, so if I just want a user to view the private pages of a site, he implicitly gets the permission to add documents.
Sounds like poor design to me.
thumbnail
6年前 に Olaf Kock によって更新されました。

RE: Why site member can upload documents?

Liferay Legend 投稿: 6403 参加年月日: 08/09/23 最新の投稿
Matthew K.:
Wow, so if I just want a user to view the private pages of a site, he implicitly gets the permission to add documents.
Sounds like poor design to me.


It's not design. It's just how the default permissions are explicitly set. And they're changeable.

It's kind of expected that default permissions won't be perfect for everyone, so you'd have to validate them anyways and adjust them to your needs. While there is an argument to start with minimal permissions, there's also an argument to start with what gets most people started immediately.
6年前 に Matthew K. によって更新されました。

RE: Why site member can upload documents?

Junior Member 投稿: 74 参加年月日: 15/08/31 最新の投稿
If those permissions were changeable I would not complain about anything. But the site member does not have any permissions. Nonetheless he can add documents by default. You cannot change this permission.
thumbnail
6年前 に Olaf Kock によって更新されました。

RE: Why site member can upload documents?

Liferay Legend 投稿: 6403 参加年月日: 08/09/23 最新の投稿
Matthew K.:
If those permissions were changeable I would not complain about anything. But the site member does not have any permissions. Nonetheless he can add documents by default. You cannot change this permission.


Whoops, this caught me by surprise. Indeed the Site Member role does not have any permissions. What I've found is that the default home folder of the document library allows uploads by Site Members. My first assumption in this case is: To remove these permissions once and for all, you'll have to write code to explicitly not set (or unset) these permissions whenever a new site is created. That's uncomfortable, but at least there's a starting point and a reason for these permissions to exist, and we can continue from there.
6年前 に Matthew K. によって更新されました。

RE: Why site member can upload documents?

Junior Member 投稿: 74 参加年月日: 15/08/31 最新の投稿
Yes, I already thought of that. The problem is that there is no database row for the default folder. Thus I don't have a ressource I can assign any roles to.
I guess this permission is somewhere hardcoded. emoticon
thumbnail
6年前 に Olaf Kock によって更新されました。

RE: Why site member can upload documents?

Liferay Legend 投稿: 6403 参加年月日: 08/09/23 最新の投稿
Nope, it's not hard coded, as I can change it through the UI. I'm suspicious about the wording though - the UI calls it "Home Folder Permissions" if I recall correctly, it might not be a "folder" but some other construct. And no, I refuse to look at the database and prescribe the same to everyone else. The horse has been beaten to death here, but it often leads to manual changes to the database, which causes havoc later on.