| User | Post |
|
3:17 pm
January 21, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Greetings,
I want to thank you for your help with my previous problem. I've run into something new just this evening and wondered if anyone had any advice…
I'm using Role Scoper 1.0.0-rc8 to limit access to certain areas of my site (using Wordpress 2.6.1 as a CMS for a non-profit). With your previous assistance, everything's meeting my needs perfectly. One little issue I ran into today was having to limit the access of documents and files on our site to only those who should have access to them. When I read that Role Scoper had this ability, I read up on what I needed to do and updated my permalinks.
It seems that it's now not allowing access to any files located in the /uploads folder even when logged in as Admin, not to mention the other user roles. The "Filter Uploaded File Attachments" checkbox is grayed out under the Role Scoper > Options > Features.
Any thoughts and/or suggestions would be greatly appreciated!
Cheers,
NS
|
|
|
3:33 pm
January 21, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Sorry, should've included this (from my .htaccess file):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteRule ^(.*)wp-content/uploads/(.*) /index.php?attachment=$2&scoper_rewrite=1 [NC,L]
</IfModule>
|
|
|
4:04 pm
January 21, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
Are attached files also being blocked? In other words, can you view (by direct URL) a file which is attached to a post that the logged user has access to?
If the problem is only with unattached files, try the Role Scoper Development Snapshot version, which will allow direct access to such files by default.
|
|
|
5:22 pm
January 21, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Hiya Kevin,
Thanks for the quick response.
Attached files are also being blocked. Files can't be viewed by direct URL in a browser (gets a 404 error), logged out or logged in. As it currently stands, all files and images in the /uploads directory cannot be accessed at all.
Is there a special way these files need to be linked within a page? I'm currently just FTPing any files over to the directory and linking them on the site pages.
My ultimate goal would be to restrict access to downloading documents/files to those users who have the correct permissions. We have a members only area and wouldn't want non-members to have access to private documents.
Appreciate your help.
Cheers,
NS
|
|
|
8:33 pm
January 21, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
NerdSpawn said:
Is there a special way these files need to be linked within a page? I'm currently just FTPing any files over to the directory and linking them on the site pages.
My ultimate goal would be to restrict access to downloading documents/files to those users who have the correct permissions.
Those files are all what I call "unattached". The development version (soon to become a formal release candidate) should make your files all accessible to everyone by default.
WordPress, and therefore Role Scoper, has no clean/efficient way to associate files with a particular post/page unless you use the WordPress Media Library upload feature and then "Insert into Post/Page". That's the process WordPress uses to record the attachment relationship. Files attached in this way will have direct URL access filtered to correspond with post/page access.
|
|
|
10:08 pm
January 21, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
Anyone who downloaded that Development Snapshot within the last 8 hours should upgrade to rc8-9122.
|
|
|
3:10 am
January 22, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Kevin said:
NerdSpawn said:
Is there a special way these files need to be linked within a page? I'm currently just FTPing any files over to the directory and linking them on the site pages.
My ultimate goal would be to restrict access to downloading documents/files to those users who have the correct permissions.
Those files are all what I call "unattached". The development version (soon to become a formal release candidate) should make your files all accessible to everyone by default.
WordPress, and therefore Role Scoper, has no clean/efficient way to associate files with a particular post/page unless you use the WordPress Media Library upload feature and then "Insert into Post/Page". That's the process WordPress uses to record the attachment relationship. Files attached in this way will have direct URL access filtered to correspond with post/page access.
Thanks again, Kevin. You're a real credit to the plugin community.
So, I should be using Wordpress' upload feature instead of FTPing. Thanks, I was wondering if that was the case with the /uploads directory. So, after uploading the files that way, I should then be able to filter access to them (only allow access to designated members) using your development version?
I'm really happy to have found that Role Scoper offered this functionality (especially once I can figure it out!) — it seems a really basic idea to restrict file access, in particular for those using Wordpress as a CMS.
|
|
|
7:33 am
January 22, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Hi again,
Sorry to be such a pest!
I've downloaded the latest version you linked to above rc8-9122. Installation's gone through smoothly and now the files in the uploads directory that I have on public pages are now back in working order (phew!).
Did a little testing…
I created a test page with restricted access. Tried uploading a file via Wordpress' "Add Media" browser uploader (the flash version gave me errors) and the upload went through fine, linked on the page fine. Logged off as admin and on as a Test User with access to the test page and upon clicking on the file link, gave me a 404 error. Entered the URL directly into the browser and same error also the same when logged on as Admin.
Not sure where I'm going wrong here! 
|
|
|
9:35 am
January 22, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
Does the file link look valid?
|
|
|
9:59 am
January 22, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
Does the direct URL access to attached files work when you're logged in as admin?
|
|
|
10:03 am
January 22, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
Are you sure the containing post/page is published/private? If its status is draft or pending, the attached files won't be exposed to non-admins.
|
|
|
1:51 pm
January 22, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Sorry Kevin… dinner and toddler intervened. 
So, in fact, I am a complete idiot. The web provider we use has problems with file upload ownership issues with WP Uploader so that's the reason I've been using FTP instead. I can use the built-in uploader but I need to then go in and rename the file uploaded via WP and upload the exact same file via FTP to get correct file ownership. Hugely convoluted and a pain but it does work … with one little hitch that I failed to notice until after I read your comment asking if the file link looked valid. The file name had been changed by the WP Uploader, so when I FTP'ed it across it wasn't the same file name syntax as in the file link. The link had the wrong syntax. Sorry for the novel and for giving all the boring details!
Anyhow, with that sorted, I tried accessing the file with a test user on the private page I'd made earlier. Clicking the link directly on the page itself allowed me to download (great!) and then pasting the URL into a browser window worked too. I then logged out and tried entering the URL directly into the browser and VOILA! 404 Error. Working exactly as it should. Thank you so very much for your patience and for your assistance.
Not sure if it would be of interest, you probably already know about it, but if I manage to recreate the error message I received when using the Flash uploader, I'll make sure to copy it. It was a database error with mention of Role Scoper.
Now I've got to go through the arduous task of moving all the previously FTPed files over into the Uploads directory — argh!
|
|
|
2:38 am
January 23, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Hello again Kevin,
The following is the error message using WP's Flash Uploader:
Warning: array_intersect_key() [EDITED OUT]: Argument #1 is not an array in /vhost/vhost8/g/s/c/EDITED OUT/www/wp-content/plugins/role-scoper/query-interceptor_rs.php on line 1549
Warning: array_intersect_key() [EDITED OUT]: Argument #1 is not an array in /vhost/vhost8/g/s/c/EDITED OUT/www/wp-content/plugins/role-scoper/query-interceptor_rs.php on line 1556
Fatal error: Call to a member function get_term_roles() on a non-object in /vhost/vhost8/g/s/c/EDITED OUT/www/wp-content/plugins/role-scoper/role-scoper_main.php on line 651
No problems at all using the Browser Uploader, just happens with the Flash version right after "Crunching."
Thanks again for your help yesterday!
EDIT: Oops, left my domain in there.
|
|
|
2:33 pm
January 23, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
Helpful bug reports like that are a good way to say thanks.
Can you confirm that this is fixed in the updated Role Scoper Development Snapshot?
|
|
|
4:26 am
January 25, 2009
|
NerdSpawn
Member
| | | |
|
| posts 13 |
|
|
Hello Kevin,
Spent all day Friday uploading and reuploading files, but all is in working order now — missing my FTP uploading already! I can't thank you enough for this plugin, it does exactly what I need it to do for our site.
This coming week, I will upgrade to the version you posted and will let you know if it still happens with the Flash Uploader.
Cheers,
NS
|
|
Login
Register
Search 
Forums
Topic RSS 