Users can delete subfolders created by other users

Last post 09-20-2011, 3:17 PM by Adam. 3 replies.
Sort Posts: Previous Next
  •  09-14-2011, 5:54 AM 70048

    Users can delete subfolders created by other users

    For document uploads, we are using "SetSecurityFileNamePrefix" to ensure that each user only sees documents that he or she has uploaded.  However, the problem is that any user can create a subfolder, and these subfolders can by seen by anybody.  This means that User A can delete a subfolder created by User B.  Even though User A only sees the subfolder and not any of the files inside it, when User A deletes the subfolder, he ends up deleting all of the files that are inside it, including all of those files created by User B!

    Is there any way to make it so that subfolders (like documents) can only be viewed by the users who created them?  Better yet, is there any way to disable the "create a subfolder" functionality altogether?

    Thank you,
    David Cohen

  •  09-14-2011, 7:40 AM 70051 in reply to 70048

    Re: Users can delete subfolders created by other users

    Hi ddcohen,
     
    Please open file "CuteSoft_Client\CuteEditor\Configuration\Security\Default.config "
     
    Find section below
     
        <security name="AllowCreateFolder">true</security>
        <security name="AllowDeleteFolder">true</security>
     
    Change to false
     
    Regards,
     
    ken
  •  09-14-2011, 12:21 PM 70054 in reply to 70051

    Re: Users can delete subfolders created by other users

    Great; that does the trick!  Thank you.
  •  09-20-2011, 3:17 PM 70121 in reply to 70054

    Re: Users can delete subfolders created by other users

    ddcohen:
    Great; that does the trick!  Thank you.
     
    ddcohen,

    Just a suggestion:
    The above security settings can be set programmatically.

    C# Example:
     Editor1.Setting["security:AllowCreateFolder"]= "false";
     Editor1.Setting["security:AllowDeleteFolder"]= "false";


    VB Example:
     Editor1.Setting("security:AllowCreateFolder")= "false"
     Editor1.Setting("security:AllowDeleteFolder")= "false"

     For admin users, you can enable those functions. And disable them for regular users.
    Hope it helps.
     

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

    Filed under:
View as RSS news feed in XML