Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Users view other files ....
#1
neptunek
2007-06-15 04:07:05 PDT
OpenDocMan is greate soft! Thanks!

But I have a problem.
I have two users: user1 and user2. Next user2 add its files with permision only to user2 everywhere, and when user1 login into system on Document Listing he can view lists of files where owner is user2 - he can't view file but view filename, description etc.
How can I disable it? I want to a files of user2 view only user2 and nobody else.
jonathanwminer


2007-06-18 03:56:22 PDT
Are the users in different Departments?


neptunek
2007-06-21 01:55:10 PDT
No, users are in one Department because I have about 500 users and each user have about 10-20 pdf files. And I want so each users can see ONLY his files when log into system, and when search the results return only him files.

Sorry to my englih Sad


jonathanwminer
2007-06-21 05:23:54 PDT
Check the Department Perms on each document. Maybe go into MySQL and look at the dept_perms table. My guess is that the dept perm should be be -1, which is "Forbidden" as defined in databaseData_class.php.


neptunek
2007-06-21 23:27:23 PDT
YES!!! when I rewrite rights on dept_perms table users can see ONLY his files. Thanks!

But when I add new file this file get in table dept_perms 0 in column rights - I set Forbidden on add form page when I add this file Sad


jonathanwminer
2007-06-22 05:59:48 PDT
I could not duplicate that... I added a document with "All Departments" set to "forbidden", and then checked the database. The rights column contained -1.

Look at the default_Setting and all_Setting variables in add.php; perhaps the default should be -1 (forbidden) instead of zero (none)?


jonathanwminer
2007-06-22 06:34:13 PDT
I think there is another problem with Department rights... Following my prior example, if I add a document with "All Departments" set to "forbidden", I see -1 in the database for all existing departments. But, then if I add another Department, the rights for that document show up as 0 for the new department. It looks like ODM defines "All Departments" as "All (existing) Departments"

From an information security point of view, I think that we should apply the most restrictive setting and make all the documents "forbidden" in the new department. The person who adds the Department may not know how all the document permissions are setup, and the document author may not know that a new Department gets created, and that the document might be now exposed to more users than intended.


Forum Jump:


Users browsing this thread: 1 Guest(s)