Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
Images and links available only to "upload" users
Avatar
vitom #1
Member since Feb 2019 · 3 posts
Group memberships: Members
Show profile · Link to this post
Subject: Images and links available only to "upload" users
Hello,
I have a problem with greebo on a shared hosting.
The images are not shown, and any link from the media manager opens a "forbidden" page, if the user doesn't have upload permissions.
This is weird, because "upload" users correctly see links and images, so I don't think it's a server problem... anyone can help?
Thanks!
Avatar
schplurtz (Moderator) #2
Member since Nov 2009 · 463 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
Hello,

might be an ACL problem. https://www.dokuwiki.org/acl

If you need more help, paste your conf/acl.auth.php file and a relevant excerpt of a page showing the issue.
Avatar
vitom #3
Member since Feb 2019 · 3 posts
Group memberships: Members
Show profile · Link to this post
Thanks schplurtz,
I am not 100% sure because I did not receive feedback from the users, but it is possible that this happened after I updated dokuwiki to greebo with the built-in upgrade tool.

# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: Fri, 12 Jan 2018 21:52:34 +0000
*    @ALL    0
*    @user    0
*    @smr    1
demo_sb    m%2erossi    2
management    @customer    1
n1cx    @n1c2    1
n1cx    @smr    0
mapper    @smr    0
mapper    @customer    1
monitor    @smr    0
monitor    @customer    1
playground    @admin    0
smartbin    @smartbin    1
smartlock    @smartlock%5feditor    2
smartlock    @smartlock    2
smr    @smr    0
smr    @customer    0
start    @n1c2    1
start    @smr    1

read/write user accessing to smartlock page (e.g. smartlock or smartlock_editor)
https://drive.google.com/open?id=1CTqbPkqzCkk-PLVhtQ-bFRaG…

If user clicks on the linked pdf, it will open a "forbidden" page.

admin user accessing to smartlock page, or any user I give "upload" rights
https://drive.google.com/open?id=1zExo3CCE9wEfBTfhHPZEWsMS…

All links and image works fine
Avatar
schplurtz (Moderator) #4
Member since Nov 2009 · 463 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
You have quite a lot of restricted area (with permission set to 0)

The problem comes from the fact that media don't have individual access rights. They get the rights that are granted to the namespace they are in.

With your current ACL
  •    @user    0  members of group user have no right at all for anything (including any namespace)
  •    @smr    1  members of group smr have read access for anything (including any namespace)
  •    @ALL    0  members of other group and anonymous users have no right at all for anything (including any namespace)
No other ACL for any other namespace. So theses rules will apply to any namespace.

The rest of the ACL gives various rights (read write) to some pages only. But their rights on media are governed by the acl set on the namespace.

This is thus normal that non admin (ACL don't apply to admins) users not member of smr can't see the images.
Also, note that there is no "upload" user. With your current config, only admins may upload. upload rights are 8+

I suggest that you review https://www.dokuwiki.org/acl and fix the ACL.

Maybe, what you need is like this, if monitor is a namespace and not page. (but I can't know, it all depends on the structure of your wiki)
monitor:* @smr 0
monitor:* @customer 1

If you have a flat wiki (no namespace), giving rights on media but not on pages will be almost impossible. Because you must give at least read access on the whole wiki (* @smr 1) in order to give access to the media and explicitely remove rights for any page that the members of the group smr should not access. You would end up with hundreds of rules, and each new page would require new ACL. multiply by the number of groups, and you get an idea of the problem. You might have to reorganize your whole wiki, pages and media.

I see no reason why the upgrade tool would change the ACL.
Avatar
vitom #5
Member since Feb 2019 · 3 posts
Group memberships: Members
Show profile · Link to this post
Thanks.
It was indeed not a problem of the update tool, but the users which never noticed they could not see the images until now :/
It seems that the cleanest solution is to setup namespaces. It's a bit painful, because the move plugin don't allow to copy media from namespace *, but it's doable.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-08-24, 02:41:13 (UTC +02:00)