Limit access to file tree (filemanager_path ?)#

In a previous thread on this topic Bob Ray mentioned the filemanager_path, but no details. The official docs have a page, but also no details on where to find it or what to do with it.

Problem (not new): To enable a client with very low level permissions (towards 999) to be able to edit his resource, click (e.g.) an image TV on the resource and then only be able to see one specific folder to find his images in (in the MODx Web Browser). Also needs to be able to upload images and only see his folder in the file tree.

Is filemanager_path the key? Is there a doc that explains how to do this (I've drawn a blank with Google).

Threads refering (I think) to Evo mention User settings, but in MODx Revolution 2.2 I can't find anything under Security->Manage Users.

Thanks in advance.

P.S. Is there a digital version of Bob's book or do you guys have to put a heavy paper version on a plane and fly it to the other side of the world?

Contrary to my old post, filemanager_path is deprecated (and ignored) in 2.2. That's now done with Media Sources: http://rtfm.modx.com/display/revolution20/Media+Sources.


There's no digital version of the book yet, but we're starting to think about starting to work on it. It may be a while though. There are a number of technical issues to work out.


---------------------------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
MODx info for everyone: http://bobsguides.com/modx.html

Thanks for the pointer to the Media Sources info. 3 nice pages. It worked eventually. Just had to make sure that the Access Policy for the client had the right permissions (otherwise the client sees the folder in the MODx browser after clicking the TV but doesn't see the contents and can't do anything with it). In case it helps anyone else, let me summarise the steps here (not 100% sure about the permissions).

Aim To give a client (with very limited permissions) ability to edit a folder of photos via a TV, and only see his/her folder once the MODx Web Browser pops up. The folder will be created in the assets/ directory.


Create user group, role and access policy
Before creating the TV and setting up the media source, you need to have a user group, user role and access policy set up for the client (Security -> Access Controls). The access policy needs to give the user permissions to work with files otherwise the TV described below will not work. I created a duplicate of the Content Editor policy then selected: directory_list, file_list, file_manager, file_remove, file_update, file_upload, file_view.

Create media source
1. Tools -> Media Sources

2. Click "Create New Media Source".

3. Enter name: Client Source. Choose source type: File System. Save.

4. Right-click Client Source to select Update option.

5. Under the General Information tab, find properties.

6. Add value assets/ for basePath and assets/ for baseURL (double-click the value area in the grid to enter the value). assets/ will be the relative path to the folder for the client.

7. Click Save top right.

8. Client Source now appears under the Files tab on the left of the manager area above the file tree (click the arrow to the right of Filesystem to see it).

Create TV that will be tied to the Client Source
1. Create TV, set input to image.

2. Click Media Sources tab and then double click in the Source column of the grid to select Client Source to be used in the web context.

3. Assign TV to a template.

4. Save.

Set access permissions for only one client group
1. Tools -> Media Sources

2. Right-click Client Source to update it.

3. Under the Access Permissions tab click "Add User Group".

4. You need to give yourself exclusive permission to edit and delete that resource. Enter User Group: Admin; Minimum Role: 0; Policy: Media Source Admin. Save.

5. Now you need to give the client limited permissions to access this source, so click to add another user group. To do this you already have to have created a user group and a role for the client (Security -> Access Controls).

6. Enter User Group: (the name of the group you created for clients);Minimum Role: (the role you created for clients); Policy: Media Source User. Save.

7. Click Save top right.

8. Flush Sessions (Security -> Flush Sessions) and then re-login to the manager as the client to check the behaviour of the TV.