⚠️ Urgent! Active Attacks on MODX Revolution Sites Below Revolution 2.6.5
Subscribe: RSS
  • In a previous thread on this topic Bob Ray mentioned the filemanager_path, but no details. The official docs have a page, but also no details on where to find it or what to do with it.

    Problem (not new): To enable a client with very low level permissions (towards 999) to be able to edit his resource, click (e.g.) an image TV on the resource and then only be able to see one specific folder to find his images in (in the MODx Web Browser). Also needs to be able to upload images and only see his folder in the file tree.

    Is filemanager_path the key? Is there a doc that explains how to do this (I've drawn a blank with Google).

    Threads refering (I think) to Evo mention User settings, but in MODx Revolution 2.2 I can't find anything under Security->Manage Users.

    Thanks in advance.

    P.S. Is there a digital version of Bob's book or do you guys have to put a heavy paper version on a plane and fly it to the other side of the world?
    • Contrary to my old post, filemanager_path is deprecated (and ignored) in 2.2. That's now done with Media Sources: http://rtfm.modx.com/display/revolution20/Media+Sources.

      There's no digital version of the book yet, but we're starting to think about starting to work on it. It may be a while though. There are a number of technical issues to work out.

      PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
      MODx info for everyone: http://bobsguides.com/modx.html
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/MODx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
      • Thanks for the pointer to the Media Sources info. 3 nice pages. It worked eventually. Just had to make sure that the Access Policy for the client had the right permissions (otherwise the client sees the folder in the MODx browser after clicking the TV but doesn't see the contents and can't do anything with it). In case it helps anyone else, let me summarise the steps here (not 100% sure about the permissions).

        To give a client (with very limited permissions) ability to edit a folder of photos via a TV, and only see his/her folder once the MODx Web Browser pops up. The folder will be created in the assets/ directory.

        Create user group, role and access policy

        Before creating the TV and setting up the media source, you need to have a user group, user role and access policy set up for the client (Security -> Access Controls). The access policy needs to give the user permissions to work with files otherwise the TV described below will not work. I created a duplicate of the Content Editor policy then selected: directory_list, file_list, file_manager, file_remove, file_update, file_upload, file_view.

        Create media source

        1. Tools -> Media Sources

        2. Click "Create New Media Source".

        3. Enter name: Client Source. Choose source type: File System. Save.

        4. Right-click Client Source to select Update option.

        5. Under the General Information tab, find properties.

        6. Add value assets/ for basePath and assets/ for baseURL (double-click the value area in the grid to enter the value). assets/ will be the relative path to the folder for the client.

        7. Click Save top right.

        8. Client Source now appears under the Files tab on the left of the manager area above the file tree (click the arrow to the right of Filesystem to see it).

        Create TV that will be tied to the Client Source

        1. Create TV, set input to image.

        2. Click Media Sources tab and then double click in the Source column of the grid to select Client Source to be used in the web context.

        3. Assign TV to a template.

        4. Save.

        Set access permissions for only one client group

        1. Tools -> Media Sources

        2. Right-click Client Source to update it.

        3. Under the Access Permissions tab click "Add User Group".

        4. You need to give yourself exclusive permission to edit and delete that resource. Enter User Group: Admin; Minimum Role: 0; Policy: Media Source Admin. Save.

        5. Now you need to give the client limited permissions to access this source, so click to add another user group. To do this you already have to have created a user group and a role for the client (Security -> Access Controls).

        6. Enter User Group: (the name of the group you created for clients);Minimum Role: (the role you created for clients); Policy: Media Source User. Save.

        7. Click Save top right.

        8. Flush Sessions (Security -> Flush Sessions) and then re-login to the manager as the client to check the behaviour of the TV.
        [ed. note: cottagestuff last edited this post 6 years, 7 months ago.]
        • Hey guys,

          Sorry to bring up an old topic (not sure if this info is now out of date?)

          Anyway, I am basically trying to accomplish what cottagestuff posted previously and I think it has worked but when I log in as the lesser user who should have restricted access The first thing I see in the files tab is still a media folder (with a 1 as the name?) and then I have to change it to the media source I created. Surely it should default to the only available media source I have created for this user group? This is ideally what I would like instead of the user having to pointlessly change it all the time.

          Please see the screenshots included for more detail.
          • I suspect that this is a display issue and that MODX is displaying the ID of the Media Source rather than the name. I see this sometimes in Chrome with Categories and Templates. If I'm right, the setting is correct and will work (and the '1' will disappear over time).

            You might try turning off the compress_js and maybe the compress_css System Settings.

              Get my Book: MODX:The Official Guide
              MODX info for everyone: http://bobsguides.com/MODx.html
              My MODX Extras
              Bob's Guides is now hosted at A2 MODX Hosting
            • @cleanboy I changed default_media_source to the client source
                @hawproductions | http://mrhaw.com/

                Infograph: MODX Advanced Install in 7 steps:

                Recap: Portland, OR (PDX) MODX CMS Meetup, Oct 6, 2015. US Bancorp Tower