how to set public read access for attachments

4 Posts

MichiF Reply #1, 8 years, 5 months ago

hello,
i'm new to modx.
I want to change the read permission of attachments --> public read access.
How is it possible to change the permission set of anonymous group?

This question has been answered by [email protected]. See the first response.

1,154 Posts

nuan88 Reply #2, 8 years, 4 months ago

Hmm good question. Have you looked in system settings?

Let me poke around and see what i can find. Are you a developer, i.e. with the ability to dig at least a little deeply into the files?

This issue shouldn't be all that hard, to be honest. Its all about finding the right file, for the most part.

I will get back to you this weekend.

1,154 Posts

nuan88 Reply #3, 8 years, 4 months ago

Ok I am looking at this, don't know how much time I need to figure it out, but i wanted to tell you where this is happening.

First, I have to ask you to tell me what the condition is for Discuss now for you in your install, I have edited my install so many times that I often forget that I modified something.

Is the situation that, when not logged in, the user can't see the download link? That's what I seem to remember was the default, and that's what I have currently.

(And I just discovered that, when logged into the manager back-end, I can see the attachments even though not logged into the forum, interesting)

Anyway, the first place to check is system settings for discuss, but unfortunately there is no value for this. Make sure you have guests allowed, you probably already do, its the default I believe.

Next step will be the manifest, which is set up to allow for easy changes to the system. But, nothing here it seems {irritated}

Ok, so assuming i haven't made any error so far, we have to go into the various templates that give us so much control over Discuss. They are a pain but that's why Discuss can do things that others (Vanilla) can't. I am sure these templates could have been arranged a little better, but whatever, control is why I use Discuss. They are a bit of a pain but only a bit ;-)

So, going through the templates I have narrowed down my search to the core/components/discuss/themes/default/chunks/post/ folder. If I don't find it here then I will have to check other areas more carefully.

Basically somewhere we can find code which will say, (this is not real code, I am not a coder)

IF hasAttachment then -> is user logged in
If user is logged in then show, ELSE don't show
[And then the code of the attachment will go here]

And we just pretty much need to cut out this check, so that the attachment will show automatically.

There may be a bit of coding issues here, but quite possibly not. You would not believe how many things I have been able to adjust just by cutting out bits of code.

If there is a coding issue, we can ask some of the kind developers here to help, I am sure we can get a solution.

I am going to spend a bit more time on this now, and almost def can find the right file over the weekend.

1,154 Posts

nuan88 Reply #4, 8 years, 4 months ago

Ok I think I found it, but still need to work through it. The relevant file is disthreadpost.chunk.tpl in core/components/discuss/themes/default/chunks/post/ and this is the file I have edited a million times to do things like put share buttons and ranking icons into the area of an individual post. Should have looked for this file at first, brain isn't working well this morning.

This file in my install is full of stuff, so I will grab what I assume is the default file from the original package. Our job is to find where the check is on whether the user is logged in or not, to be honest I am having a bit of trouble to find it quickly:

<li class="[[+class]] group-fix" id="dis-post-[[+id]]" data-author="[[+author.username:htmlent]]" data-date="[[+createdon_raw]]" data-message="[[+content_raw]]">
    [[+answer:neq=``:then=`
    <div class="dis-post-answer-marker">
        [[+answer_count:gt=`1`:then=`
            <nav>
            [[+answer_prev.link]]
            [[+answer_next.link]]
            </nav>
        `:else=``]]

        [[+url_mark_as_answer:eq=``:then=`
            <span title="[[%discuss.answer]]">[[%discuss.answer]]</span>
        `:else=`
        <a href="[[+url_mark_as_answer]]">
            <span title="[[%discuss.unflag_answer]]">[[%discuss.unflag_answer]]</span>
        </a>
        `]]
    </div>
    `:else=`
        <div class="dis-post-answer-marker dis-post-notanswer">
            [[+url_mark_as_answer:eq=``:then=``:else=`
            <div class="dis-post-answer-marker dis-post-notanswer">
                <p>[[%discuss.flag_answer]]</p>
                <a href="[[+url_mark_as_answer]]">
                    <span>[[%discuss.flag_answer]]</span>
                </a>
            </div>
            `]]
        </div>
    `]]
    <!-- mark answer-->
    <div class="dis-post-left">
        <ul>
            <li class="dis-usr-icon">
                <a href="[[DiscussUrlMaker? &action=`user` ¶ms=`{"type":"username", "user":"[[+author.username]]"}`]]" class="auth-avatar" title="[[%discuss.view_author_profile]]">
                    [[+author.avatar]]
                    [[+author.title:notempty=`<span class="dis-usr-title">[[+author.title]]</span>`]]
                </a>
            </li>
            <li class="dis-usr-post-count">[[+author.posts]] [[%discuss.posts]]</li>
            <a href="[[DiscussUrlMaker? &action=`messages/new` ¶ms=`{"user":"[[+author.username]]"}`]]" class="dis-pm-btn">Send PM</a>
        </ul>
    </div>
    <div class="dis-post-right">
        <div class="title">
            <strong>[[+author.username_link]]</strong> <a class="normal-type" href="[[+url]]" title="[[%discuss.post_link]]">Reply #[[+idx]], <span title="[[+createdon]]">[[+createdon:ago]]</span></a>
            [[+action_modify:notempty=`<ul class="dis-content-actions">[[+action_modify]][[+action_remove]][[+action_spam]]</ul>`]]
        </div>
        <div class="dis-content">
            [[+content]]
            [[+discuss.user.shouldMarkAnAnswer:eq=`1`:then=`
                [[+idx:eq=`1`:then=`
                    <div class="dis-info"><p>[[%discuss.mark_answer_instructions]] <a id="Show-answer-link" href="#">[[%discuss.mark_answer_link]]</a></p></div>
                `:else=``]]
            `:else=``]]
            [[+idx:eq=`1`:then=`
                [[+answer_count:neq=`0`:then=`
                    <div class="dis-info"><p>[[+jump_to_first_answer.explanation]] [[+jump_to_first_answer.link]]</p></div>
                `:else=``]]
            `:else=``]]
            [[+attachments:notempty=`<div class="dis-post-attachments"><ul class="dis-attachments">[[+attachments]]</ul></div>`]]
            [[+editedby:is=`0`:then=``:else=`<span class="dis-post-editedon">[[%discuss.editedon_post? &on=`[[+editedon:ago]]` &user=`[[+editedby.username]]`]]</span>`]]
        </div>
        <ul class="dis-action-btn">[[+report_link]][[+action_reply]]</ul>
    </div>
    [[+author.signature:notempty=`<div class="dis-signature">[[+author.signature]]</div>`]]
</li>

[ed. note: nuan88 last edited this post 8 years, 4 months ago.]

1,154 Posts

nuan88 Reply #5, 8 years, 4 months ago

Ummm...the check I mentioned...seems not to be there. Ugg, this is going to be a bit harder than I thought. Probably not too much worse, but...I am a bit stumped.

When I drill down into the code I get to this part:

<div class="dis-content">
[[+content]]
[[+discuss.user.shouldMarkAnAnswer:eq=`1`:then=`
[[+idx:eq=`1`:then=`
<div class="dis-info"><p>[[%discuss.mark_answer_instructions]] <a id="Show-answer-link" href="#">[[%discuss.mark_answer_link]]</a></p></div>
`:else=``]]
`:else=``]]
[[+idx:eq=`1`:then=`
[[+answer_count:neq=`0`:then=`
<div class="dis-info"><p>[[+jump_to_first_answer.explanation]] [[+jump_to_first_answer.link]]</p></div>
`:else=``]]
`:else=``]]
[[+attachments:notempty=`<div class="dis-post-attachments"><ul class="dis-attachments">[[+attachments]]</ul></div>`]]
[[+editedby:is=`0`:then=``:else=`<span class="dis-post-editedon">[[%discuss.editedon_post? &on=`[[+editedon:ago]]` &user=`[[+editedby.username]]`]]</span>`]]
</div>

The content is visible to the public, so the check for logged in users must happen later. Then we have code related to checking one post as the answer to a question thread, an important feature of discuss (which I don't use, though).

The user.shouldMarkAnAnswer stuff seems to be whether the thread author has chosen an answer, but it seems to close. And I don't quite understand +idx:eq='1', is it a check of logged in user? There are two levels to this as well. Or more...

But, it seems to me that all that stuff ends, and we get +attachments:notempty, with no check. Damn. Maybe I am wrong, if not, then its into the deeper files to find div class and ul class "dis-post-attachment", I guess.

Ok, I looked into stuff and just confused myself more, I am taking a break. I was going to write more but right now I have no clue. This isn't that hard, I am sure, but right now I am bolloxed...

4 Posts

MichiF Reply #6, 8 years, 4 months ago

Hi,
thx a lot for your investigation.
yes i'm able to modify the files, i'm looking forward ..
i will checvk the this weekend.
By the way, is there are possibility to change the access role of the anonimous group?
I found the ACL->discuss->discuss.view_attachments
I was able to define a new policies, but i'm not able to add this policy to the anonimous group?
looking forward to your results, thx a lot again

4 Posts

MichiF Reply #7, 8 years, 4 months ago

By the way, you mentioned that you have integrated social buttons with each post. this sound very interesing.
Is it possible to show me how you have done this?

thx

1,154 Posts

nuan88 Reply #8, 8 years, 4 months ago

Hi, good to get feedback

We can solve this finally, with Modx there is always a way, and probably three haha

For social buttons, I will make a new post and put my code. Just to keep things organized.

For permissions and groups, this is not my area, you may finally need to make another post in the general part of this forum for a question about why you can't add a policy to the anonymous group. Perhaps we can explore this here for now and see if that's useful or not. I am not sure one way or another if it is a good way. Discuss it seems to me is going to ask the question, is the user logged in, rather than, what group the user is in...

I am not a developer, but love to dig into this stuff, could you tell me where I could see ACL->discuss->discuss.view_attachments? I am not sure where to look for it.

Also I have some suggestions for files to look at, will post them next.

1,154 Posts

nuan88 Reply #9, 8 years, 4 months ago

core/components/discuss/controllers/web/attachment/download.class.php seems to be the place where the downloading is happening, but in the php I can't really see a check for logged in user or not. It might be in the file directly above this one, in other words I wonder if first the check happens, then the code for attachment is under that.

Here is the relevant part of the document, but I don't clearly see any check:

class DiscussAttachmentDownloadController extends DiscussController {
    public function getPageTitle() {

    }
    public function getSessionPlace() {
        return 'attachment/download:file='.$this->getProperty('file','');
    }

    public function process() {
        $file = $this->getProperty('file',false);
        /* get attachment */

1,154 Posts

nuan88 Reply #10, 8 years, 4 months ago

This looks like it could be a place to work from, but it may not be the most useful place:

core/components/discuss/hooks/post/getthread.php

From line 71:

/* setup basic settings/permissions */
$dateFormat = $modx->getOption('discuss.date_format',null,'%b %d, %Y, %H:%M %p');
$allowCustomTitles = $modx->getOption('discuss.allow_custom_titles',null,true);
$maxPostDepth = $modx->getOption('discuss.max_post_depth',null,3);

$canViewAttachments = $modx->hasPermission('discuss.view_attachments');
$canTrackIp = $discuss->user->isLoggedIn && $modx->hasPermission('discuss.track_ip');
$canViewEmails = $discuss->user->isLoggedIn && $modx->hasPermission('discuss.view_emails');
$canViewProfiles = $discuss->user->isLoggedIn && $modx->hasPermission('discuss.view_profiles');
$canReportPost = $discuss->user->isLoggedIn && $modx->hasPermission('discuss.thread_report');
$canMarkAsAnswer = $thread->get('class_key') == 'disThreadQuestion' && $thread->canMarkAsAnswer();

I notice it doesn't say logged in, as I thought, but rather only hasPermission...but I am not sure how to modify this...

Answered how to set public read access for attachments