V8-archive: There is no way of hiding files.
I need to be able to show files to the user he himself uploaded. This seems to be impossible to setup though.
The Frontend Website needs to be able to access the file. This can be handled trough a different group than public which has read access to the images. (This way i thought i can stop other groups from being able to see ALL files)
After that: Making a role for the Editor's i can allow and disallow using the files table, but not set it up to only use "Mine".
Any other way to realize this right now?
Also another Subissue: If you hide the Files table in a group, the menu to log out will be missing on login to the account (at least with an Avatar being uploaded). The public group has access to the file though.
Feel free to make another issue out of this, but i think this is linked to the same problem.
Using Directus v7.11
Apache2 for the App
Nginx for the API
Host System is Ubuntu 18.04.1 LTS
Edit:
Im assuming i could set up a filter like this: ["uploaded_by":?] but i can't find the current logged in user as a variable in the docs.
sayore
All 11 comments
Is there maybe anyone who has some quickfix for this? I mean, it's saved in the database so a filter should do the trick doesn't it?
The table directus_files has the created_by.id in it so it should be kinda like this if i read the docs right:
[
{
"field": "created_by.id",
"operator": "eq",
"value": %current_userid%
}
]
Where as i dont know what %current_userid% should be? Or is this not quickfixable?
I will go into slack and ask there too, if i find an answer i will post it here instantly.
sayore
on 3 Oct 2019
@bjgajjar @rijkvanzanten — shouldn't this directus_files.created_by use the created_by type? Wouldn't that allow permissions to work out-of-the-box for Files?
benhaynes
on 3 Oct 2019
I may be wrong, but if this is an automatic feature, could it maybe be broken for the same reason as this has happened? (broken hidden_on_browse on table view)> https://github.com/directus/app/issues/1939#issuecomment-520077662
Maybe the created_by field is invisible to the module for some reason?
Blind guess here tho.
Edit: Thinking about it again the reasoning isn't really good i had, it just came to mind :')
sayore
on 3 Oct 2019
What @benhaynes mentioned sounds right to me. The created_by field should work for files too.
rijkvanzanten
on 4 Oct 2019
@bjgajjar, we might need to update the installer and migrations to have this field work as a created_by type. Do you agree? Can transfer this to the API repo if needed...
benhaynes
on 4 Oct 2019
Should this be transfered to the API Repo?
What do you guys think how long you would need to be implement this, how long would you think i need to get this working if i downloaded the Dev Environments? I kinda need this :'D
sayore
on 7 Oct 2019
@benhaynes - Yeah moving this to API.
@edenprojectde - You'll get it soon.
bjgajjar
on 7 Oct 2019
@benhaynes - It seems like there must be some confusion here.
directus_files table has a uploaded_by field with type integer and user interface.
Thus, when the user tries to fetch the object of uploaded_by it will return the same object which user interface will return.
Kindly help me if I misinterpret something.
bjgajjar
on 7 Oct 2019
Right — but the user type doesn't work with permissions for mine and role. Don't we want it to use the created_by type instead?
https://docs.directus.io/guides/permissions.html#collection-level
benhaynes
on 7 Oct 2019
Whoops! Forgot that. Thanks for pointing out.
bjgajjar
on 7 Oct 2019
bjgajjar
on 9 Oct 2019
Related issues
cdwmhcc
·
3Comments
vuhrmeister
·
3Comments
benhaynes
·
4Comments
24js
·
3Comments
ondronix
·
3Comments
Most helpful comment
Fixed in https://github.com/directus/api/pull/1346