Loading...
 
Features / Usability

Features / Usability


How to keep user-tracker file uploads private?

posts: 1 United Kingdom

Hi Tiki enthusiasts,

I've created a user tracker for a private organisation's wiki and have successfully configured it so that the data entered is private to the user and admins only. However, members will also be uploading some confidential files such as scans of their passports / driving licenses, but I can't figure out how to keep these private using the new file upload plugin.

I can do it with the old style image upload plugin: even though unauthenticated anonymous users can view these files via their URLs, the long random UUID as the URL's filename, combined with the use of mandatory SSL, make snooping / brute-force guessing the filename an intractable task and it can therefore be considered secure.

With the new file gallery upload plugin however, each file uploaded is simply given an index number and a user can view any other user's uploads just by adding or subtracting a few numbers to/from their own file URL.

I've tried setting the gallery to be private / upload-only but then the user can't see their own files and they see a broken image icon when viewing their user tracker page.

Is there some magic combination of settings that can allow this, or shall I stick with the old-style image upload plugin? I don't mind doing that but I get an ugly warning saying that module is deprecated when I use it.

Thanks,
Iddles

posts: 8633 Israel

Interesting question...

I’ll follow this to the dev team and come back to you.
May be a good candidate for a wish !


posts: 126886 United Kingdom

Doesn't the user files feature do this?

Sorry the doc page is incredibly out of date, hopefully you can work it out :-)

The control panel is now to be found on the User panel, last tab (you need to enable "Store user files in a file gallery" to make it work properly afaik)

HTH

jonny


posts: 8633 Israel

Tested with Tiki18 this feature I forgot aboute with a user tracker and plugin list as I was curious and it seems to do the trick.

Thanks Jonny !


posts: 2428 Czech Republic
Exactly as Jonny says, but do not follow the doc link! It is totally outdated and misleading as nowadays the feature creates for each user a private File Gallery. Then you just need to use that filegal ID in the setup of your Tracker field file type - IIRC it is always reserved to ID 2 for the special private user galleries?

Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting