Group level permissions for uploaded files?



  • There's some mention of this previously (at the bottom of: Re: Make uploaded files private...?.

    Basically is there any way to make uploaded files only accessible to members of a specific group? At the moment any registered user can access any uploaded file if they have the correct link.

    Using: NodeBB v1.11.0.

    Thanks



  • Ah. This limitation is troubling me a lot....I'm surprised it doesn't trouble others...

    Guess I'll just start investigating how to implement it myself.

    Any pointers appreciated. 👍


  • Global Moderator

    You haven't really described how this would work. Who can view who's uploaded files? What happens when multiple groups are involved?



  • @PitaJ

    No worries I can explain:

    I've set up a category (Data Technology Team) that I only want one group (NTG Data Tech Team) to access:

    Slide1.JPG

    I've set up permissions so only group members can access the private category:

    Slide2.JPG

    I've created a post in the private category and uploaded an image into that post:

    Slide3.JPG

    I can right click on that image and save a link to it's address:

    https://my.domain.name/assets/uploads/files/1445505755666-wa5_dsc30086.jpg

    If ANYBODY has that address they can access the picture.

    I'd like to be able to tell users that only group members can access that picture, even if an unauthorised person discovers a link to it.

    This extra level of security creates peace of mind when posting private material.

    I guess it would be nice to have an extra column in the privileges configuration panel that allows/disallows access to uploads associated with each category. That way you can control which group(s) or users can access them.

    (I noticed that the nodebb-plugin-poll adds an extra column in the privileges configuration section....maybe a plugin could solve this problem)

    Otherwise, everything is perfect!



  • @quokka @PitaJ
    I need exactly the same thing ! 😉



  • @alfazaz

    Ah well. I guess we can assume that this isn't a problem for most. I'm going to stick with NodeBB for public facing posts (It is a forum after all).

    For sharing sensitive data I'm going to use other more secure platforms (Nextcloud).

    Good luck!


Log in to reply
 

Suggested Topics

  • 9
  • 5
  • 10
  • 1
  • 3
| |