Suggestions about this scenario 1

[PreethaMIS]

Hi,

I have built an admin console for the legal department for the company. This admin console has a feature where I can grant access to people who want access to the restricted/admin site of the page. Now the people I give access to should be able to view the documents that only they/admin can view. So for a person, Mr A, create a document A.doc, when Mr A logs in, he should acess the documents only A.doc and not B.doc which is created for Mr.B

How can I control that viewing? I was thinking that I could create network folders which can be accessed only by that person.

So what kind of logic should I approach in the ASP page where Jscript is server side language and what kind of setup should I look for in network folder?

Thanks.

 

[Tarwn]

If you are planning no granting access to network folders, then there are a few critical dependencies that need to be fulfilled:
1) Either the system needs to be on a domain and your users are using their domain logins to access it
or
2) Everyone must have a local login to the webserver and be using that to login to the website

By logging into the website I mean that you would need to turn on NT authentication for a portion of your site so that they would be forced to login (or if using IE on the domain, it would log them in behind the scenes). This way you could determine which user was accessing the page at any given time so that you could display the folders they have access to correctly.

However, you then have an important decision to make. Will people need to access other folders? Small group or dept. folders, ex-employee folders, etc? Are you planning on managing those access lists based on who has security for a folder or a database?

Regardless of how you manage security, is it necessary for people to have direct access to files/folders or were you planning on using a file manager interface for file download/upload/browsing without giving direct access to the folders?


You may want to read this FAQ (and associated links) over in the VBScript forum for managing file/folder security: faq329-5734

-T

 

[Sheco]

Another alternative is to put all the files in one folder and use a database to control which user has access to which file.

 

[PreethaMIS]

Tarwn,

Whatever you suggested sound work to do by the network guys too where they would have to grant access to those network folders.

I want to use Basic/Integrated Windows Authentication. But then they should not access other people's files, only their files.

Sheco,

If I put all the files in one folder, what kind of table structure do I try to design to secutiry control?

I shall look into the FAQ and see what I get there.

THanks.

 

[Sheco]

One thing to consider when using a single folder to hold files for Mr.A and Mr.B is that both may have a file named README.TXT

To help with that situation you would need to give the saved file names a different name... so your database table might look like this:
[tt]
_User___ _RealFileName____ _UserFileName___
Mr.A MRA_ReadMe.txt ReadMe.txt
Mr.A MRA_Accounts.xls Accounts.xls
Mr.A MRA_PhoneHelp.doc PhoneHelp.doc
Mr.B MRB_ReadMe.txt ReadMe.txt
Mr.B MRB_HotGrl.jpg HotGrl.jpg
[/tt]


Doing it this way instead of using an actual folder will perhaps be less to maintain for the network admin people... but it is basically reinventing the wheel... For example suppose Mr.A wanted to make a sub-folder? Well now you've got to write more code to show a simulated subfolder.

 

[Tarwn]

There's really about 4 major ways you could do this:
1) Pure filesystem - use NT authentication, folders, etc to store files and allow access
2) Mixed filesystem and DB - use the database to manage authentication and access to folders, but build folders for each of your users and out their files in them
3) Mixed filesystem and DB 2 - use the database to generate a folder structure, files, etc, have one folder of all uploaded files (basically Sheco's method above)
4) Pure DB - store everythign in the DB, shove the files into BLOB fields, etc - not recomended even if MS thought this was the way to go with Sharepoint '03

You could actually extend Sheco's example a little to handle virtual folders and such. if you were to model the DB something like this:
Users Table
UserId - integer/numeric, auto-incrementing
UserName - varchar/text

Folders Table
FolderId - integer/numeric, auto-incrementing
FolderName - varchar/text
UserId - integer, owner of the folder
ParentId - integer, parent folder id or 0 if top level for this user

Files Table
FileId - integer/numeric, auto-incrementing
FolderId - integer - id of the folder this belongs in
UserFilename - varchar/text - the name the user sees
ActualFilename - varchar/text - the actual filename

Each user would have a User record and a Folder record created when they initially are created in the system. When they upload files you would save the file with a prefix of the folder id it is going into in an uploads folder. this allows you to use FileSystem calls to check if a file with that name already exists in the folder or to use a SQL call for the same, either way.
After you determine whether it is a new file or not, you would update or insert a record into the Files table.
if the user chose to generate a new folder you would create a new folder entry in the folders table with a ParentId of the folder it was being created in.

The downside of all of this is that there are limitations on how many files you can put in a folder, multiple user access would require some additions to the database, and if your SQL table ever got corrupted you would have a whole lot of files that it would be difficult to find the owners of.

Anyways, i ahve to get to work, but just some thoughts.
-T

 

[PreethaMIS]

Thanks for the response. I shall read it carefully and come back again, if I am stuck.

Thanks.

 

[PreethaMIS]

OK. This is what I started with: For now, let me just concentrate on displaying on the right folder and not all folders.

There is 1 common folder - UserDocuments

Within this folder, there are many folders which are created by the legal admin. Naming convention for the user folders is firstname.lastname which is the email address of the person without the '@domain.com'

I already have a cookie which stores the name of the person who logged into the admin console. This cookie is the full email address of the person

(<%= UserObj.UserName %>)

In order to get the folder contents of the shared folder where all the documents are stored, I do the following:

<div class="folderContent"><% folderContents("//renoir/DeptWeb/Legal/UserDocuments"); %>
</div>

Based on an example, I built the function folderContents and it pulls all the folders within the UserDocuments folder.

function folderContents(fSpec) {
		var req = ""+Request.QueryString("f")+"";
		var req = (req != "undefined") ? req : "";
		var fRealName = req.split("_").join(" ");
		Response.Write (req);
		
		if (fRealName.indexOf("../") != -1) fRealName = "";
		var folderspec = fSpec+fRealName;
        Response.Write ("folderspec: " + fSpec);
        
        var folderParent = ""+Request.ServerVariables("SCRIPT_NAME") + "?" + Request.ServerVariables("QUERY_STRING")+"";
		folderParent = folderParent.split("/");
		folderParentLen = folderParent.length;
		var temp="";
		for (x=1; x<folderParentLen-1; x++) {
            temp += "/" +folderParent[x];
		}
		folderParent = temp;
		//Response.Write (temp);
		//Response.End
		
		var fso = new ActiveXObject("Scripting.FileSystemObject");
		var folder = fso.GetFolder(folderspec);
		var etFolders = new Enumerator(folder.SubFolders);
		var etFiles = new Enumerator(folder.files);

		if (etFolders.item()) { %>
			<h3>Folders</h3>
			<ul class="folderlist">
			<% if (req) { %>
				<li class="folder"><a href="<% Response.write(folderParent); %>" title="Go to the Parent Folder">[ GO UP ONE LEVEL ]</a></li>
			<%
			}

			// Show the subfolders in the folder
			for (; !etFolders.atEnd(); etFolders.moveNext()) {
				var folderString = String(etFolders.item());
				var folderPath = folderString.split("\\");
				var folderPathLen = folderPath.length;
				var folderDisplay = folderPath[folderPathLen-1];
				var folderLink = "?f=" + Server.URLEncode(fRealName.split(" ").join("_")) + "/" + Server.URLEncode(folderDisplay.split(" ").join("_"));
                
				%>
				<li class="folder"><a href="<% Response.write(folderLink); %>" title="Subfolder"><% Response.write(folderDisplay); %></a></li>
				<%
			}
			%>
			</ul>
		<%
		}

		
        
	}

My question now is how to look for only that folder which is same as the username before the '@' sign of the username.

It is not like SQL statement where I can compare 2 strings and get the exact match, so this makes it more difficult.

Thanks.

 

[Tarwn]

Well, one thing that is missing for your folder function above is that you aren't checking to make sure the passed path exists before you try enumeration. If you add that piece in, then instead of searching for their individual folder you could just append their name to the path and open their folder (if it exists).
I don't think it is necessary to start at that higher level, as the user will have to go into their own directory anyway. You might as well just try to go straight there.

 

[PreethaMIS]

Passed path does exist because it is a drive where the legal admins store all their documents and legal agreements.

But I shall use your suggestion to check if the user folder exists or not. For now, When I try to append the foldername of the user to the folder path, I get an error.

Microsoft JScript compilation error '800a03f7' 

Unterminated string constant 

/legal/_include/folderBrowse.asp, line 64 

var folderPath = folder + "\" + folderName1;
--------------------------------------------^

What I tried to do was to get the full path:

var fso = new ActiveXObject("Scripting.FileSystemObject");
		var folder = fso.GetFolder(folderspec); //this gets the main folder under which all the userFolders exists
		Response.Write ("folder: " + folder + "<br>");
		var etFolders = new Enumerator(folder.SubFolders); //this gets all the subfolders within the parent folder in the form of an array
		Response.Write ("etFolders: " + etFolders + "<br>");		
		var etFiles = new Enumerator(folder.files);

        var user = (UserObj.UserName)
        var folderName = user.split("@");
        var folderName1 = folderName[0];
        Response.Write ("folderName: " + folderName1 + "<br>");
        var folderPath = folder + "\" + folderName1;

Why would not my concatenation not work?

Thanks.