Deny upload access rule does not apply to drag and drop upload

Question

Hi,I am currently working on the file manager's permission system. I am testing a scenario where a user role can view the folder's contents but cannot write, download or upload files from the folder. The permissions work perfectly for all write operations except for the drag and drop upload. I can still successfully upload a file via drag and drop even though my user role has deny permissions for uploading files.Can you confirm if this is a bug on your end? If you can't replicate this, I'll be happy to share my code for you to investigate. If this is confirmed behavior, shouldn't the  drag and drop upload also be affected by the deny upload permission that was set?Thanks!

Indhumathy Loganathan · Accepted Answer

Hi Denzel,

Greetings from Syncfusion support.

We have validated your reported query in Blazor FileManager component. We have prepared a FileManager sample with below access rules in latest 19.1.59 package version. But we are unable to replicate the issue reported from your end. We suspect that you might have missed to define the access rules for required Path.

Please check whether the below access control permissions are enabled in our sample.

List<AccessRule> accessRules = new List<AccessRule> {

// For Default User

new AccessRule { Path = "/", Role = "Adminstrator", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny},

new AccessRule { Path = "/*.*", Role = "Adminstrator", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny},

new AccessRule { Path = "/*.*", Role = "Adminstrator", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true},

};

You can find the sample from the below link.

https://www.syncfusion.com/downloads/support/forum/165144/ze/FileManager-474924465

We have also attached a video for your reference in the below link.

https://www.syncfusion.com/downloads/support/directtrac/general/ze/UploadDeny1864901184

We suggest you to check the access control permissions enabled in your sample. If the issue persists, please share the below details to proceed further.

1. Package version and File service provider used in your sample.

2. Code snippets of access control permissions.

3. Video footage of issue.

4. If possible, share an issue reproducible sample or replicate the issue in the above sample.

Please let us know if you need any further assistance.

Regards,

Indhumathy L

Roy Sunga · Answer

Hi Indumathy,Thanks for responding! I was able to resolve my issue with the sample that you have provided so thanks for that.One question though. What is the difference between these two lines of code? new AccessRule { Path = "/*.*", Role = "Adminstrator", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny},         new AccessRule { Path = "/*.*", Role = "Adminstrator", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true}, In my eyes, they look the same with the exception of having the IsFile true on the second AccessRule constructor call.Best regards,

Indhumathy Loganathan · Answer

Hi Denzel, 
 
Most Welcome. 
 
We are glad to hear that the issue has been resolved. Also for your query related to access rules, the former rule is for the folders available in root folder and the latter one is for the files in the root folder. 
 




// Access Rules for folder available in root folder 
new AccessRule { Path = "/*.*", Role = "Adminstrator", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny},  
 
//Access Rules for files available in root folder 
new AccessRule { Path = "/*.*", Role = "Adminstrator", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true}, 
 
Refer to the below link to understand more about access rules. 
 
https://ej2.syncfusion.com/javascript/documentation/file-manager/access-control/#access-rules 
 
Please let us know if you need any further assistance. 
 
Regards, 
Indhumathy L