FileManager 19.3.44 Access Rule for "Write" doesn't work when IsFile is set true

Question

Hi~I am testing a scenario where different role have different access permissions for files and folders. I have set two roles,  one is admin which can read or write all the files and folders, the other is default which only can read. In fact, in practical application，when I choose the role of default, I also can rename or delete any files ,but this is shouldn't happened because I have set the Access Rule for "Write" to Permission.Deny.The following is my code, could you please comfirm this is a bug or there is any error in my code ?Thanks!Attachment: FileManager_364d3b18.rar

OuYuanbin · Answer

update 1when I choose the role of default, I can

also download any files although I have set the Access Rule for "Download" to Permission.Deny.Is there a problem with the way I specified the path?

Indhumathy Loganathan · Answer

Hi OuYuanbin, 
 
Greetings from Syncfusion support. 
 
We have validated your reported query in Blazor File Manager. You have missed to define the access rules for required Path. You need to define access rules for all the folders and files inside the root folder for default user. Please check the below access rules. 
 




// Access Rules for folder available in root folder 
new AccessRule { Path = "/*.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny}, 
//Access Rules for files available in root folder 
new AccessRule { Path = "/*.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true}, 
 
Sample: https://www.syncfusion.com/downloads/support/directtrac/169592/ze/FileManager-1653086763 
 
Also refer to the below link to know more about access rules. 
 
https://ej2.syncfusion.com/documentation/file-manager/access-control/#access-rules 
 
Please let us know if you need any further assistance. 
 
Regards, 
Indhumathy L

OuYuanbin · Answer

Hi Indhumathy, thanks your help,If I specified the Path with "/*.*", it really work for the Access Rule of "Write" and "Download". But if I specified the Path with "/Documents.*" or "/Pictures.*", it dosen't work. The code likes the following:new AccessRule { Path = "/Documents.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny},new AccessRule { Path = "/Documents.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true},new AccessRule { Path = "/Pictures.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny},new AccessRule { Path = "/Pictures.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true},In adddition, In my usage scenarios , I want to set the role different permission for different child folder of root folder. And my root folder is showed in the attachment. Attachment: Files_92609f38.rar

Indhumathy Loganathan · Answer

Hi OuYuanbin, 
 
We have validated your requirement in File Manager component. We understood that you want to set different permission for different child folder of root folder. As mentioned in your update, the syntax ‘/*.*’ is used to set access rule for all the files inside the folder. So you need to specify them as below. 
 




                //Access Rules for Documents folder. 
                new AccessRule { Path = "/Documents.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny}, 
                //Access Rules all the files inside Documents folder. 
                new AccessRule { Path = "/Documents/*.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true}, 
                //Access Rules for Pictures folder. 
                new AccessRule { Path = "/Pictures.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny}, 
                //Access Rules all the files inside Pictures folder. 
                new AccessRule { Path = "/Pictures/*.*", Role = "default", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, WriteContents = Permission.Deny, Upload = Permission.Deny, Download = Permission.Deny, IsFile=true}, 
 
Also, if you want to set access rules for specific file inside a subfolder you can use the below rule. 
 




// Deny writing for particular file 
new AccessRule { Path = "/Documents/2.png", Role = "Document Manager", Read = Permission.Allow, Write = Permission.Deny, Copy = Permission.Deny, Download = Permission.Deny, IsFile = true }, 
 
For your reference, we have attached a video footage and the modified sample in the below links. 
 
Video: https://www.syncfusion.com/downloads/support/forum/169592/ze/VideoRecording1500880258 
 
Sample: https://www.syncfusion.com/downloads/support/forum/169592/ze/FileManager-1597403291 
 
Please check the sample and get back to us if you need any further assistance. 
 
Regards, 
Indhumathy L

OuYuanbin · Answer

Hi Indhumathy，

I thank you for your comprehensive answer. It really have solved my problem.Thank you.

Keerthana Rajendran · Answer

Hi OuYuanbin, 

Most welcome. 

We are glad to hear that the provided suggestion helped you. Please get back to us if you need any further assistance. 
 
Regards, 
Keerthana R.

Gerome · Answer

Hello,The provided code can lead to potential bug because of the use of a STATIC variable to store Roles => public static string roleNameLet me explain that if you have 2 pages that have each a filemanager component OR even 1 page that embbeds 2 or more filemanager component, then the code you've provided is wrong because of STATIC that retains previous values, kinda practical at 1st sight but not useable in a production stage.A really annoying problem.Another reall annoying problem is that you can't use HttpClient (with credentials you've settled) from your controller : common scenario is : 1 api server (net core) and 1 client (in wasm for example), then to access to your server's controllers you generally use HttpClient calls, this very client contains CLAIMS and all the bells required for any [Authorized] and so on... that you can't use because the HttpClient is not supported through all example i've seen onto examples/support as well. This last point is really annoying for security concerns, because you de facto allow anyone to access to this controller freely...It would really nice to have HttpClient support, else we loose Claims and al...Regards

OuYuanbin · Answer

Hi Gerome,Thank you for your sincere reminder!Regards

Indhumathy Loganathan · Answer

Hi Gerome, 
 
We have validated your reported query in File Manager. Please check the details below. 
 
Query 1: The provided code can lead to potential bug because of the use of a STATIC variable to store Roles. 
 
We have used the shared code with the initial update(on this discussion) in our sample to demonstrate the access rules solution. However, we have validated the shared sample by rendering multiple File Manager component with unique reference and refreshed all the File Manager for each dropdown list value change. 
 
The access rule applies properly for all the File Manager. Please elaborate on the exact issue you have been facing in the previous shared sample along with the detailed steps to replicate the issue at our end. 
 
Query 2: HttpClient support in File Manager. 
 
From the shared details, we are unable to get your exact requirement in File Manager. Please confirm the below details to proceed with further validation. 
 
1.      Whether you want to make a default HttpClient call to File Manager controller with all its default properties. 
2.      Detailed explanation about your exact use case in File Manager component. 
3.      If possible, share your code snippets or video demonstrating your use case for better validation. 
 
Please let us know if you need any further assistance. 
 
Regards, 
Indhumathy L