In mojoPortal content management system users with permissions can upload and browse files using the image, link, or media dialog windows in the WYSIWYG editor and optionally you could also grant them access to the File Manager and therefore allow them to also delete files.
Actually there are 2 versions of File Manager in mojoPortal CMS, the newer one uses jQuery and the older one while less pretty works even with javascript disabled. Neither of these file managers should be confused with the Shared Files feature, which does not really give users access to the server file system the way the File Managers do even though it looks very similar to the older File Manager.
Roles allowed to upload files are configured by 3 related permissions under Administration > Site Settings > Security > Permissions
-
Roles that can upload and Browse Files
-
Roles that Can Upload and Browse Files but only in a User Specific Folder
-
Roles that Can Delete Files Using the File Browser in the Editor (soon to be renamed to just Roles that can delete files)
Users in the Administrators role don't need any special permissions assigned to the role, they can do anything in the site including uploading and deleting files. By default Administrators in the first site (known as the server admin site or master site) can access the file system starting at the
/Data/
folder, whereas Administrators in child sites in a multi site installation can access the file system starting at /Data/Sites/[SiteID]/
However you can also limit Administrators so they can only access the file system starting at /Data/Sites/[SiteID]/media/
by adding this to your user.config file:
<add key="ForceAdminsToUseMediaFolder" value="true" />
I created the above setting primarily so I could limit what people do on the demo site, but you may also find it useful.
All other roles can only access the file system if you explicitly grant them permission If you add the roles to the permission for Roles that can upload and browse files, users in the allowed roles can upload and browse files using the WYSIWYG editor which has dialogs for images, media, and links, that allow browsing the server file system for files and uploading files. Their access to the file system starts at
/Data/Sites/[SiteID]/media/
If you add roles to the permissions for Roles that can upload and browse but only in a user specific location, their access to the file system starts at
/Data/Sites/[SiteID]/userfiles/[UserID]/
If you don't want users to be able to delete any files you should not give them access to the file managers, therefore access to the File Managers is determined by Roles that Can Delete Files in the Editor. Roles added to this permission can delete files from the editor dialog windows but can also use the File Managers (assuming they have one of the upload and browse permissions).
You might think why don't we just let them use the file managers but limit their ability to delete from file manager? The reason is because other than uploading and downloading files the only benefits to file managers are the ability to delete and rename files and folders. As far as files used in content renaming a file is almost equivalent to deleting it because if the file is already used in content and you rename it, it will result in a broken image or link in your content just the same as if it was deleted. So if you don't want users to be able to do those things you should just not let them use the file managers and instead only let them upload files through the editor dialogs where they cannot delete or rename anything.
So basically for non administrator users you have 5 choices for user upload permissions
1. Allow them to upload but not delete starting at the /Data/Sites/[SiteID]/media/ folder by just adding their roles to General Upload and Browse Roles, but not adding them to Roles that can delete files
2. Same as above but they are allowed to delete files and use File Manager if you add them to both the General Upload and Browse Roles and the Delete roles
3. Allow them to upload only to a user specific location but not allowed to delete files by adding them to Roles that can upload and browse but only to a user specific location
4. Same as above but also add them to Roles that can delete and then they can also delete files in the user specific location and use File Manager.
5. Don't grant them any of the above and they cannot upload files at all.
Allowing Upload of New File Types
If you receive a message that a particular file type is not allowed, you can enable uploading of that type by appending it to one or both of the following configuration keys. We recommend that you copy the key(s) from web.config and place them in user.config to make future upgrades easier. If the key(s) are in user.config, remember to touch web.config after your changes so they will be picked up.
For general browse and upload roles:
<add key="AllowedUploadFileExtensions" value=".gif|.jpg|.jpeg|.png|.zip|.pdf..." />
For roles limited to uploading into a user-specific folder:
<add key="AllowedLessPriveledgedUserUploadFileExtensions" value=".gif|.jpg|.jpeg|.png|.zip|.pdf"/>
Created 2011-09-17 by Joe Audette
Updated 2012-01-05 by Jamie Eubanks