-
Notifications
You must be signed in to change notification settings - Fork 225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a recommended folder for the FileUpload field #949
Comments
Further investigation or decisions:
|
If this issue proceeds... pt. 2, I think even having only a top-level folder adds plenty of benefits for users. Again providing some guidance or smart default but not dictating the experience. The second level folder is NTH based on effort I think. Could we get away with just creating a single protected folder as part of core, and remove the ability to change its permissions, edit, delete it, with only a CMS user view access? |
Nice ACs @bergice.
To @clarkepaul's point. What about making this a bit more broad? E.g.: "New FileUpload fields added to user forms default to pointing to a folder dedicated to submission uploads". This still leaves us open to testing whether the additional .../MyFormName is crucial to the implementation or just 'nice to have'. |
Also interested in this! |
Noting that now that we're moving towards creating a modal in the gridfield we'll need to update the ACs. cc @bergice Also, it's been noted that we might get into issues where userform titles are not changed before saving, meaning that the use could end up with a number of different folders, e.g. user-defined-froms(1), user-defined-froms(2), etc. We should look to see if this can be catered for in the designs, whether by altering the folder title, or providing more information. @clarkepaul has some design ideas. |
Noting that a lot of discussion around what's been implemented with this issue has been recorded in: #948 Please check that issue for further investigation and decision details. |
#976 is still open related to this. |
Overview
Currently if an upload destination is not selected for the FileUpload field, all uploaded files will default to the unprotected folder:
Uploads
.We should change the current behaviour to instead recommend to default to storing submissions in a folder that is protected, removing the ability for anonymous website visitors to access the uploaded files.
This would look to solve the following opportunity:
I don’t have confidence that the CMS stores and protects files that my customers upload.
Acceptance criteria
Form-submissions/MyFormName
Designs
Notes
Some solution ideas have already been discussed:
The following issue has been raised to protect the files by default: #934
Pull requests
Folder Confirmation Modal #960The text was updated successfully, but these errors were encountered: