Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a recommended folder for the FileUpload field #949

Closed
3 of 4 tasks
brynwhyman opened this issue Apr 7, 2020 · 7 comments
Closed
3 of 4 tasks

Provide a recommended folder for the FileUpload field #949

brynwhyman opened this issue Apr 7, 2020 · 7 comments

Comments

@brynwhyman
Copy link

brynwhyman commented Apr 7, 2020

Overview

Currently if an upload destination is not selected for the FileUpload field, all uploaded files will default to the unprotected folder: Uploads.

We should change the current behaviour to instead recommend to default to storing submissions in a folder that is protected, removing the ability for anonymous website visitors to access the uploaded files.

This would look to solve the following opportunity:
I don’t have confidence that the CMS stores and protects files that my customers upload.

Acceptance criteria

  • New FileUpload fields added to user forms present an option pointing to a dedicated folder or a custom folder. e.g: Form-submissions/MyFormName
  • The folder structure is generated upon FileUpload first save
  • If the selected folder is removed, regenerate the folder structure upon file submission creation, ensuring the uploaded files are protected
  • Permissions for the folder structure are set to inherit from the top level folder during (re)creation
  • This behaviour can be opted out of by manually changing the upload path
  • Submission folders are not locked down and can be modified by CMS users. If a folder does not exist, we just create a new one
  • Permissions are shown for the selected folder and are updated whenever the selected folder changes
  • Ensure any newly introduced UI remains consistent with the pattern library
  • The iconography reliably communicates the protected / unprotected state of the folder to CMS authors and any additional information is linked off to from the CMS
  • Docs and user help has been updated

Designs

Notes

Some solution ideas have already been discussed:

  • Generate a secured folder for each new user defined form (e.g. Submissions/MyFormName), similar to URLSegments on Pages
  • If no upload folder is selected, default to a protected folder, like 'SecureUploads'. This was functionality present in SS3 with the secure assets module.

The following issue has been raised to protect the files by default: #934

Pull requests

@brynwhyman
Copy link
Author

Further investigation or decisions:

  1. What other edge cases may need to be considered with the user defined form file path of 'Submissions/MyFormName'? I.e what happens if the userform page title changes? How might the permission structure of this new hierarchy work?
  2. Is there a middle-ground to start with just a protected 'Submissions' folder?

@clarkepaul
Copy link

If this issue proceeds...
My thoughts on pt. 1, if a form changes its title I think it's okay not to change the folder name to match. These can be treated as smart defaults and not dictate things for the CMS, maybe they want to have the titles mismatched for their own reasons.

pt. 2, I think even having only a top-level folder adds plenty of benefits for users. Again providing some guidance or smart default but not dictating the experience. The second level folder is NTH based on effort I think.

Could we get away with just creating a single protected folder as part of core, and remove the ability to change its permissions, edit, delete it, with only a CMS user view access?

@brynwhyman
Copy link
Author

Nice ACs @bergice.

New FileUpload fields added to user forms default to pointing to Submissions/MyFormName

To @clarkepaul's point. What about making this a bit more broad? E.g.:

"New FileUpload fields added to user forms default to pointing to a folder dedicated to submission uploads".

This still leaves us open to testing whether the additional .../MyFormName is crucial to the implementation or just 'nice to have'.

@brynwhyman
Copy link
Author

Could we get away with just creating a single protected folder as part of core, and remove the ability to change its permissions, edit, delete it, with only a CMS user view access?

Also interested in this!

@brynwhyman brynwhyman changed the title Change the destination for the FileUpload field when none is chosen Provide a recommended folder for the FileUpload field Apr 27, 2020
@brynwhyman
Copy link
Author

brynwhyman commented Apr 27, 2020

Noting that now that we're moving towards creating a modal in the gridfield we'll need to update the ACs. cc @bergice

Also, it's been noted that we might get into issues where userform titles are not changed before saving, meaning that the use could end up with a number of different folders, e.g. user-defined-froms(1), user-defined-froms(2), etc. We should look to see if this can be catered for in the designs, whether by altering the folder title, or providing more information. @clarkepaul has some design ideas.

@brynwhyman brynwhyman modified the milestones: Sprint 57, Sprint 58 Apr 27, 2020
@brynwhyman
Copy link
Author

Noting that a lot of discussion around what's been implemented with this issue has been recorded in: #948

Please check that issue for further investigation and decision details.

@maxime-rainville
Copy link

#976 is still open related to this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants