Enhancing Document Management features

« 
Previous topic
|
Suggestions
|
Next topic
 »
Author Message

Hakim Bouras

Wednesday 14 February 2007 12:36:40 am

Hi,

Unless I missed something, ezPublish (last version tested 3.9) miss two critical features about Document Management:

- SECURITY: any files uploaded are accessible to anyone knowing the URL (anonymous user). The security only applies to the container (File object, or image ...) but not to the file itself

- VERSIONNING: files uploaded are not versionned, only the container (File object, or image ...) is

Do we have a chance to see these issues addressed in the next versions of ezPublish?

Thanks,
Hakim

Kristof Coomans

Wednesday 14 February 2007 2:29:45 am

Hi Hakim

- SECURITY: if you configure eZ publish correctly (see http://ez.no/doc/ez_publish/technical_manual/3_8/installation/virtual_host_setup#comment6751 ) then binary files are not directly accessible, instead they need to be downloaded through the content/download view, which checks the read (or versionread) policy on the file content object.

- VERSIONING: files uploaded ARE versioned

Also see http://ezpedia.org/wiki/en/ez/file

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Xavier Dutoit

Wednesday 14 February 2007 5:24:59 am

Hi,

The preview view for the file for a specific (archived) version doesn't display the correct link but the latest one, no matter the version (at least on the version I've tried on) . However, if you do a diff between two versions, it's going to show the correct urls for both of them (content/download...) and you can download the previous version.

X+

http://www.sydesy.com

Hakim Bouras

Thursday 15 February 2007 4:33:50 am

Well, I missed something... Thank you for your replies.

In order to enhance the Document Management features, I will then propose:

- to include two levels of versions (which will help to keep a meaningfull history)
- major versions (1.x, 2.x, 3.x, ...) for important changes
- minor versions (x.0, x.1, x.2, ...) for small changes

- to include the possibility to flag some versions as "Archive" so that they do not get automatically recycled

Hakim

Stephen Boals

Sunday 25 February 2007 6:58:01 am

Great articles on security requirements on CM/DM systems:

-edited: link removed (spam)-
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.