Access Control
28 Sep 201813 minutes to read
The FileExplorer provides method to assign permissions or access rights to specific users and group of users. It allows you to define access permissions for folders and files using a set of access rules to user(s).
The FileAccessInfo
allows you to specify a Root Path and Role, and lists the permission (allow or deny) associated with this Rules. You can specify permissions to Copy, Download, Edit, Edit Contents, Path, Read, Role, and Upload a file/folder. The rule priority is determined by its index within an access rules collection.
Syntax
// For File rule
new AccessRule { Path = "Documents/*.*", Role = "Document Manager", Read = Permission.Allow, Edit = Permission.Allow, Copy = Permission.Allow, Download = Permission.Allow },
// For Folder rule
new AccessRule { Path = "Documents/*", Role = "Document Manager", Read = Permission.Allow, Edit = Permission.Allow, Copy = Permission.Allow, EditContents = Permission.Allow, Upload = Permission.Allow },
The below table list out the FileAccessInfo
properties:
Properties | Description |
---|---|
Role | Specifies the which role is applied |
Rules | Specifies the collections of rules for folder and files |
RootPath | Specifies the root path of the folder’s which want to be secure |
The below table below list out the AccessRule
properties which is available for file and folder access rules.
Properties | Applicable for File | Applicable for Folder | Description |
---|---|---|---|
Copy | Yes | Yes | Specifies the permission to copy a file/folder |
Download | Yes | No | Specifies the permission to download a file |
Edit | Yes | Yes | Specifies the permission to edit a file/folder |
EditContents | No | Yes | Specifies the permission to edit its content for folder |
Path | Yes | Yes | Specifies the path to apply the rules which are defined |
Read | Yes | Yes | Specifies the permission to read a file/folder content |
Role | Yes | Yes | Specifies the role to which the rule is applied |
Upload | No | Yes | Specifies the permission to upload files to a folder |
To specify the rule to be allow/deny, use the Permission enumeration values:
Permission | Description |
---|---|
Allow | Specify the rule to be allowed |
Deny | Specify the rule to be denied |
You can associate any number of access rules with specific security roles, it allows grouping related permissions together. To associate an access rule with a security role, assign the role’s name to the AccessRule's
Role property.
FileAccessOperations
The FileAccessOperations class allows user to perform the most common file operations such as read, create, rename, copy, paste or move, delete and file searching. The class helps to handle the file access operations in server end. You implement a new custom class for handling file operations in server end by inheriting this class.
By default, we send following parameters in data field of corresponding AJAX request to handle the server side operation. The request parameter and response data are explained in following table.
Operation | Default Request Parameter | Response data | Details |
---|---|---|---|
Read | string path, string filter, IEnumerable<object> selectedItems |
It should be in JSON format with key name as files and cwd. The JSON fields contains the following field names 'name, isFile, hasChild, permission'.
For example: {"cwd":{"name":"FileContent","type":"Directory","size":0,"dateModified":"3/30/2016 9:19:27 PM","hasChild":true,"isFile":false,"filterPath":null,"permission":{"Copy":false,"Download":false,"Edit":false,"EditContents":false,"Read":true,"Upload":false}}, "files":[{"name":"Documents","type":"Directory","size":0,"dateModified":"3/30/2016 9:20:10 PM","hasChild":false,"isFile":false,"filterPath":null,"permission":{"Copy":true,"Download":false,"Edit":false,"EditContents":true,"Read":true,"Upload":true}}, {"name":"Nature","type":"Directory","size":0,"dateModified":"3/30/2016 9:19:27 PM","hasChild":false,"isFile":false,"filterPath":null,"permission":{"Copy":false,"Download":false,"Edit":false,"EditContents":false,"Read":false,"Upload":false}}], "details":null, "error":null} |
It used to get all immediate files and sub-folders of the given path and it returns the matched type of files only, which are specified in 'filter' parameter. (here cwd represents details of the given path and files represents details of the child files and folders of the given path) |
CreateFolder | string path, string name, IEnumerable<object> selectedItems |
It is in JSON format with key name as files. The 'name' and 'permission' fields are necessary on return JSON data.
For example: {"cwd":null, "files":[{"name":"New Folder", "type":"Directory","size":0,"dateModified":"4/6/2016 2:55:22 PM","hasChild":true,"isFile":false,"filterPath":null,"permission":{"Copy":true,"Download":false,"Edit":true,"EditContents":true,"Read":true,"Upload":true}}], "details":null, "error":null} |
It used to create a new folder in given path with specified name. (here files represents details of the newly added folder’s) |
Paste | string sourceDir, string backupDir, string[] names, string option, IEnumerable<CommonFileDetails> commonFiles, IEnumerable<object> selectedItems, IEnumerable<object> targetFolder |
It returns the pasted file details or null.
For example: {"cwd":null, "files":[{"name":"bird(1).jpg","type":"File","size":102182,"dateModified":"3/23/2016 6:05:32 PM","hasChild":false,"isFile":true,"filterPath":null,"permission":{"Copy":true,"Download":true,"Edit":true,"EditContents":true,"Read":true,"Upload":true}}], "details":null, "error":null} |
This method helps to copy or move files from one location to another location. (here files represents details of the pasted items) |
Remove | string[] names, string path, IEnumerable<object> selectedItems |
It returns the removed file details or null.
For example: {"cwd":null, "files":[{"name":"New folder", "type":"Directory","size":0,"dateModified":"4/6/2016 3:05:17 PM","hasChild":true,"isFile":false,"filterPath":null,"permission":{"Copy":true,"Download":false,"Edit":true,"EditContents":true,"Read":true,"Upload":true}}], "details":null, "error":null} |
It helps to remove the specified items from given path. (here files represents details of the removed item) |
Rename | string path, string oldName, string newName, IEnumerable<CommonFileDetails> commonFiles, IEnumerable<object> selectedItems |
It returns the renamed file details or null.
For example: {"cwd":null, "files":[{"name":"my folder", "type":"Directory","size":0,"dateModified":"4/6/2016 3:05:17 PM","hasChild":true,"isFile":false,"filterPath":null,"permission":{"Copy":true,"Download":false,"Edit":true,"EditContents":true,"Read":true,"Upload":true}}], "details":null, "error":null} |
This method helps to rename the file/folder, which is available in given path. (here files represents details of the renamed items) |
GetDetails | string path, string[] names, IEnumerable<object> selectedItems |
It is in JSON data with key name as details.
For example: {"cwd":null, "files":null, "details":[{"Name":"green.jpg","Location":"C:\\Users\\XXX\\AppData\\Local\\Syncfusion\\EssentialStudio\\14.1.0.40\\MVC\\Samples\\web\\FileContent\\Documents\\green.jpg","Type":".jpg","Size":89894,"Created":"3/30/2016 9:19:25 PM","Modified":"3/23/2016 6:05:32 PM","Permission":{"Copy":true,"Download":true,"Edit":true,"EditContents":true,"Read":true,"Upload":true}}], "error":null} |
This method used to get the details of the specified file or directory. (here details represents details of the given path which is need to be showcased to user) |
Download | string path, string[] names, IEnumerable<object> selectedItems | Void | This method helps to download the specified files in the given path. |
Upload | IEnumerable<System.Web.HttpPostedFileBase> files, string path, IEnumerable<object> selectedItems | Void | This method helps to upload the specified files to given path. |
Search | string path, string filter, string searchString, bool caseSensitive, IEnumerable<object> selectedItems |
It returns JSON data with key name as files and JSON fields need to be with following field names 'name, isFile, hasChild, permission'.
For example: {"cwd":{"name":"FileContent","type":"Directory","size":0,"dateModified":"3/30/2016 9:19:27 PM","hasChild":true,"isFile":false,"filterPath":null,"permission":{"Copy":false,"Download":false,"Edit":false,"EditContents":false,"Read":true,"Upload":false}}, "files":[{"name":"bird.jpg","type":"File","size":102182,"dateModified":"1/9/2016 6:48:42 AM","hasChild":false,"isFile":true,"filterPath":null,"permission":{"Copy":false,"Download":false,"Edit":false,"EditContents":true,"Read":true,"Upload":false}}, {"name":"sea.jpg","type":"File","size":97145,"dateModified":"1/9/2016 6:48:42 AM","hasChild":false,"isFile":true,"filterPath":null,"permission":{"Copy":false,"Download":false,"Edit":false,"EditContents":false,"Read":true,"Upload":true}}], "details":null, "error":null} |
It used to search all the matched files and sub-folders in the given folder path also it filters the specified files using it types. |
NOTE
If needed, customer can also add additional data along with existing properties using FileExplorerDirectoryContent class
Example
We can make a FileExplorer with access rule by doing following steps,
-
Add the following code example to the corresponding View page to render the FileExplorer.
@Html.EJ().FileExplorer("fileExplorer").Path("~/FileContent/").AjaxAction(@Url.Content("FileAccessDefault"))
-
Add the following code example to the corresponding controller page. The
FileAccessDefault
method triggers from AJAX request with specific ActionType value as parameter.public ActionResult FileAccessDefault(FileExplorerParams args) { FileAccessOperations operation = new FileAccessOperations(GetRules()); switch (args.ActionType) { case "Read": return Json(operation.Read(args.Path, args.ExtensionsAllow)); case "CreateFolder": return Json(operation.CreateFolder(args.Path, args.Name)); case "Paste": return Json(operation.Paste(args.LocationFrom, args.LocationTo, args.Names, args.Action, args.CommonFiles)); case "Remove": return Json(operation.Remove(args.Names, args.Path)); case "Rename": return Json(operation.Rename(args.Path, args.Name, args.NewName, args.CommonFiles)); case "GetDetails": return Json(operation.GetDetails(args.Path, args.Names)); case "Download": operation.Download(args.Path, args.Names); break; case "Upload": operation.Upload(args.FileUpload, args.Path); break; case "Search": return Json(operation.Search(args.Path, args.ExtensionsAllow, args.SearchString, args.CaseSensitive)); } return Json(""); } public FileAccessInfo GetRules() { FileAccessInfo rules = new FileAccessInfo(); List<AccessRule> accessRules = new List<AccessRule> { // For Default User new AccessRule { Path = "*.*", Role = "Default User", Read = Permission.Deny, Edit = Permission.Deny, Copy = Permission.Deny, Download = Permission.Deny }, new AccessRule { Path = "*", Role = "Default User", Read = Permission.Deny, Edit = Permission.Deny, Copy = Permission.Deny, EditContents = Permission.Deny, Upload = Permission.Deny }, new AccessRule { Path = "", Role = "Default User", Read = Permission.Allow, Edit = Permission.Deny, Copy = Permission.Deny, EditContents = Permission.Deny, Upload = Permission.Deny }, // For Administrator new AccessRule { Path = "*.*", Role = "Administrator", Read = Permission.Allow, Edit = Permission.Allow, Copy = Permission.Allow, Download = Permission.Allow }, new AccessRule { Path = "*", Role = "Administrator", Read = Permission.Allow, Edit = Permission.Allow, Copy = Permission.Allow, EditContents = Permission.Allow, Upload = Permission.Allow }, new AccessRule { Path = "", Role = "Administrator", Read = Permission.Allow, Edit = Permission.Deny, Copy = Permission.Allow, EditContents = Permission.Allow, Upload = Permission.Allow }, // For Document Manager new AccessRule { Path = "*.*", Role = "Document Manager", Read = Permission.Deny, Edit = Permission.Deny, Copy = Permission.Deny, Download = Permission.Deny }, new AccessRule { Path = "Documents/*.*", Role = "Document Manager", Read = Permission.Allow, Edit = Permission.Allow, Copy = Permission.Allow, Download = Permission.Allow }, new AccessRule { Path = "*", Role = "Document Manager", Read = Permission.Deny, Edit = Permission.Deny, Copy = Permission.Deny, EditContents = Permission.Deny, Upload = Permission.Deny }, new AccessRule { Path = "", Role = "Document Manager", Read = Permission.Allow, Edit = Permission.Deny, Copy = Permission.Deny, EditContents = Permission.Deny, Upload = Permission.Deny }, new AccessRule { Path = "Documents", Role = "Document Manager", Read = Permission.Allow, Edit = Permission.Deny, Copy = Permission.Allow, EditContents = Permission.Allow, Upload = Permission.Allow }, new AccessRule { Path = "Documents/*", Role = "Document Manager", Read = Permission.Allow, Edit = Permission.Allow, Copy = Permission.Allow, EditContents = Permission.Allow, Upload = Permission.Allow }, }; rules.Rules = accessRules; rules.Role = User.Identity.Name; // Specify the current user role rules.RootPath = "~/FileContent/"; return rules; }
The following screenshot displays the output of the above code.