File Firewall for Logged-In User

The CMS Questions
1

Hey there, and thanks in advance to everyone who’s willing to help :slight_smile:
I have the plugin “bouncer” installed to grant access only to special sites for viewer and editors. that works.
also i followed the cookbook for file-firewalls: Protecting files | Kirby CMS
and got working, that if i upload any file the file URL is only readable when logged in cause you never get the original file path.
perfect and thanks to @texnixe
this works in my blueprint when:

files:
            type: files
            template: protected

Now i want ALL file uploads on this pages with this blueprint to be “secured”. how can i get the route template working for parts like:

fields:
                      bezeichnung:
                        label: Bezeichnung
                        type: text
                      beschreibung:
                        label: Beschreibung
                        type: textarea
                      bild:
                        label: Bild
                        type: files

or

type: layout
                layouts:
                  - "1/1"
                  - "1/2, 1/2"
                  - "1/4, 1/4, 1/4, 1/4"
                  - "1/3, 2/3"
                  - "2/3, 1/3"
                  - "1/3, 1/3, 1/3"
                fieldsets:
                  - heading
                  - text
                  - list
                  - image
                  - gallery
                  - video
                  - code
                  - markdown
                  - button
                settings:
                  fields:
                    class:
                      type: text
                      width: 1/2
                    id:
                      type: text
                      width: 1/2
                    image:
                      label: Background image
                      type: files
                      fields:

I tried to add “template: protected” again but i does not work.
Perhaps someone can give me a hint…

2

@nauti23 Please use three backticks before and after pasting a block of code here. And try to make sure the formatting is correct (as you are actually having it in your code files). Otherwise your post is just completely unreadable and giving support impossible. I edited it above

1 Like
3

thank you @distantnative and sorry.

in addition:
what works is to upload images in the file field with template protected (mentioned at the top) and use is in the other (block-)fields f.e. → the URL is than secured.

but a user would probably use the upload in the direct location of editing, and for that die URL wont go through the route…

4

For the block types that contain images, you would have to overwrite the block yml files (Customizing core blocks | Kirby CMS). In a textarea, you can set the upload option: Textarea | Kirby CMS

5

Thanks @texnixe, so that helps to find my way. but one question, if i use “layouts” like this, where to define something like “uploads: false” for images, videos, gallery etc?

                type: layout
                layouts:
                  - "1/1"
                  - "1/2, 1/2"
                  - "1/4, 1/4, 1/4, 1/4"
                  - "1/3, 2/3"
                  - "2/3, 1/3"
                  - "1/3, 1/3, 1/3"
                fieldsets:
                  - heading
                  - text
                  - list
                  - image
                  - gallery
                  - video
                  - code
                  - markdown
                  - button
                settings:
                  fields:
                    class:
                      type: text
                      width: 1/2
                    id:
                      type: text
                      width: 1/2
                    image:
                      label: Background image
                      type: files
                      fields:
6

As I said, in the respective block types, image, video, gallery