Download Permissions

[Nikusa]

Hello,

I am looking to have a setup where every download is visible but not downloadable by default and define on a by file basis which user groups can download that particular file.
The way I am trying to do this is by keeping the categories with inherited permissions (not allowed) and then when I create a download I select a user group or any combination of user groups and change their download permission to allowed.

The way I have it setup, is so that, if you do not have permission to download you can still see the file, but there is no link, after I do the above procedure the link becomes visible to the selected user groups but when I click download I get the message "You do not have permission to download the requested file. Contact the website operator if you are sure that this is incorrect.".

Is what I am trying to acomplish simply not possible? I was under the impression that the hierarchy of permissions went top category -> sub category -> download, and that the download settings should override the others.

Thanks.

[ColinM]

Hi
Good idea but jD, like all other components, needs to follow down the 'chain'. 

First of all you no doubt understand that the view Access level  sets who can see something.  So if that is Public everywhere then everyone can see all downloads.
You need to give the permissions to the categories otherwise you will get the 'not allowed'  syndrome.

Is it not possible to group the software?

I will give this some thought.  Normally I recommend not using 'deny' but you might have just found a reason to use it.  Think you will need a multiple set of categories to act as a 'filter' for various UGs.  So the top level category would be Allowed to download.  If you plan out the tree you can use sub categories to as stoppers for some categories and inherited Allow for others.  Successive layers of sub cats could impleme a pas/stop with downloads attached at various levels.  Think it is possible but suspect it would be a serious challenge to maintain with all the possible combinations..  Hmm I do not like this suggestion!! too complicated.

One also needs to take account of the implied UG  in Joomla!  It might be a good idea to have a hierarchy of UGs that reflect which 'sections' are involved.

Think I need to know how many 'software sections' you are considering.

Colin

[Nikusa]

Thanks for the answer,
I feared that it would be so, however I managed to make a change in the code to make it suit my needs.
In the controller, if given a category in the url(which it does by default) and it is not 0 (uncategorized) it will check the category first and only then the file.

There are a number of ways I could've gone here, but for now I simply commented out the category check and left the file check in,
this way I get the inherited permissions from the categories on download creation and the ability to fine tune those permissions.

Seems a bit odd that we can set the permissions on the file level but the category still has the last say.
Is there a way that I could change the download url to not include the category? seeing as that would solve my problem without any code changes.

Thanks again for the help.

[ColinM]

Hi
I am slightly confused as I have alwys understood that the Downloads inherit permissions from the containing category, which inherits from its containing category and so on.  As I only have my tablet with me it is not simple to check out properly.  Hopefully
I will be able to look in more detail tomorrow.
jD does check down the category chain in the same way as Joomla!  Similarly the links are constructed in the same fashion as Joomla!

Colin

[Nikusa]

The Downloads do inherit from the category, and I take advantage of that in my setup.

Let me try to explain sort of how it goes:
I have around 30 teams (user groups) and the same number of categories (some of them with sub categories).
Everyone can see every download, but as far as permissions to download go the idea is that by default only team A can download from category A, team B from category B and so on.
This is very simple, very easy to implement with jDownloads.
However now I would like to add the option so that on every Download you create you can give download permissions to as many of the other teams as you want, for example I would add a Download to category A and let it inherit download permissions for team A but also allow team C to download.

That is the setup I have implemented, the reason why I was getting the no permission message is because on the controller when jDownloads goes to check if the user has download rights,
it first checks against the category (if given in the url) and only then against the file.
I don't think this makes much sense, since the Download already should've inherited the category permissions on creation and if they are indeed differente its almost certainly because the user made it so on purpose and so the actual Download permission should take priority.

Thanks.

[ColinM]

Hi
I think I now have a better understanding of where you are trying to get to.  Just need to clarify a couple of points.  For

However now I would like to add the option so that on every Download you create you can give download permissions to as many of the other teams as you want, for example I would add a Download to category A and let it inherit download permissions for team A but also allow team C to download.

From the above I think you are suggesting the following.
1. From the front end Upload form there should a "scheme" that would allow a user to add permissions to the Download itself so that any selected set of UGs may download that particular Download. 
2. Further to implement that scheme then jD should just look at the computed permissions of every Download to decide if downloading was possible.

Is the above correct?

Assuming I have understood correctly then I would make the following observations.
A. In general there are a very much larger number of Downloads compared to Categories.  This would have a negative impact on performance.  So if such a scheme were to be included then it would have to be selectable configuration option accompanied by a suitable 'health' warning.
B. This would be different from the present Joomla! standard - but may be not so important as long as the standard one was the default.

Implementing a suitable scheme to make permissions for other UGs could be 'interesting'!

On a slightly different tact but possibly related I would like to see a scheme matrix (table like) scheme With permissions horizontally across the top and UGs on the side with changeable coloured 'squares' denoting the permissions.  Think that would be helpful for many users.

Colin

[Nikusa]

Hi, sorry for the delay

"From the above I think you are suggesting the following.
1. From the front end Upload form there should a "scheme" that would allow a user to add permissions to the Download itself so that any selected set of UGs may download that particular Download.
2. Further to implement that scheme then jD should just look at the computed permissions of every Download to decide if downloading was possible.

1 is unecessary, setting the Download permissions on the backend is good enough for this particular case, although that would be a nice addition.
2 is accurate.

I think I understand where this could be a problem if you are downloading several files at the same time, but for a single file jDownloads already checks for the Download permissions at the download level its only that it checks the category first and only if the user has permissions on the category level will he look to the download.
The only thing gained in this process is that you can deny on the download level so that even if a user has download permissions on a category you can still create a download in that category that this user can't download, but it doesn't provide the opposite where the user doesnt have the category download permissions but can have for the download.

Anyway, with the simple code change I made it solves my problem perfectly.

As for your suggestion for a visual permission matrix, I think thats a fantastic idea, it would certainly be a big help to organize permissions.