Hello, As it seems, uploaded files can be accessed without being logged in, even though the 'Make files publicly accessible (do not require login)' is not checked at field level. I believe this is due to the fact that that we allowed authorizations for portal visitors (the 'View' right for the object has been checked for portal visitor). However, I believe it should only be accessed when a user OR a portal visitor is logged in, not from a "guest" portal visitor. Can you confirm this error? Thank you, Romain Pennes.
FYI, I was able to rectify this by manipulating the authorizations, using the following configuration :
(I had to add a relationship between my portal visitor object and the object that contains the file upload fields, and restrict 'View' and 'Update' access to this relationship. The portal visitor can only 'Create' records).
However, I still believe that the files type of fields should not be accessible from a non connected user or portal visitor, when 'View' right is set on Portal Visitor role.
Kind regards,
Hi Romain,
Thanks, we'll discuss this one internally when Pavel is back on April 8th. Glad you have addressed this in the meantime.
Regards,
Matt
Romain,
I actually disagree with your sentiment.
Due to fact that sometimes you WILL need to show non-logged users records, e.g. Accouncements, Public files, etc.
Although you have managed to work around this, another way is to probably set the portal pages you want only to be accessed by logged in users to "Portal User must be logged in to view this page", you should be able to find this under the Properties of your portal pages on your portal setup.
Then, you should display the File Uploads only on these specific pages either in View form or in List form.
I think this should work the same way as with what you did:
e.g. Having access only to logged in users.
I believe we should retain the current behavior so that all of us have the option to Enable/Disable viewing for Guest users.
Will wait for Matt / Pavel on this.
Hope you understand,
Piscoso, Martin
Rollbase