browseonly user defined not working

[kyme32]

i have this code in connectors/php/filemanager.php
the root works but the browseonly function not
can someone explain why and how to fix it?
thank you

<?php
// only for debug
// error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
// ini_set('display_errors', '1');

require_once('application/Fm.php');
require_once('application/FmHelper.php');

function auth()
{
    // IMPORTANT : by default Read and Write access is granted to everyone.
    // You can insert your own code over here to check if the user is authorized.
    // If you use a session variable, you've got to start the session first (session_start())
    return true;
}

$config = array();

// example to override the default config
$config = [
    "options" => [
        "serverRoot" => true,
        "fileRoot" => $_COOKIE["userfolder"],
        "browseOnly" => true,
    ],
];

$fm = Fm::app()->getInstance($config);
$fm->handleRequest();

[psolom]

browseOnly is a client-side option, you have to set it in the JSON configuration file.
To restrict actions at the server-side you have to specify a list of allowed actions at the capabilities option.

$config = [
    "options" => [
        "serverRoot" => true,
        "fileRoot" => $_COOKIE["userfolder"],
        "capabilities" => ["select", "upload", "download", "rename", "copy", "move", "replace", "delete", "edit"];,
    ],
];

However in the next version of RFM this list will be replaced with an option that will take one of two modes: read OR read+write

[kyme32]

Thank you for replay and sorry for the delay of responding.
i've tried your idea and still does't work.
i have in json

{
  "_comment": "IMPORTANT : go to the wiki page to know about options configuration https://github.com/servocoder/RichFilemanager/wiki/Configuration-options",
    "options": {
        "culture": "en",
        "theme": "default",
        "defaultViewMode": "grid",
        "localizeGUI": true,
        "showFullPath": false,
        "showTitleAttr": false,
        "showConfirmation": true,
        "browseOnly": false,
        "clipboard": true,
        "searchBox": false,
        "fileSorting": "NAME_ASC",
        "folderPosition": "top",
        "quickSelect": false,
        "charsLatinOnly": false,
        "serverRoot":true,
        "fileRoot": "/themes/",
        "logger": false,
        "capabilities": [
            "upload",
            "download",
            "delete"
        ]
    },

and the config

<?php
// only for debug
// error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
// ini_set('display_errors', '1');

require_once('application/Fm.php');
require_once('application/FmHelper.php');

function auth()
{
    // IMPORTANT : by default Read and Write access is granted to everyone.
    // You can insert your own code over here to check if the user is authorized.
    // If you use a session variable, you've got to start the session first (session_start())
    return true;
}

$config = array();

// example to override the default config
$config = [
    "options" => [
        "serverRoot" => true,
        "fileRoot" => $_COOKIE["userfolder"],
        "capabilities" => [],
        
    ],
];
//var_dump($config);
$fm = Fm::app()->getInstance($config);
$fm->handleRequest();

i still have all rights from json and i should have none of them, even if i set only in config and nothing in json, it will hang and show only the spinner
Any other idea?
Thank you.
Regards, Emanuel

Edit:
Still, i have found an lil bug, if "folderPosition": "top" then the folders are on top, but before ..(up), it would be nicer to have the folders after .. icon(the up folder icon to be always first)

[psolom]

Empty array will not work. Try to set ["select"].
In case you fail with this solution I can propose you to wait for release of new backend security model, that I have mentioned above. It is planned to be issued soon.

[psolom]

I can see the bug, thanks for reporting. It will be fixed in the next release.

[psolom]

Fixed in v2.3.1

[kyme32]

Hello, and sorry for reopening this raport,
i've tried both the scripts from filemanager.php and i've still not managed to restrict the upload for some users.
in filemanager.config.json i have only select and the filemanager.php looks like this

<?php
// only for debug
// error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
// ini_set('display_errors', '1');

require_once('application/Fm.php');
require_once('application/FmHelper.php');

function auth()
{
	session_start();
    // IMPORTANT : by default Read and Write access is granted to everyone.
    // You can insert your own code over here to check if the user is authorized.
    // If you use a session variable, you've got to start the session first (session_start())
    return true;
}

$config = array();

// example to override the default config
$config = array(
   'options' => array(
        'capabilities' => array(
            'select',
            'download',
            'upload',
            "delete"
        ),
    ),
);

$fm = Fm::app()->getInstance($config);

// example to setup files root folder
$fm->setFileRoot($_COOKIE['userfolder'], true);

// example to set list of allowed actions
$fm->setAllowedActions(["select", "upload", "download", "delete"]);
//$fm->setAllowedActions(["select", "move"]);

$fm->handleRequest();

i've tried with default config override and with setAllowedActions and still i have only select option

any thoughts?
Thank you
Regards, Emanuel

[psolom]

Perhaps I misunderstood your problem. Are you going to restrict file uploading?
In this case you have to remove "upload" from setAllowedActions and capabilities lists. I will be able to check it later today, but as I mentioned before, a new backend security model will be released this week. It will be much simpler and I recomend you to wait for the release.

[kyme32]

Well, i have multiple roots sett by a cookie but i want to restrict in few upload capability, as i thought to make it was only select in json and an if() in filemanager to check a cookie to set the right capabilities, but no matter i set upload and download in php i have only select.
I also found an bug using setFileRoot, using
$fm->setFileRoot('userfiles', true); will do, but on images it has an error on path not making it /userfiles, nothing big but perhaps others don't know to fix it by themselfs
I am waiting the new system but i hope to be able to not use replace or move.
Regards, Emanuel

[psolom]

New backend security model is released in v2.4.0 (setAllowedActions is removed, use new readOnly option)