Multiple contexts and Media source - how to restrict users from uploading to other users context

I have a site where every user gets their own context. I am experiencing issues with them uploading files. They should only be allowed to upload to their own context/media source, but currently they can upload anywhere.

The users can see only their own context and resources, so thats great. They can upload files successfully, so thats great. On their page they can use a template variable to upload a profile photo. The problem begins with the media browser because they are allowed to view and upload all the other hidden contexts.

I’ve been playing with the ACL (access control list) and media sources but I’m hitting a brick wall here.

Any suggestions, things to look into would be great. Thank you in advance

IIRC, the only requirement is that each user group needs to be explicitly granted access to the appropriate media source. If a media source doesn’t have any access permissions it will be visible to everyone so each media source should be assigned to at least one group. Use the Administrator group for media sources you don’t want any users to access (like the default Filesystem source). You can do this from the ACL or from Media > Media Sources. Is this already done?

Thank you for the response, every user only has access to their own context group and their own media source as far as I can tell. They are just in as a user, and not as an admin even in their own media source and context.

I feel the issue is permissions, but… not quite sure what exactly

Are they members of other groups that could be giving them access to the other sources? On my media sources, I have the minimum role set to “Member” and the policy set to “Media Source Admin.” Any source that doesn’t have a user group assigned will be visible to everyone though.

One way to handle this is to connect all the media sources to the Administrator group with Media Source Access ACL entries.

That should hide them from anyone not in the Administrator group who hasn’t been granted explicit access to them with another ACL entry.

The key to hiding things from someone is that objects are only protected (hidden) when they are connected via an ACL entry to a user group the “someone” is not a member of.

Remember also that, as dev_willis suggests, if a person is somehow granted access to an object, nothing else you do can take that access away.

There’s a video of me explaining the entire MODX security system here if you’ve got 50 minutes to spare.

1 Like

I’ve got your video bookmarked, I’ll plan on listening to the whole thing. I started off as a jr dev and shortly after my senior developer left, but I still love and prefer modx. Thank you for explaining things, I’ll wrap my head around this and apply your knowledge, thank you again BobRay

I’m glad I could help. :slight_smile: