File access issue from Automated jobs


I’m developing a feature to make some files accessible only for a certain group of users.

What I’ve done until now:

  1. Created a new folder in File Manager and adjusted the permissions (so only the predefined user group has access to it).
  2. Added files to it.
  3. Created an automated job to maintain these files.

My problem is the following: Whenever I try to access these files in the automated job, I get nothing, due to the permission restrictions.

Up until this point I thought that cronjobs are running as admin user, but apparently that’s not the case.

Also tried to log in as admin at the beginning of my code, but this does not happen because I’m in console and there’s no session.

So practically I locked out myself from the folder when I try to access it via console command.

Any solution or advice is welcome.

Since you mention Automated Jobs, I’m guessing you are not using v9+ Tasks. Your concrete and PHP versions could be helpful.

How/what is “maintaining” these files? Showing some code would help, as well as how you are trying to “log in admin”.

Is Admin (ID:1) in the user group?

Are you sure the cronjobs are not running as admin? Here’s a snippet to test:

$u = $app->make(\Concrete\Core\User\User::class);
if (!$u->isSuperUser()) {
    die('You are no superman!');
    // ... Good to go ...

What does your “console command” look like?

Are you logging/getting errors in the logs?

HI @jasteele12

That’s exactly what I did.

My development version is indeed 8.5.12

And in the Automated job I wasn’t able to get things working as an admin. So based on your code it fails with message “You are no superman!”

So I’m curious am I the only one who can’t run Automated Jobs as admin? I also thought that’s how it should work out of the box.

Meanwhile I’ve found a workaround to serve the content using routes, triggered directly from browser, because there I have a legit user session and I can check if the user has proper access to the files or not.
So my final solution - due to this issue around Automated Jobs not running as Admin - was not implemented based on Concrete CMS best practices (using file permissions) but based on a simple:

if ($u->inGroup(Group::getByName('DocumentAccess'))) {
    //return files

Not the cleanest solution, but hey, if it works :wink:

Might be a good idea to ask about running the Automated Jobs as admin at the next town hall. Or how the Concrete team would handle it. Or maybe @EvanCooper knows?

I’ve used the following in some older tools scripts:

$u = new User();
$u->setUserId(USER_SUPER_ID);  // run as super admin (id = 1)

I’d be interested to see what your job did if you added that?