Programatically Give Group File Manager Access

Hi again. I am trying to create a package that will give a certain group access to the file manager upon install. The group doesn’t really need access to the dashboard, just have the ability to have ConcreteFileManager load with my block.

I’ve pieced together the code below but it gives me the error “Call to a member function addListItem() on null”. Any ideas why $pa is not an object? I used the example Advanced: Programmatically Setting Permissions on an Object :: Concrete CMS but it doesn’t really explain where $f comes from. So I am suspicious that $f is not being correctly retrieved.

Any ideas?

// Create a Folder
$filesystem = new Filesystem();
$baseFolderName = 'Attendees';
$basefolder = FileFolder::getNodeByName($baseFolderName);
if (!is_object($basefolder)) {
    $folder = $filesystem->getRootFolder();
    $folderName = t($baseFolderName);
    $basefolder = $filesystem->addFolder($folder, $folderName);
}
		
$f = FileFolder::getNodeByName($baseFolderName);

$pk = PermissionKey::getByHandle('view_file_in_file_manager');
$pk->setPermissionObject($f);
$pa = $pk->getPermissionAccessObject();

$repository = $this->app->make(\Concrete\Core\User\Group\GroupRepository::class);
$g = $repository->getGroupByName('Attendance Editor');
if (is_object($g)) {
    $pae = GroupPermissionAccessEntity::getOrCreate($g);
    $pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
}

$pa->markAsInUse();

Additionally, I came across this… concrete5 - Grant Access Only to Files Users Have Uploaded Themselves - YouTube
Is there a way to do this in a package?

Hi @Chrouglas

If you var dump after each of these what do you get?


$pk = PermissionKey::getByHandle('view_file_in_file_manager');
// var_dump($pk);
$pk->setPermissionObject($f);
// var_dump($pk);
$pa = $pk->getPermissionAccessObject();
// var_dump($pa);

And then after that this would probably be helpful too:
get_class_methods($pa)

Does this tell you anything? $pa comes back null?

// var_dump($pk);
object(Concrete\Core\Permission\Key\FileKey)#1461 (11) {
  ["error"]=>
  string(0) ""
  ["permissionObject":protected]=>
  NULL
  ["pkID"]=>
  int(50)
  ["pkName"]=>
  string(25) "View File in File Manager"
  ["pkDescription"]=>
  string(28) "Can access the File Manager."
  ["pkHandle"]=>
  string(25) "view_file_in_file_manager"
  ["pkCategoryHandle"]=>
  string(4) "file"
  ["pkCanTriggerWorkflow"]=>
  int(0)
  ["pkHasCustomClass"]=>
  int(0)
  ["pkCategoryID"]=>
  int(6)
  ["pkgID"]=>
  NULL
}
// var_dump($pk);
object(Concrete\Core\Permission\Key\FileKey)#1461 (11) {
  ["error"]=>
  string(0) ""
  ["permissionObject":protected]=>
  object(Concrete\Core\Tree\Node\Type\FileFolder)#2776 (17) {
    ["error"]=>
    string(0) ""
    ["childNodes":protected]=>
    array(0) {
    }
    ["childNodesLoaded":protected]=>
    bool(false)
    ["treeNodeIsSelected":protected]=>
    bool(false)
    ["tree":protected]=>
    NULL
    ["fslID":protected]=>
    NULL
    ["treeNodeID"]=>
    int(147)
    ["treeNodeTypeID"]=>
    int(7)
    ["treeID"]=>
    int(3)
    ["treeNodeParentID"]=>
    int(7)
    ["treeNodeDisplayOrder"]=>
    int(4)
    ["treeNodeName"]=>
    string(9) "Attendees"
    ["dateModified"]=>
    string(19) "2023-01-27 13:12:21"
    ["dateCreated"]=>
    string(19) "2023-01-27 13:12:21"
    ["treeNodeOverridePermissions"]=>
    int(0)
    ["inheritPermissionsFromTreeNodeID"]=>
    int(7)
    ["treeNodeTypeHandle"]=>
    string(11) "file_folder"
  }
  ["pkID"]=>
  int(50)
  ["pkName"]=>
  string(25) "View File in File Manager"
  ["pkDescription"]=>
  string(28) "Can access the File Manager."
  ["pkHandle"]=>
  string(25) "view_file_in_file_manager"
  ["pkCategoryHandle"]=>
  string(4) "file"
  ["pkCanTriggerWorkflow"]=>
  int(0)
  ["pkHasCustomClass"]=>
  int(0)
  ["pkCategoryID"]=>
  int(6)
  ["pkgID"]=>
  NULL
}
// var_dump($pa);
NULL

So here are a few examples from the core:

So in both cases they’re checking for is_object on $pa - so there’s something going wrong with your $f I think.

One thing I’m wondering, since you’re doing this for a folder that you’ve just created - does this code work for a preexisting folder? I’m wondering if there’s some sort of filesystem resync or something that has to happen after the folder is created for this function to become aware that there’s a folder available to be retrieved by that name.

Taking another look, I’m not sure if that permission key applies to file folders, it looks like it applies to files. They do look assigned here, but maybe if you call the actual key by name that you’re looking for it would work better?

So maybe you’d be better off calling

$pk = PermissionKey::getByHandle('view_file_folder_file');

Sorry this is kind of stream of consciousness :wink:

Thanks for the insight! You are spot on with your last thought re: ‘view_file_folder_file’. I was able to use that to give the group that permission. But I am still not able to select a file as a member of the group.

For good measure I added all file permissions to that group manually in the dashboard.

Made sure I was actually a member of the group…
1-IsGroupAddedToUser

Made sure the permissions were set…

Checked that it works when logged in as admin…

But still doesnt work as group member…

I tried to find the solution to the ‘ConcreteFileManager is not defined’ error and found two references…

	public function registerViewAssets($outputContent = '')
	{
		$this->requireAsset('core/file-manager');
		$this->requireAsset('core/lightbox');
	}

and

	public function view()
    {
		$this->requireAsset('core/file-manager');
		$this->requireAsset('core/lightbox');
		$this->set('entries', $this->getEntries());
		$this->set('attr_keys', $this->getAttributes());
    }

but unfortunately neither works.
Any idea what I am missing?
Thanks in advance!

Yeah, so my hunch is there are some additional assets you need to add or something along those lines. So when you are logged in as admin, you have an edit bar, but not when you are logged in as this attendance editor user, right?

The thing is that the edit bar inclusion will load a bunch of assets automatically in addition to the ones you’re already loading.

So you might take a look at what assets are getting loaded when you’re logged in as an admin, and compare that to what your attendance editor has when they’re logged in, and see if you can spot the difference and load that asset in. But I’d bet dollars to donuts it’s not a permissions issue, because I feel like you’d be getting forbidden errors if so.