Inconsistencies in moving files

Thanks Clif. Well the word document was placed in the 'root' folder, which means that any one should be able to view / move it?

I guess that will lead back to some of the discussion in the other threads about setting permission on uploaded files, which is not support now.

Hi Domo,

Actually the root folder is only accessible to the Admin. Here's the reasoning:

You can't give a Reader or Writer access to the root folder, it belongs to the Admin. In a private wiki, nobody can see it except admin.

That's confusing to a Writer who might not know that they have to be working inside a folder when they add files.

It's a matter of security. It prevents accidental publishing of files that shouldn't be seen. The admin has to purposely publish files that are placed in the root folder.

In my own Private wiki, I have a general purpose Files folder that I know is "public". I know I have to place files there so that people can see them. It takes a little practice to get into the (good) habit of remembering to publish files but it saves you the headache of accidentally publishing something very private.

Hi Clif, thanks for the tips!

i never did know that I can stop people from accessing the root folder. How to set the security for the root folder?

Hi Domo,

The access to the root folder cannot be changed.

Only an Admin or an Editor can create Files, Folders and Pages in the root folder. You can't change that. You can only change the access to a Folder or Page after it's created and then you can allow Writers and Readers to use them.

See this page for help with Pages and Folders.
https://pbwikimanual.pbwiki.com/Folders

There is a complete description of the powers for each level here:
https://pbwikimanual.pbwiki.com/Invit...

Hi Clif,

Now this is really weird. I uploaded an image to the root. I logged in with a writer access and I was able to create a wiki page in the 'root' folder ie. select (no folder) when creating the page.

With my writer access, I was able to move an image file away from the root folder to my personal folder.

Sorry, but I am a little confused here. Is this normal?

I didn't believe that a writer had that ability. However, I've gone into my test wiki and I was able to do exactly what you'd told me.

It simply looks like I was dead wrong about the file access. I'll check with the other folks here to verify that. Thanks for asking.

Verified that the Writers are supposed to have access to "unfiled" uploads. I understand now that I had a faulty memory about a previous issue I helped someone with.

There is a special case where Readers and Writers can't see the unfiled uploads. This happens if you invite someone to a premium private wiki and you only give them page-level access.

I hope this helps - please stay in touch if there is anything else I can do for you.

That's be fine. Thanks Clif!

Gosh Clif,

I did more testing and I noted something else. It may not be a case of my user 'moving' a file. I created a 'secure' folder and uploaded a document. Another user can upload a document of the same name into her folder, and mine (in my 'secure' folder) will be 'moved' to her folder.

This sounds worrying especially in a premium wiki with 1000 users. And when file names must be unique, there are many chances where users will 'move' each other's files around unknowingly. Imagine 20 users working with a similar file name 'Meeting Minutes' in different folders.

I hope I'm wrong about this.

Thanks for reporting this. I'll check it out and see if I can reproduce it myself.

Hi Domo,

I was able to reproduce it. I think you deserve our gratitude for finding this one. I'll let you know when it's fixed. Sometimes we're able to fix it right away.

You have my thanks.

Hi Clif,

really appreciate the prompt response. You guys are the best!

Hi Clif,

sorry I've lost the last email you wrote to me on this issue. Can't remember what you said about overwriting files. Any chances you remember? (can you email me again please?)

Oh I was referring to your last reply in this thread where we noticed that in an enterprise environment, I can 'steal' another person's document from his 'secure' folder simply by uploading a document with the same filename to my folder. By doing so I can see all the previous revisions and his 'private' content. Any way to prevent this?

This issue has been marked as a confirmed bug. There is no work-around other than to chose cryptic names for your files that need to stay private.

This thread will be updated when we find a solution to this problem.

Thanks for being patient.

Oh, thanks Clif again. Really appreciate your advices!