I encountered it in the redo project before, and I was too busy to organize it before. Now I will add the record. For the sake of simplicity, I only point out the ideas and key points.
Requirement: Some modules in project management have file upload function, and it must be combined with project permissions and approval process, so that some people can view the contents of the specified folder only after authorization. A module cannot upload stuff during certain stages of the project process.
In the past, the system was written by myself. I plan to use the ckfinder that comes with jeesite to implement it. The project brings 2.3, and theoretically 2.6 is supported. However, I searched a lot of information on the Internet, and they are only simple applications, which cannot be realized.
First observe the default structure, the foreground is a ckfinder.html, which collects some address bar parameters, merges it into the configuration, and creates an instance. I looked at the parameters and found nothing. ckfinder.xml: configuration file, where types is the loaded folder. CKFinderConfig This is the key point. The configuration accepted in the configuration file is only the default configuration, which is immutable and useless once loaded. If you want to dynamically modify permissions, you can only do permission control in this class, so how to pass in appropriate parameters from the front desk. It is obviously not possible to add it directly to ckfiner.html. According to the configuration in web.xml, it must be passed to a dedicated servlet for configuration. This operation is obviously done by ckfinder's js itself, so I went to check the official documentation , can be seen
According to the documentation method, spell the project id and module id in the address bar, pass it into the background, and make relevant judgments before initializing the permissions in the config.
So how to display only the specified type? You can see that there is a type variable in the base class, which corresponds to the configuration file, and is a protected type. The subclass only needs to rewrite it. After experiments, it is not enough to just cover the map of types, an error will be reported, and the typeOrder must be modified at the same time.
In addition, about baseURL and baseDir, because there is a lot of information, I won't go into details here.
The final effect is shown in the figure: ckfinder is an embedded iframe, and functions such as approval are implemented in an external jsp.
==================
4.28 I will add the question about the path. I didn't mention it before, but I took it into consideration when I designed it. According to the original design of jeesite, I wrote a UserfilesDoloadServlet. Because I want to do a project, the directory is isolated, so I imitate his appearance. I wrote the same thing, but found that these previews are uncontrolled, which means that the address can be accessed directly. Of course, users who are not logged in cannot guess the address, but if the logged-in user can guess the real access address of other project files based on the file name, module name, and project ID, this is also mentioned in the graphic HTTP that I saw recently. It is called Force browsing bug. My solution is to add a random string after the project path, so that the files of other projects cannot be browsed by guessing the path. There are of course more draconian methods, but it doesn't feel necessary in this project.