PicoCMS - NextCloud - Access content folder images secured

Hi All, I have a picoCMS running on nextcloud real smooth. Although, I am experiencing an issue with group permissions on images and md files on picoCMS app (1.0.3) for nextcloud, folders.
Specifying access on md header files I can control which group can see or not an md file on a web browser, this is cool !!

But then, I also want to control the local images on the same folder as the md file, also to that same group, and I want to reference the image on the filesystem in order to automatically change the image with a cron job on linux.

I already achieve that using the assets folder, but in that folder I can’t get the control to a specific group working on the assets sub folder. I Tried the share option on nextcloud folder system and it was no good. Any image on the assets folder or sub folder are viewed by everybody.

The ideal setup is to upload a image to the filesystem (with an scp for example), have the permissions changed in order to the apache webserver can read it, and that way only the folder group can access it image as well as the md file.

The md file load the image by something like ! [alt text] (content/folder/images/image.png)
And the md file would stay on the path (content/folder)

Does anyone know how to do that ?
thanks you very much for your time reading this.

Unfortunately you can create custom access restrictions for pages only, so this isn’t possible for assets right now. There are two possible solutions:

  1. Use ungueassable file names. This is no secure solution, so don’t use it for actually sensitive data.
  2. Create a private website per group. Currently you’d have to share the website’s source folder with these groups (possibly read-only). Starting with v2.1 (still under development) you can also restrict access using the user interface (see https://github.com/nextcloud/cms_pico/pull/99). You can share contents between websites using the regular file sharing (i.e. you could create a common content/sub folder for all websites by simply sharing those folders).

Adding files to the data directory of your Nextcloud using external tools (like scp) is unrelated to Pico CMS for Nextcloud; the usual rules apply. After uploading files to your data directory you’ll have to re-index them using occ files:scan (see occ help files:scan for usage info).

Thank you for your message on clarifying this setup. Option 2 was the way to go and it was OK. Although I don’t know how many websites does picoCMS app for next cloud supports. I guess I will not have more than 100 :slight_smile:

Anyway, do you think it is a good practice with this setup reinforce the access: group on the header of the md files ?

best regards

I guess I will not have more than 100

There’s no limit

Anyway, do you think it is a good practice with this setup reinforce the access: group on the header of the md files ?

If you’ve got an private website with limited access anyway, this isn’t necessary.

Thank you once again for your message and help :slight_smile: