I'd like to use Dragnet for users to be able to track bugs too. Currently I have the sole available account setup as username guest that has only read rights to public entries. I'd also like to allow them to submit reports, at least on a trial basis to see how it goes.
I know the external add option can be used for submission, but what I want to know is can I limit the file types the users upload. I'd like for them to only be able to upload screenshots, using the normal graphics file extensions. The admin user should still be able to add any type file.
Being the sole developer, it would certainly be of benefit to me if users can submit bug reports and can review current bugs, but I can't be having them use it as a file swapping area.
Thanks
Restricting file attachments?
Moderator: SourceGear
Found a way, sorta
I wanted to post this just in case anyone else had similar ideas and needed a step in the right direction.
While it's not quite what I asked for, I have found a way to block attachments from being added at all from the external add page. This required some manual editing of AddItemExternal.aspx which is found in the .\Dragnet\External directory.
This may not work on all browsers, but it does work on the ones I've tested with thus far.
I accomplished this in two ways. For the Internet Explorer crowd, all it required was adding the readonly element to the description text box and to the server function that creates the text box and browse button. In IE, the items are then still visible but you can't place the cursor in the text boxes and nothing happens when you press the browse button. However, in a mozilla based browser, the cursor still could not be placed in either of the two text boxes, but the browse button still worked and whatever file selected via that button was then uploaded.
The second method involved adding a few lines of Javascript. I added a function that simply "hides" the text boxes and the browse button. Then that function is called via an "onload=" statement on the body tag which forces the script to run as soon as the page is loaded.
While this isn't the perfect solution, it is much better than giving everyone with a browser access to upload files to my server. This was just a quick hack. I didn't even try turning Javascript off to ensure that the ability to upload didn't return. I'm sure that could be properly handled by forcing Javascript to be on in the browser and if its not, give the user a message that it is required to view that page.
I'm also sure, if I had the time, with some more work that I could use more Javascript when the submit button is pressed, before the results are sent and processed on the server, that verified the filename and extension to make sure it was an allowed type. Unfortunately I don't have the time right now so this is certainly a better solution than either not using Dragnet at all or allowing any size and type of file to be uploaded by anyone.
While it's not quite what I asked for, I have found a way to block attachments from being added at all from the external add page. This required some manual editing of AddItemExternal.aspx which is found in the .\Dragnet\External directory.
This may not work on all browsers, but it does work on the ones I've tested with thus far.
I accomplished this in two ways. For the Internet Explorer crowd, all it required was adding the readonly element to the description text box and to the server function that creates the text box and browse button. In IE, the items are then still visible but you can't place the cursor in the text boxes and nothing happens when you press the browse button. However, in a mozilla based browser, the cursor still could not be placed in either of the two text boxes, but the browse button still worked and whatever file selected via that button was then uploaded.
The second method involved adding a few lines of Javascript. I added a function that simply "hides" the text boxes and the browse button. Then that function is called via an "onload=" statement on the body tag which forces the script to run as soon as the page is loaded.
While this isn't the perfect solution, it is much better than giving everyone with a browser access to upload files to my server. This was just a quick hack. I didn't even try turning Javascript off to ensure that the ability to upload didn't return. I'm sure that could be properly handled by forcing Javascript to be on in the browser and if its not, give the user a message that it is required to view that page.
I'm also sure, if I had the time, with some more work that I could use more Javascript when the submit button is pressed, before the results are sent and processed on the server, that verified the filename and extension to make sure it was an allowed type. Unfortunately I don't have the time right now so this is certainly a better solution than either not using Dragnet at all or allowing any size and type of file to be uploaded by anyone.
-
Ocean10000
- Posts: 33
- Joined: Wed Dec 14, 2005 4:25 pm
- Contact:
No Javascript solution.
A simpler Method of hiding the Attachment options without javascript or programing would just be to use a simple style change for the two rows relating to the attachment. I used this solution myself much easier for me to remember and update when a new release comes out.
style="Display:None"
style="Display:None"
<tr style="Display:None">
<td class="form_td" noWrap>Attach File:
</td>
<td class="form_td" colSpan="3"><INPUT id="fileUpload" type="file" size="45" name="fileUpload" runat="server">
</td>
</tr>
<tr style="Display:None">
<td class="form_td" noWrap>Attachment Description:
</td>
<td class="form_td" colSpan="3"><asp:textbox id="txtAttachDesc" runat="server" Width="98%" Rows="20" Columns="70"></asp:textbox></td>
</tr>
Some users have written their own Add Item External page using the Dragnet Web Service. If you write your own page, you *should* be able to restrict the file uploads based on file type in the code. It may be easier to do that than try to make the Add Item External page that ships with Dragnet restrict the upload with Javascript.
See the following KB article for more information on using the Dragnet web service:
http://support.sourcegear.com/viewtopic.php?t=2568
See the following KB article for more information on using the Dragnet web service:
http://support.sourcegear.com/viewtopic.php?t=2568
Mary Jo Skrobul
SourceGear
SourceGear