How to Restrict users from Uploading and Downloading Certain File Types

If a customer wishes to restrict the types of files (by file-name extension) that can be downloaded by an end-user, an example of how to do so may be found in the PeopleTools Test Utilities demo application ("PeopleTools->Utilities->Debug->PeopleTools Test Utilities").

Below Sample PeopleCode uses the "JSP" file extension, something similar may be done to restrict other file-types or to specify a list of permissible file-name extensions rather than a list of impermissible file-name extensions.

First, implement something like the user-defined PeopleCode function, IsLegalAttachmentType, as it is defined in the "FILE_ATTACH_WRK . ATTACHUTIL . FieldChange" Record PeopleCode program:

    Function IsLegalAttachmentType(&str_AttachFileName As string) Returns boolean;
        rem Create array of illegal file-types (use uppercase only!);
        Local array of string &IllegalTypesArray = CreateArray(".JSP");

        rem Clean up the input file-name;
        Local string &strAttachFileNameUpper = Upper(LTrim(RTrim(&str_AttachFileName)));

        rem Assume the file-type is legal for now;
        Local boolean &IsLegal = True;

        rem Search the array to see if the file-name has an illegal file-type;
        Local integer &I;
        Local integer &ArrayCnt = &IllegalTypesArray.Len;
        For &I = 1 To &ArrayCnt
           Local string &str_AttachFileType = Right(&strAttachFileNameUpper, Len(&IllegalTypesArray [&I]));
           If &str_AttachFileType = &IllegalTypesArray [&I] Then
              rem The file-type is illegal;
              &IsLegal = False;
              Break;
           End-If;
        End-For;

        rem Return the answer;
        Return &IsLegal;
    End-Function;

Next, modify your calls to ViewAttachment to something like the following (as is done in the "FILE_ATTACH_WRK . ATTACHVIEW . FieldChange" Record PeopleCode program):

    If (IsLegalAttachmentType(&ATTACHSYSFILENAME)) Then
        &RETCODE = ViewAttachment(&URL_ID, &ATTACHSYSFILENAME, &ATTACHUSERFILE);
    End-If;

Next, modify your calls to DetachAttachment to something like the following:

    If (IsLegalAttachmentType(&ATTACHSYSFILENAME)) Then
        &RETCODE = DetachAttachment(&URL_ID, &ATTACHSYSFILENAME, &ATTACHUSERFILE);
    End-If;

Comments

Popular posts from this blog

Peoplesoft Error: All Processing Suspended: Restart OPRID=PS, RUNID=RUN01, PI=5000(108,503)

Peoplesoft SFTP

Error: Think-time PeopleCode event (Exec), but a SQL update has occurred in the commit interval.