How to Restrict users from Uploading and Downloading Certain File Types
If a customer wishes to restrict the types of files (by file-name extension) that can be downloaded by an end-user, an example of how to do so may be found in the PeopleTools Test Utilities demo application ("PeopleTools->Utilities->Debug->PeopleTools Test Utilities").
Below Sample PeopleCode uses the "JSP" file extension, something similar may be done to restrict other file-types or to specify a list of permissible file-name extensions rather than a list of impermissible file-name extensions.
First, implement something like the user-defined PeopleCode function, IsLegalAttachmentType, as it is defined in the "FILE_ATTACH_WRK . ATTACHUTIL . FieldChange" Record PeopleCode program:
Function IsLegalAttachmentType(&str_AttachFileName As string) Returns boolean;
rem Create array of illegal file-types (use uppercase only!);
Local array of string &IllegalTypesArray = CreateArray(".JSP");
rem Clean up the input file-name;
Local string &strAttachFileNameUpper = Upper(LTrim(RTrim(&str_AttachFileName)));
rem Assume the file-type is legal for now;
Local boolean &IsLegal = True;
rem Search the array to see if the file-name has an illegal file-type;
Local integer &I;
Local integer &ArrayCnt = &IllegalTypesArray.Len;
For &I = 1 To &ArrayCnt
Local string &str_AttachFileType = Right(&strAttachFileNameUpper, Len(&IllegalTypesArray [&I]));
If &str_AttachFileType = &IllegalTypesArray [&I] Then
rem The file-type is illegal;
&IsLegal = False;
Break;
End-If;
End-For;
rem Return the answer;
Return &IsLegal;
End-Function;
Next, modify your calls to ViewAttachment to something like the following (as is done in the "FILE_ATTACH_WRK . ATTACHVIEW . FieldChange" Record PeopleCode program):
If (IsLegalAttachmentType(&ATTACHSYSFILENAME)) Then
&RETCODE = ViewAttachment(&URL_ID, &ATTACHSYSFILENAME, &ATTACHUSERFILE);
End-If;
Next, modify your calls to DetachAttachment to something like the following:
If (IsLegalAttachmentType(&ATTACHSYSFILENAME)) Then
&RETCODE = DetachAttachment(&URL_ID, &ATTACHSYSFILENAME, &ATTACHUSERFILE);
End-If;
Below Sample PeopleCode uses the "JSP" file extension, something similar may be done to restrict other file-types or to specify a list of permissible file-name extensions rather than a list of impermissible file-name extensions.
First, implement something like the user-defined PeopleCode function, IsLegalAttachmentType, as it is defined in the "FILE_ATTACH_WRK . ATTACHUTIL . FieldChange" Record PeopleCode program:
Function IsLegalAttachmentType(&str_AttachFileName As string) Returns boolean;
rem Create array of illegal file-types (use uppercase only!);
Local array of string &IllegalTypesArray = CreateArray(".JSP");
rem Clean up the input file-name;
Local string &strAttachFileNameUpper = Upper(LTrim(RTrim(&str_AttachFileName)));
rem Assume the file-type is legal for now;
Local boolean &IsLegal = True;
rem Search the array to see if the file-name has an illegal file-type;
Local integer &I;
Local integer &ArrayCnt = &IllegalTypesArray.Len;
For &I = 1 To &ArrayCnt
Local string &str_AttachFileType = Right(&strAttachFileNameUpper, Len(&IllegalTypesArray [&I]));
If &str_AttachFileType = &IllegalTypesArray [&I] Then
rem The file-type is illegal;
&IsLegal = False;
Break;
End-If;
End-For;
rem Return the answer;
Return &IsLegal;
End-Function;
Next, modify your calls to ViewAttachment to something like the following (as is done in the "FILE_ATTACH_WRK . ATTACHVIEW . FieldChange" Record PeopleCode program):
If (IsLegalAttachmentType(&ATTACHSYSFILENAME)) Then
&RETCODE = ViewAttachment(&URL_ID, &ATTACHSYSFILENAME, &ATTACHUSERFILE);
End-If;
Next, modify your calls to DetachAttachment to something like the following:
If (IsLegalAttachmentType(&ATTACHSYSFILENAME)) Then
&RETCODE = DetachAttachment(&URL_ID, &ATTACHSYSFILENAME, &ATTACHUSERFILE);
End-If;
Comments
Post a Comment