Thanks for your reply.
My apologies for not write this issue down properly with all the details and wrong wording. (with the main folder in this context I meant the main folder for the collection of all the protected files let’s call it “protected files folder”, sorry my bad). I haven’t really worked on a project with protected files before so I wasn’t aware of all the details.
To sort this out:
It seems that all documents which are protected no matter if a single document in an unprotected folder or files within a protected folder get this hash in their url. Is this correct?
A file protected in an unprotected folder by using the “Who can view this file?” to “Logged-in users” works as expected and opens correctly (with hash in url) when user is logged in.
A file within a protected folder ( “Who can view this file?” set to “Logged-in users”) and the file inherits the permission of this folder doesn’t open correctly (this is the set-up of this initial question, I somehow assumed that a file with the lock symbol is secured with the “Who can view this file?” set to “Logged-in users”, but on that website they are all “Inherit from parent folder” )
- I set-up a new project as you recommended and :
1.1. created a protected folder with a file which inherits the permission of the folder:
file in a protected folder loads properly when logged in, but when I copy and paste the url and try it in a different browser (not logged in state) I get a white page with ‘Not found’ instead of a proper ‘404 page’ or as I would expected getting redirected to the login page, but maybe my expectation is wrong.
1.2. uploaded a file and protected it in an unprotected folder works as expected, but again when I try to use the document url unlogged, I get the page with ‘Not found’ instead of a proper ‘404 page’ (same behaviour as above)
1.3. upload a file and protect the file itself (without a folder - so in top level “Files” folder) same behaviour as in 1.2.
Now, it dawns on me that this has probably something to do with the upgrades of the website. This website has been updated from version 3.6.6 to 4.3 to 4.6 to 4.7 and now 4.11. The upgrade to 4.3 had been done with the MigrateFileTask and I think that’s where the hashes were introduced if I remember correctly.
They are updating some content and finally want to go live and now this bubbles up. I think it never has been tested in between. So, I can’t really verify if it ever worked.
I have an archive of the 4.7 version and there the files are loading properly, but the url doesn’t contain a hash and when I try the url in a different browser window (not logged in), the documents show as well. Either this was a bug or a mis-configuration in the upgrading part? The url is missing the hash somehow or maybe they changed it back to protected files without the hash?
So, some step seems to be missing in the upgrade process, but I can’t find any special documentation except the one from V3 to V4 using the MigrateFileTask .
In the _config folder mysite.yaml I have the following configuration:
I checked the Change logs, but can’t find anything. Did I miss any other documentation in between regarding the files/folders?
Do you have any idea, which parts of the software have been changed regarding the documents in protected folders? Thank you very much.