Integrating permissions for the Responsive FileManager

Responsive FileManager is a free, open-source file manager and image manager. Play-cms provides integration with Responsive Filemanager.

Security on Responsive FileManager

Responsive FileManager doesn't provide any reliable authentication mechanism. We provide our own solution that allows to use all advantages of play-cms authentication system.

In order to enable play-cms authentication flow in filemanager you need to do following steps:

  1. Define PLAY_CMS_HOST variable in config.php file:
/* play-cms host. This value is required in order to let filemanager know where authorization requests should be sent */
define('PLAY_CMS_HOST', "http://app:9000");

You can leave this value if play-cms was started in docker or change it on any value that corresponds to your setup.

  1. Include play-cms authentication provider:
include 'permission/FileManagerPermission.php';
$fmp = new FileManagerPermission();


Provided implementation checks if current user have permissions to access to filemanager. This is done by sending request to /admin/api/party/permission/check endpoint and passing required permission. This endpoint will return 200 HTTP code in case if user granted to access filemanager and 4xx code if user unauthorized or not authenticated. Additionally it will return JSON object of following strucutre with reasons explained:

  status: string,
  message: string

Play-cms provides BROWSE_FILEMANAGER permission by default but you can define your own permissions and validate them in the way you want to.