It appears that the logic in the method (WEBLINK 9.0) is incorrect as all of the controls will get ID before an actually permissions check is performed. Until this is corrected I have modified the SetBrowserStartID sub to completely fail if the user does not have permission to the folder. Unfortunately this will require recompiling of WebLink.
1. Open Browse.aspx.vb in Visual Studio or favorite text editor.
2. Locate "Private Sub SetBrowserStartID(ByVal FolderID As Integer)".
3. Copy the following code and paste over the original:
Try
Dim entry As ILFEntry = m_Conn.GetEntryFromCache(FolderID, False)
Dim effRights As ILFEffectiveRights = entry.EffectiveRights
If effRights.HasRight(Access_Right.ENTRY_BROWSE) Then
TheFolderMetadata.SetFolder(FolderID)
TheFolderRssLink.FolderId = FolderID
TheDocumentBrowser.FolderID = FolderID
FolderBreadcrumbNavigation.EntryID = FolderID
DocBrowseSearch.CurrentFolder = FolderID
TheFolderRssLink.FolderId = FolderID
Session(OpenFolderSessionVariable) = FolderID
Dim FolderName As String
If FolderID = 1 Then
FolderName = m_Conn.Database.Name
Else
FolderName = entry.DisplayName
End If
ResizeBreadcrumbScript.Text = String.Format("<script>{0}</script>", "(function(){function a(){var c=(function(){var d=0,f=0;if(typeof(window.innerWidth)==""number""){d=window.innerWidth;f=window.innerHeight}else{if(document.documentElement&&(document.documentElement.clientWidth||document.documentElement.clientHeight)){d=document.documentElement.clientWidth;f=document.documentElement.clientHeight}else{if(document.body&&(document.body.clientWidth||document.body.clientHeight)){d=document.body.clientWidth;f=document.body.clientHeight}}}return{w:d,h:f}})();var e=document.getElementById(""FolderBreadcrumbNavigation"");var b=c.w-290;e.parentNode.parentNode.style.width=b+""px""}a();window.onresize=a})();")
Page.Title = Server.HtmlEncode(FolderName) + " - " + m_strings.GetString("STR_LASERFICHE_WEBLINK")
Else
' Build message logged to file
Dim lfConn As ILFConnection = m_Conn.Database.CurrentConnection
Dim logErrMsg As String = String.Format(m_strings.GetString("STR_ENTRY_PERMISSION_DENIED"), entry.ID) & " User (" & lfConn.UserName & ") does not have the read permissions on the entry."
WLConnection.LogError(LogLevel.LOGLEVEL_DEBUG, 0, logErrMsg, Session.SessionID)
End If
Catch ex As Exception
WLConnection.LogError(LogLevel.LOGLEVEL_IMPORTANT, 0, ex, Session.SessionID)
If Not Request.IsLocal Then
Server.Transfer("Error.aspx")
Else
Throw
End If
End Try
4. Save the file and recompile.
Hope this helps!