Feature Wiki

Information about planned and released features

Tabs

Customizable Maximum File Upload Size

Page Overview

1 Initial Problem
2 Conceptual Summary
- 2.1 Initial situation
- 2.2 Policies
- 2.3 General Rules for Policies and Fallbacks
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
4 Technical Information
5 Privacy Information
6 Security Implications
7 Archives
- 7.1 RFC 2119
- 7.2 Requirements
8 Contact
9 Funding
10 Discussion
11 Implementation

1 Initial Problem

TH Köln as well as others need to balance the need for uploading huge files to ILIAS with keeping data storage to a minimum to ensure quick backup times. In addition, given the option users often upload files to ILIAS only to offer the download of said files for students instead of using a cloud service like Sciebo, OneDrive, Dropbox etc. and linking the files. No tracking of working progress for those files is done in ILIAS.

However, some users need to be able to upload bigger files than most ILIAS users:

ILIAS administrators
ILIAS Support staff handling service requests by users (for example: importing courses)
Key users from faculties/departments
etc.

Currently there is only one global size limit for uploading/importing files in ILIAS which is set via PHP.INI:

upload_max_filesize

This one limit also applies to features where different size limits should be made available:

personal profile picture
personal and shared resources
forum post attachments
upload questions in tests (?)
upload assignments in exercises (?)

2 Conceptual Summary

2.1 Initial situation

ILIAS has many functions where users can upload files. Currently there is a global maximum in all places, which is set by two PHP settings (and possibly also limits to web servers):

post_max_size
upload_max_filesize

Modifiers on the upload elements (e.g. UI\Input\Field\File) can be used to set smaller upload limits than the global limit, but this applies equally to all users.

A limit greater than the global limit is currently not possible. To upload files larger than the limit set by PHP, the upload must be done via a so-called chunked upload. The file is sent to the server asynchronously in smaller parts and then merged into one file on the server before it can be processed further.

This feature request is intended to describe various configuration options for upload limits. The implementation will take place over several releases and many places have to be adjusted gradually so that the configurable upload limits can be applied.

In total, the following configurable upload limits (Policies) should be possible in the future:

Global upload limit per user
Global upload limit per role
Local upload limit use case (e.g. upload of a profile picture)

For ILIAS 9 we suggest the first two variants, the third case requires adjustments to the individual upload points/use cases.

Basically, configurable upload limits can only be applied where one of the following components is used:

ILIAS\UI\Component\Input\Field\File
ILIAS\UI\Component\Dropzone\File\Wrapper
ILIAS\UI\Component\Dropzone\File\Wrapper

2.2 Policies

Policies always contain the following attributes:

Title (to describe it's purpose)
Limit (in MB)
Audience (User or Role or Global)
Scope (Global, later other scopes such as use case, repository location, ...)
Validity (always, or until date)
Status (active/inactive)

2.3 General Rules for Policies and Fallbacks

With the enhancement, which later allows different configurable limits (Policies) that influence each other, the following general rules are defined:

If no policy is applied, the upload limit is always equal to the PHP settings.
If multiple policies apply to a user and/or use case, the highest limit applies
Policies are applied only in places where chunked upload is also possible.
If a upload location defines an explicit upload limit, policies are only applied if they have a smaller limit than the defined.

3 User Interface Modifications

3.1 List of Affected Views

New Tab "Upload Limits" in Administration -> System Settings and Maintenance -> File Services ("fils") which

lists existing policies
allows to create new policy
allows to edit existing policy
allows to delete existing policy

3.2 User Interface Details

The Tab consist of a Toolbar with a "Add Policy" Button and a Presentation-Table for existing Policies:

Deleting a policy is done with a UI\Modal\Interruptive.

Adding and Editing a Policy uses UI\Input-Components:

3.3 New User Interface Concepts

4 Technical Information

Technically, the upload limit valid for a user is made based on his polcies via the already available \ILIAS\UI\Implementation\Component\Input\UploadLimitResolver.

As explained in the introduction, this only applies to places that make file uploads with components from the UI service. Therefore, due to the elimination of all legacy components with ILIAS 10 (see BigProjects), all jobs will benefit from this in the future.

The implementation for use case specific policies is proposed as a separate feature request for ILIAS 10 or later.

5 Privacy Information

No direct user-related data is stored by this feature. A policy can only have a reference to a user ID.

6 Security Implications

The server-side limit through PHP cannot be bypassed, server admins can still use this to limit how much data can be sent to the server via a request.

7 Archives

A workshop on this topic was held on 11 Aug 2022, 14:15 - 15:45: Workshop 'Customizable Maximum File Upload Size'.

ILIAS_Customizable_Upload_Limits.pdf (177.79 KB)

Former content

7.1 RFC 2119

RFC 2119

In order to provide a clear understanding of the importance/relevance of a requirement we use the following keywords as described in RFC 2119:

MUST, MUST NOT
REQUIRED
SHALL, SHALL NOT
SHOULD, SHOULD NOT
RECOMMENDED
MAY
OPTIONAL

7.2 Requirements

ILIAS administrators must be able to limit the max. file size for uploads/imports for certain users and use cases. However, ILIAS admins must not be able to exceed the set PHP limit. That means that the PHP setting still defines the max. possible file size everywhere (system admin > ILIAS admin).

It should be able to customize the max. file size by/for:

user-id
role-id (for repository uploads)
object type, i.e. a higher limit for importing courses than for uploading files (?)
personal profile picture
personal and shared resources
forum post attachments
repository node (root, category, course, group, folder) (?)

Old but not forgotten

In addition to the general "Maximum File Upload Size" there should be a "Customizable Maximum File Upload Size".
Tödt, Alexandra [atoedt] Ich würde das nicht zusätzlich machen, sondern einen default setzen und den fallweise änderbar machen.

Such a customizable upload limit could be attached to the following criteria: User | Role | Time | Scope/Area | Object Type
All have their advantages and disadvantages. #
A combination of Time and Scope/Area appears to be practical in the definition and management.

For example, it could be arranged like this:

General Maximum File Upload Size = 100 MB
Customizable Maximum File Upload Size:
- FB1 » BA Architecture »» 400 MB | today until 31.05.2020
- FB8 → 600 MB | 30.08.2020 until 31.10.2020
- Category » Category » Category » Course → nnn MB | dd.mm.yyyy until dd.mm.yyyy

Tödt, Alexandra [atoedt] Muss die Zeit dazu? Das ist unübersichtlich und ich würde nur Scope nehmen

Toolbar: Add new config

Form to set a new config

Startdate + Enddate
Max. Upload File Size in MB
Scope via Repository Picker (only Container Objets can select)

List with configs in a Table:

Startdate (sortable)
Enddate (sortable)
Max. Upload File Size (sortable)
Scope (Full Path) (sortable)
Actions (Deactivate/Activate | Edit | Delete)

8 Contact

Author of the Request: Sesterhenn, Fabian [sesterhenn]
Maintainer: Schmid, Fabian [fschmid]
Implementation of the feature is done by: Fuhrer, Thibeau [tfuhrer] und Zehnder, Lukas [lzehnder]

9 Funding

If you are interest in funding this feature, please add your name and institution to this list.

TH Köln

10 Discussion

Sesterhenn, Fabian [sesterhenn] 25. Mar 2022: Reviving/Reworking this zombie with the blessing of Samoila, Oliver [oliver.samoila]

Lorenz, Katharina [klorenz] 26 Apr 2022: Hi Fabian and Oliver, we would like to focus on this feature request for ILIAS 9, what do you think, what is the current status? Do you actually want to revise this FR?

Sesterhenn, Fabian [sesterhenn] 26. Apr 2022: I think the most important part right now would be to define the scope of this FR. The ultimate goal should be (in my opinion) to be able to limit the max. upload file size per ILIAS object. This requires the coordinated work of a lot of maintainers, not only the maintainer for the file service. I think currently some modules use the file service, some do not. The ones that do not should start doing so, so that a centralized solution for this FR can be implemented via the file service. It would be great to get a first feedback on this by Fabian Schmid.

Schmid, Fabian [fschmid] 26-04-2022: You have already written it correctly, this implementation will need all maintainers who do anything with fileuploads. First and foremost, we would extend the upload service so that you can specify an upload configuration per component or per use case. But this also applies to the form elements.
From my point of view this only makes sense for components which already use
a) use the UploadService directly and not e.g. the legacy implementation of ilUtil
b) use the new forms (UI service)
c) preferably already using the storage service, which unfortunately are the fewest so far.
of course you could start with a smaller variant, which could e.g. provide upload limits per global role (not per module but per role). But here, too, many parts of ILIAS would already have to be adapted for this purpose. further expansion could then take place for components that already implement points a-c.

Kergomard, Stephan [skergomard] 28 NOV 2022: Please be aware that this also has consequences for WebDAV. As long as no chunked uploads are necessary, i.e. post_max_size and upload_max_filesize are respected, not much would need to be changed, but if this becomes an option, changes might get bigger.

Further: I would kindly ask you to not implement a limit per user. Appart from adding unnecessary complexity (you can always create a role and only add the one user to it), this will further increase the "individualisation" of the system and foster hard to debug and control usage patterns.

JourFixe, ILIAS [jourfixe], 28 NOV 2022 : We highly appreciate this suggestion and accept it for ILIAS 9. There are objections against allowing limits per users and limits per local role. This means, upload policies are only possible for "all users" and for a selected global role. And please add a short notice about the possibility of upload limits to the install.md, section "PHP Installation and Configuration".

11 Implementation

The feature was implemented as described. The administration of the new upload limits is as follows:

For the implementation, the UI\Input\File was also upgraded to handle new chunk uploads. This requires a chunk upload capable UploadHandler, which is implemented in the File object, for example. This means that upload limits can now also be offered that are greater than the configured PHP limit. The adjustments to the UI\Input\File were covered in this PR: https://github.com/ILIAS-eLearning/ILIAS/pull/6382

Test Cases

Test cases completed at 23/10/2023 by Schmid, Fabian [fschmid]

C63551: Upload-Limit für alle Personen festlegen
C63552: Upload-Limit für globale Rolle festlegen
C63553: Upload-Limit deaktivieren
C63554: Zeitliche Begrenzung für Upload-Limit festlegen

Approval

Approved at 2023/10/23 by Sesterhenn, Fabian [sesterhenn]

Last edited: 25. Oct 2023, 10:17, Lorenz, Katharina [klorenz]