This is a somewhat esoteric post but maybe useful to know, I saw this while working with the docmanager template, but it might apply in other cases where file downloads and therefore mfhandler.php (library included in phpr) are in use:
The list page in docmanager includes the "file" db-field (which stores the file name, path etc. in json), this is then blended out with CSS display:none.
I removed the file in my app, since I wanted to not have it in any way in the page/source.
This breaks then the call to mfhandler.php which handles file downloads, because it determines the user right to download a file here:
if( !Security::userHasFieldPermissions( $table, $field, $pageType, $pageName, $requestAction == "POST" || postvalue("fkey") ) ) {
exit(0);
}
This check seems to depend whether the field "file" is on the page or not (lost some hair until I found that out...)
This might just be the way things are when using mfhandler for file downloads, but I wondered if there's already a way to use it without having the field "file" on the page at all (short of coding everything myself for the handling of the download).