valan Posted December 24, 2013 Posted December 24, 2013 There are pages that can only be accessed by defined logged-in PW users (checked via api). Apart of inaccessible (for others) fields, these pages have File input field. In PW all files are stored in .../assets/files/<page_id>/filename. These files can be accessed by everybody, e.g. it compromises security. Q: How to restrict access to files, depending on PW $user?
slkwrm Posted December 24, 2013 Posted December 24, 2013 Merry Christmas everybody! Sorry for not being here guys, I had to quit web-development for a while. Still come here regularly and read a lot of cool stuff you post. Hey, Valan. I guess this is what you need: Add support for secured pagefiles. Now unpublished or non-public pages may have their files (in /site/assets/files/...) protected from direct URL access. For existing installations, you need to add $config->pagefileSecure = true; to your /site/config.php in order to enable this capability. See also $config->pagefileUrlPrefix and $config->fileContentTypes in /wire/config.php, if interested. Files become secured when the page is not accessible to the 'guest' role. Also check out these modules for more granular access control: http://modules.processwire.com/modules/page-edit-per-user/ http://modules.processwire.com/modules/page-edit-per-role/ It should be enough to solve this problem. 4
valan Posted December 25, 2013 Author Posted December 25, 2013 Hi slkwrm! Merry Christmas and thanks for solution!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now