valan Posted December 24, 2013 Share Posted December 24, 2013 There are pages that can only be accessed by defined logged-in PW users (checked via api). Apart of inaccessible (for others) fields, these pages have File input field. In PW all files are stored in .../assets/files/<page_id>/filename. These files can be accessed by everybody, e.g. it compromises security. Q: How to restrict access to files, depending on PW $user? Link to comment Share on other sites More sharing options...
slkwrm Posted December 24, 2013 Share Posted December 24, 2013 Merry Christmas everybody! Sorry for not being here guys, I had to quit web-development for a while. Still come here regularly and read a lot of cool stuff you post. Hey, Valan. I guess this is what you need: Quote Add support for secured pagefiles. Now unpublished or non-public pages may have their files (in /site/assets/files/...) protected from direct URL access. For existing installations, you need to add $config->pagefileSecure = true; to your /site/config.php in order to enable this capability. See also $config->pagefileUrlPrefix and $config->fileContentTypes in /wire/config.php, if interested. Files become secured when the page is not accessible to the 'guest' role. Also check out these modules for more granular access control: http://modules.processwire.com/modules/page-edit-per-user/ http://modules.processwire.com/modules/page-edit-per-role/ It should be enough to solve this problem. 4 Link to comment Share on other sites More sharing options...
valan Posted December 25, 2013 Author Share Posted December 25, 2013 Hi slkwrm! Merry Christmas and thanks for solution! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now