Jump to content

How to restrict access to files (by PW $user)?


valan
 Share

Recommended Posts

There are pages that can only be accessed by defined logged-in PW users (checked via api).

Apart of inaccessible (for others) fields, these pages have File input field.

In PW all files are stored in .../assets/files/<page_id>/filename. These files can be accessed by everybody, e.g. it compromises security.

Q: How to restrict access to files, depending on PW $user?

Link to comment
Share on other sites

Merry Christmas everybody!

Sorry for not being here guys, I had to quit web-development for a while. Still come here regularly and read a lot of cool stuff you post.

Hey, Valan. I guess this is what you need:

Add support for secured pagefiles. Now unpublished or non-public pages may have their files (in /site/assets/files/...) protected from direct URL access. For existing installations, you need to add $config->pagefileSecure = true; to your /site/config.php in order to enable this capability. See also $config->pagefileUrlPrefix and $config->fileContentTypes in /wire/config.php, if interested. Files become secured when the page is not accessible to the 'guest' role.

Also check out these modules for more granular access control:

http://modules.processwire.com/modules/page-edit-per-user/

http://modules.processwire.com/modules/page-edit-per-role/

It should be enough to solve this problem.

  • Like 4
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...