Answer the question
In order to leave comments, you need to log in
S
S
smilelan2020-08-17 22:15:52
smilelan, 2020-08-17 22:15:52
How to restrict user access to folders in storge?
Good evening! How can I restrict access to only my files in storage, in which everything is divided by user id. The essence is such that one user could not have access to files that he did not download. Thanks
2 answer(s)
@smilelan
materials
https://laravel.com/docs/7.x/authorization
https://laravel.com/docs/7.x/filesystem
https://laravel.com/docs/7.x/eloquent-relationships
@Kostik_1993
J
jazzus, 2020-08-18 @smilelan
Create a disk with visibility private in the filesystems config or change file privacy on boot.
Make the relation user hasMany files.
Make the FilePolicy policy where to register in the view / download method
return $file->user_id === $user->id;
Before running the Storage methods, run the policy check everywhere. For example in the controller
$this->authorize('download', $file);
return Storage::disk($disk)->download($path);materials
https://laravel.com/docs/7.x/authorization
https://laravel.com/docs/7.x/filesystem
https://laravel.com/docs/7.x/eloquent-relationships
K
Konstantin B., 2020-08-17 @Kostik_1993
At the level of restricting direct access to files, no way!
Write the solution in your code, serving files from PHP.
Alternatively, instead of the usual numeric id, use a unique independent uuid, but access will still be direct, but it’s not so easy to calculate it.
You also need to use Temporary URLs, especially since Laravel can do this out of the box.
And don't forget to put files in storage without the public mark.
Similar questions
S
V
C
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question