This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.

bashar.ayyash
bashar.ayyash

Hello,

I built a plugin for frontend users to access files stored in media folder using Media Manager, can I add session for the files so users when trying to copy and send the file link to other non-registered users the app will warn them about the session.

I want that they can't access the files unless they are registered and logged in? is this possible with Media Manager?

Thanx,

mjauvin
mjauvin

How do you use the media manager in your plugin?

mjauvin
mjauvin

You could use the beforeRoute event to check if the user is authenticated before serving the file I guess:

https://octobercms.com/docs/api/cms/router/beforeroute

bashar.ayyash
bashar.ayyash

@mjauvin I'm using the media manager to attach file/document path with each post from the backend and in the user frontend page i display the post with a link to its document and in link href I'm using the media filter to get the path.

mjauvin
mjauvin

yes, so try the event I suggested above.

JeffGoldblum
JeffGoldblum

If you're trying to prevent users from accessing files unless they're logged in then you have to use the File model and attachOne / attachMany relationships so that you can set the relationship to public => false. Otherwise the file will be publicly accessible in the storage folder and there's pretty much nothing you can do to stop that; beyond setting up a server config to force requests to a specific mediamanager directory to be handled by PHP at which point you could have checks for authentication, but really by that point you're already basically duplicating the functionality of private file attachments so you're better off just using those to begin with.

mjauvin
mjauvin

@LukeTowers, forgot it was handed directly from the webserver because of the htaccess rule... You could also remove the htaccess rule that forces media files to be served by the webserver and have it go through the CMS framework... and handle it through the beforeRoute event.

JeffGoldblum
JeffGoldblum

I would really just recommend you use protected files instead, that's what they're designed for and it won't rely on a specifically customized server config which is going to be more reliable in the long run. Additionally I don't think October is setup to respond to requests for media library assets with the contents of said assets, so all you'd end up with by removing that rule is 404's on every Media Library path.

1-8 of 8

You cannot edit posts or make replies: the forum has moved to talk.octobercms.com.