I have a Symfony2 project with user management (FOsUserbundle & Sonata bundles). In some case of my application, i need to create files for users, and i want to store them. The files might be big so i exclude storing them in sessions/local storage.
First question : Is there a symfony2 pattern to handle user generated files and storage ? Where does these files should be placed ? Which directory ?
Second question : I have a big file that my app need to use. Users shouldn't have access to this file but mainly my app controllers have to. What is the best secured way to store this file and restrain access ?
First Question: depending on the number of files each user has, I would use some kind of naming convention. e.g. temp/[username]/file1.dat or temp/[username].dat You can implement this strategy by following the symfony2 cookbock for file uploads on entities and check the function:
public function preUpload()
{
if (null !== $this->file) {
// do whatever you want to generate a unique name
$this->path = uniqid().'.'.$this->file->guessExtension();
}
}
Here is the filename generated, and you can easily set the username instead of some random "uniqueid()".
Second Question Securing files is in my opinion best implemented via a folder that is not accesible through the web. For example if you have the following structure:
myproject
app
src
vendor
web <-- your domain points to this folder
save_files
then you can store your files in the save_folder that it is not accesible via direct web access. In your application / controller you can access it via the filesystem or use some abstraction like the KnpGaufretteBundle