I have historical data recorded in pdf files for our clients. Now I am developing a web platform (in Drupal) from where clients should be able to access this data. The problem is that i don't want this files to be available to anyone else than the user to whom the information belongs.
My question is if it's possible to give access to some files or folders to specific users in Drupal. Because the alternative would be to create a Role for every user which is not practical.
At the end I found a solution that covers all my needs. I created a custom page template for the page from where i want to access the files (ex. node--4.tpl.php) that catches the username and generates a cookie with it:
global $user;
$username = $user->name;
$cookie_name = 'cookie_name';//
$cookie_value = $username;//
setcookie($cookie_name, $cookie_value, time() + (3600), "/");
Then I create a .htaccess file in each user's folder that contains this code:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !cookiename=username [NC]
RewriteRule .* http://alternativepath/ [L]
So only the user who's username is like the username i ask for in the htaccess can access the folder. In my case I ask for another field, not the username, but this should be enough as a simple example.