Search code examples
cakephpuser-managementfile-access

CakePHP: Access private folders after authentification

I'm looking for a CakePHP best practice to serve folders/files to clients after they are authentificated. I know it's simpler to use a .htpasswd/.htaccess based solution but i wonder for a better way.

What is it for?

I want to create a client-area where authenticated clients can see contents of there private folder(s). E.g. to test some static html templates before CMS Integration or upload some documents like commented screenshots or pdf files.

A usecase could be:

  • Create a new client (only by admin)
    • Generate Login credentials for different user of the same client
  • Create a new client folder (only by admin)
  • Upload some static html to the client folder
  • After login the client can access the folder and view the html
  • After logout access to the static files is restricted

Any suggestions?

Solution

  • I think the easiest way is to use a database structure for this.

    The files are stored on the server anyway, where does not matter.

    This is how you do:

    1. Create a table in the database called DataFile (due "File" causes problems with the Cake "File" class). Fields should be something like: id, data_folder_id, name, size, mime_type etc. Use what fits your needs.

    2. Create a table in the database call DataFileFolder. Fields here: id, parent_id, name, visible. Same as above, whatever fits your needs.

    3. Create an association key in the client table or a whole assocation table if needed. (For example: one client and 50 folders in different places). Be aware of the assocation you create. If you use Client->DataFolder the client has automatically access to all files within that folder.
    4. Bake models and a FileController with an index frontend method and admin actions as well as views.
    5. Optimize admin methods for creating either a file or a folder record.
    6. The index method for the frontend has one parameter which represents the folder id. You output each an every folder and file in the folder starting with the first the user is allowed to access. You could also just ouput a list of folders the user is allowed to access in case these folders are on different levels of the new "file manager". You have to check permission on each an every new page call for the given folder id. But that's clear, i think.
    7. Implement a download method for the files based on the media view mentioned above. This should be it.

    I think this is the best and easiest way to control the access for such folders. Due there are some limitations if it is not your server by post_max_size etc. you should maybe think about an external script (or write it on your own if you have the time ;)) to load those file over ftp.

    You could also think about a folder accessible on your ftp to upload files. In the "new file" dialog in backend this folder will be outputted and you can include the file into the system by just copying it (via PHP of course). Advantage: only one upload (though it only be two if you are using the ftp upload method mentioned before this).

    If you are just into sharing files with clients and those clients are not going to have access on anything else based in your cakephp project just use ftp with a folder for each client. Faster and easier to handle because you can send them urls like "ftp://username:password@yourserver.com" and done. They are logged in, they can view the html files due they are accessing the ftp via the browser and it should be noob safe.

    Hope anything of this will feed your needs :)

    Greetings func0der