I am creating a content management software where admins are able to attach documents which the user would be able to see ont the website.
There are 2 types of users public and members. The admin can specify if the want everybody to see the doument or just the user. Now the problem is that
I store all the docments in one directory /attachement/documents whether private or public. The website takes care of what to show if they are logged in and what not to show.
but if they get the url of the docment such as http://xxx.com/attachemnets/docments/privatedocument.doc they would be able to open it even if they are not logged in.
Now what i need is a way to distinguish private and public documents. Would anyone have any good idea regarding this