How can I serve files from the filesystem but enforce user authentication?
Posted on 2012-03-15
So I want to upload files to domain.com/secure/attachment/<attachment_id>/<attachment_filename>.<extension>. So if a user_a uploads "screenshot.jpg" it would live at domain.com/secure/attachment/5154234/screenshot_5154234.jpg. If the user_a wanted to view this file they could navigate to this url in their browser. My question is, how can I serve these files from the filesystem while enforcing user authentication/authorization so that user_a can view the file because they're authorized and logged in to the system but user_b can't because either 1) he isn't logged in or 2) he's not authorized?
As a real life example, JIRA implements this method.
As a side note, this seems interesting because, how could your run this kind of logic when the uri is to a jpeg and not a php script.
Please include code examples.