问题
In my Symfony2.3 project, i have a frontend website and a backend. The backend is secure by security.yml file and only role_admin user can acces backend.
Want i want now is only admin users can download pdf files stores in assets.
Is there a way to do this ?
now, all visitors can access my pdfs files by url link.
Do i have to move this pdf to another folder? or use an htaccess maybe?
回答1:
You need to store these files in a location that is not directly accessible through your webserver. (i.e. not in the web folder or one of it's subfolders)
Then create a controller/action that checks for the permission to download (i.e. a certain user-role) before serving the file.
Read the documentation chapter Serving Files for a quick overview of how you can serve files in symfony2.
回答2:
Add a role, something like ROLE_ACCESS_PRIVATE ASSETS and assign it to the admin user. Do the check for that permission in the code like any other.
Edit: This is assuming, of course, that a controller stands in the way of these files.
来源:https://stackoverflow.com/questions/20396653/symfony2-access-private-files-as-admin-user