Hi All, I am not sure if this is possible, but I am hoping it is... Problem:
My client's website has hundreds of members, and each member can have permissions and a user group associated with them. An administrator who has permission to manage employees, needs to be able to open documents relating to that employee, such as resume, references, etc. These documents could be .doc, .xls, .pdf, whatever. Before this system was in place (allowing members etc), they stored their documents online, and protected it with htpasswd. When I developed the current system for them, this is how I also did it. Documents are in a folder in the webroot, which is protected using .htpasswd. However... now they have requested that the .htpasswd be dynamic, so that an admin user with "manage employees" permissions has their username and password linked to it, including the password being updated whenever the user updates their password. I didn't think this was possible, and if it was, then it would be complex. Solution: The solution I thought of, was to store these documents above the webroot. So now I have got them saving to .../public/uploads instead of .../public/app/webroot/files.. etc New Problem: haha, so now my new problem, is it actually possible to access these documents? I am writing a controller method that will check if they have permission to view the document, and if they do, it should open the document somehow, either by redirect, or some other format. I am guessing perhaps there is a modification to make to the .htaccess file to allow access to these documents, but it needs to be secure enough so that someone can't just put the doc name into the url and bypass the controller. Hopefully that akes sense, if someone has a suggestion on how best to achieve this, I would appreciate it. Thanks Patrick --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
