About Secure File

Store one or more files in a customized location, e.g. outside of the web root

Category 1Field Types
Fieldtype modules that represent a data type used by fields.
Category 2Other Modules
Modules that have a unique purpose not covered by existing categories.
Category 3Users and Access
Modules dealing with access in ProcessWire via Users, Roles or Permissions.
Release StateBeta
Close to stable, but users are advised to be cautious and test thoroughly.*
Authorwanze
Module Version1.0.2
Class NameFieldtypeSecureFile
Compatibility2.6, 2.7
Date AddedAugust 14, 2015
Last UpdatedMarch 28, 2017
Recommended ByNew recommendations may take up to 1 day to appear.

Instructions

This module's files should be placed in /site/modules/FieldtypeSecureFile/
How to install or uninstall modules

README

{:"aria-hidden"=>"true", :class=>"octicon octicon-link"}FieldtypeSecureFile

A ProcessWire Fieldtype storing files in a customized location, outside the web root. This module is primarily useful if you need to store sensitive data which should not be accessible directly from the web. Normally, ProcessWire stores all files under /site/assets/files. Direct URL access to these files can be restriced by setting $config->pagefileSecure = true. Still you need to make sure that your template permissions are setup correctly.

{:"aria-hidden"=>"true", :class=>"octicon octicon-link"}Installation

Please take a look at the following guide: http://modules.processwire.com/install-uninstall/

{:"aria-hidden"=>"true", :class=>"octicon octicon-link"}Configuration

After installing this module, you can create a new field of type SecureFile. Enter your configuration under the "Details" section when editing the field:

  • Storage Location Enter a path outside the web root where the files are stored. You need to create the directory manually. Also make sure that the user running the web server has write permission.
  • Roles allowing to download a secure file Users with a role selected here are able to download the files if a download is requested via the API.
  • Allow Download in Admin If checked, users having a role selected above can download the files when editing a page.

{:"aria-hidden"=>"true", :class=>"octicon octicon-link"}API

If you want to download a secure file, you can call PagefileSecure::download(). This method also makes sure that the current user is allowed to download the file, according to the permission configuration.

Example:

$secureFile = $page->secureFiles->first();
$secureFile->isDownloadable(); // Returns true if the current user is allowed to download
$secureFile->download(); // Performs the check above and delivers the file via the wireSendFile() function

Comments

No comments yet. Be the first to post!

Post a Comment

Your e-mail is kept confidential and not included with your comment. Website is optional.