In my Symfony 2 project, I have a page displaying information about an entity. On this page there is also a link to a file associated to this entity.
The page is secured and it can be displayed only if the user as a specific role. The expected role is not the same for every entity so it's tested dynamicaly in the Action.
My problem is that even if the page is secured, anyone can access the file via its URL. I'd like it to be downloadable only if the role matches the one for the page display.
Any suggestion on how I should do it, or where to start looking ?
Move the file outside of the public directory so it's not accessible via a URL. In the controller if a user has the correct permissions then allow the user to download the file.
You could use this in your controller:
$headers = array('Content-Type' => 'application/pdf',
'Content-Disposition' => 'inline; filename="file1.pdf"');
return new Response(file_get_contents($file), 200, $headers);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With