Control access to documents [duplicate]

0

I'm creating an application to manage files, the files are being saved in a local directory "localhost / uploads ...", I have a "documents" table with a "file-url" field, where I save the file path, too I have my user table, now I need to define which user can view / download / list a particular document ...

Ex: formular.doc - can be viewed by user CARLOS, MARCOS and LUCAS ...

If anyone knows how I can do this, I'm using codeigniter, I have no idea how to do this, I'm desperate.

Thank you in advance!

    
asked by anonymous 08.10.2017 / 16:27

1 answer

0

@ luan-loved what you can do is first create a link table between the user and the document.

Sample Table:

CREATE TABLE 'viculo' (
'id_vinculo' int(11) NOT NULL AUTO_INCREMENT,
'id_documento' int(11) NOT NULL,
'id_usuario' int(11) NOT NULL,
PRIMARY KEY ('id_vinculo')
);

And then in Codeigniter's "controler" in the function that you use to handle the download, before downloading, you load a "model" that will have access to the "link" table, and call a function in the "model "which checks whether the user has a link to this document, this function returns TRUE or FALSE.

Sample Model

class Viculo_Model extends CI_Model{
    var $table = 'vinculo';
    public function verificar_vinculo($documento,$usuario){
        $this->db->where('id_documento =', $documento);
        $this->db->where('usuario =', $documento);
        $this->db->get($this->table);
        $query = $this->db->get('usuarios');
        $vinculo = $query->row(0);
        if(!$usuario) return false;         
        return true;            
    }
}

If TRUE continues with the download, if FALSE redirects the user to a "view" informing the user that he is not allowed to download.

Controler Example

$this->load->model('vinculo_model');
$vinculo = $this->vinculo_model->verificar_vinculo($documento,$usuario);
if ($vinculo) {
    // coloque aqui o a função de realiza o download
} else {
    // carrega view informando que o usuário não tem permissão
    $this->load->view('sem_permisao', $data);
}
    
08.10.2017 / 18:10