symfony2以管理员用户身份访问私有文件 [英] symfony2 access private files as admin user
问题描述
在我的Symfony2.3项目中,我有一个前端网站和一个后端.后端由security.yml文件保护,只有role_admin用户可以访问后端.
In my Symfony2.3 project, i have a frontend website and a backend. The backend is secure by security.yml file and only role_admin user can acces backend.
我现在想要的是只有管理员用户才能下载资产中存储的pdf文件.
Want i want now is only admin users can download pdf files stores in assets.
有没有办法做到这一点?
Is there a way to do this ?
现在,所有访问者都可以通过URL链接访问我的pdf文件.
now, all visitors can access my pdfs files by url link.
我是否必须将此pdf文件移动到另一个文件夹?或使用htaccess吗?
Do i have to move this pdf to another folder? or use an htaccess maybe?
推荐答案
您需要将这些文件存储在无法通过Web服务器直接访问的位置. (即web
文件夹或其子文件夹之一中的不是)
You need to store these files in a location that is not directly accessible through your webserver. (i.e. not in the web
folder or one of it's subfolders)
然后创建一个控制器/操作,在提供文件之前检查下载权限(即某个用户角色).
Then create a controller/action that checks for the permission to download (i.e. a certain user-role) before serving the file.
阅读文档章节 服务文件 ,以快速概述如何在symfony2中提供文件.
Read the documentation chapter Serving Files for a quick overview of how you can serve files in symfony2.
这篇关于symfony2以管理员用户身份访问私有文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!