Trayer February 2016

Laravel 5 Filesystem - Directory Permissions

I'm writing a Filesystem with a Login System at the moment in Laravel 5 and at the moment every User can create folders and upload files but, when I copy the path from the folder "A" from User "1" and log out and login with User "2" and paste the path in the Browser , I have acess to folder "A" from User "1". I want that only the person which create the folder can open it and Upload files. I want a authentication via a User ID that checks if the currently user who is trying to open the folder/path is the creator and have the permission to do that.

public function mkdir(Request $request) {
    $validator = Validator::make ( $request->all (), [ 
            'dirname' => 'required|max:20' 
    ] );

    if ($validator->fails ( $request )) {

        return redirect ( 'filesystem' )->withErrors ( $validator )->withInput ();
    } else {
        $id = Auth::user ()->id;

        $dir = $request->dir . "/" . $request->dirname;

Answers


bretterer February 2016

Trayer:

Because folder structure and ownership of the folder is set to users on the server, doing something like this without some sort of database is not possible. What I would suggest is something like what noodles_ftw suggests.

Create a table folderPermissions and in this folder, it would have a couple columns. owner, path

Owner would be the id of the user that created the folder, and path would be the path to the folder.

Next you would create some sort of middleware or other check to say baiscally the following

// get current user id
// get folders owned by that user
// if user is not allowed to view folder
    // return an error letting them know

// continue to do what you need to do with the folder

This will allow you to run your checks and even alert that a user tried to access a folder that they were not allowed to access.

One of the other options you have here is to use the servers .htaccess and .htpasswd files. This would allow you to set up a list of users allowed to get into the folder. you would want to create these files when a user creates new folders. Use the users password and username from the database when generating the .htpasswd file for the user.

Find more information about this solution from the documentation

Post Status

Asked in February 2016
Viewed 3,389 times
Voted 6
Answered 1 times

Search




Leave an answer