Closed seminarian closed 4 years ago
you should also add a url param to ur custom disk
On Fri, Mar 6, 2020, 9:34 PM seminarian notifications@github.com wrote:
In config/mediaManager.php there's a possibility to configure the used storage_disk:
/* * filesystem disk */ 'storage_disk' => 'file-manager',
I've set up a a custom storage disk with following configuration:
'file-manager' => [ 'driver' => 'local', 'root' => storage_path('app/file-manager'), ],
The reason for this is that in our web application files should not be accessible for unauthenticated users, hence not storing in the public driver.
After changing this I noticed file downloads were not possible anymore and Image Editor didn't load images as well previews in other places.
Is securing files from public download not supported currently? Or am I missing something here?
Thank you for your effort on the libary and your time.
Semi
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ctf0/Laravel-Media-Manager/issues/141?email_source=notifications&email_token=ABYLXODAF7HYQGA7KEMPEX3RGFF3DA5CNFSM4LDGQ4R2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4ITGLHLQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABYLXODUM37HSNFXWRHCNQLRGFF3DANCNFSM4LDGQ4RQ .
Would this mean that the files need to be publicly accessible or can they protected via a Controller action?
I've extended MediaController
and am using that controller, it contains following action:
/**
* download file.
*
* @param Request $request [description]
*
* @return [type] [description]
*/
public function downloadFile(Request $request)
{
$file = json_decode($request->file, true);
return response()->download(storage_path('app/file-manager/'.$file['storage_path']), $file['name']);
}
I've also added authentication middleware to all the /media/*
routes.
I'm relatively new on Laravel and I'm a bit confused. Could you elaborate a bit on how I should make it work?
Also the Laravel docs mention the following:
Remember, if you are using the local driver, all files that should be publicly accessible should be placed in the storage/app/public directory. Furthermore, you should create a symbolic link at public/storage which points to the storage/app/public directory.
Remember the point is that files are not publicly accessible without authentication of some sort.
the manager is built around the general idea of a media manager, specific cases like urs is beyond what the package can do, however thats why u r free to change the controller in any way u see fit.
here what the package can do for the access restrictions
https://laravel.com/docs/6.x/filesystem#file-visibility In Laravel's Flysystem integration, "visibility" is an abstraction of file permissions across multiple platforms. Files may either be declared public or private. When a file is declared public, you are indicating that the file should generally be accessible to others.
if you think this is a limitation, PRs are welcome.
In
config/mediaManager.php
there's a possibility to configure the usedstorage_disk
:I've set up a a custom storage disk with following configuration:
The reason for this is that in our web application files should not be accessible for unauthenticated users, hence not storing in the
public
driver.After changing this I noticed file downloads were not possible anymore and Image Editor didn't load images as well previews in other places.
Is securing files from public download not supported currently? Or am I missing something here?
Thank you for your effort on the libary and your time.
Semi