search

ctf0 / Laravel-Media-Manager

A "Vuejs & Laravel" Media Manager With Tons of Features
MIT License
825 stars 178 forks source link

Public access to /media routes #184

Closed activeNathan closed 3 years ago

activeNathan commented 3 years ago

Laravel version php artisan -v: 6.2 Manager version composer info ctf0/media-manager: v3.7.3

is it an issue related to installation or usage ?

Yes

what is the error you are getting ?

No visible error

Extra Info "attaching a screen shot would be very helpful"

Our site's Content/images/files are not pubic and neither is content management but, the media manager will load and display all files, minus the actual images because we lock down the image routes to auth. So any unauthenticated user can do things like change the name of the files. Anyone can do this on sites using this plugin as far as I can tell.

Do You Know A Solution For this Issue ?

Yes please, how to secure media manager routes?

activeNathan commented 3 years ago

Ok, so worked out a way to fix - so for anyone else that it may not be obvious for: You can create a controller that extends mediamanager's controller and implement auth middleware in the constructor.

ctf0 commented 3 years ago

an easier solution would be 

Route::middleware(['auth'])->group(function () {
  // MediaManager
  ctf0\MediaManager\MediaRoutes::routes();
});