[MediaBundle] Non-public media files - Githubissues

enhavo / enhavo

Modern CMS with shop features based on fullstack symfony and sylius components

https://www.enhavo.com/

MIT License

86 stars 30 forks source link

[MediaBundle] Non-public media files #1642

Open FabianLiebl opened 2 years ago

FabianLiebl commented 2 years ago

Media files connected to non-public entities are always available if you know their url. If these files are indexed by search engines or manually linked by other sites, they will still be valid after the containing entity has been set to private.

Possible solutions:

Public flag on File entity, cascaded from parent entity. High performance, but possible cause for synchronization problems.
Symfony Voter system whenever a file is supposed to be displayed. Slows down performance on File display (SEO relevant), but less error prone and good flexibility/code quality.

indivisualvj commented 4 days ago

@FabianLiebl can this be done by overwriting enhavo service enhavo_media.security.default_authorization_checker using a custom AuthorizationCheckerInterface?