Hi,
I have to add an additional security check for some of our uploaded documents.
We are already using User Roles to restrict access, which works fine.
But, I now need to also restrict access to some docs using a new custom boolean field I've added called "Restricted" and a corresponding Member custom boolean field called "CanViewRestrictedDocs"
I'm not sure how to prevent access to the URL of the document though?
As a test, I added:
class MembersDocument extends DataObject{
[...]
public function canView($member = false) {
if(!$member) $member = Member::currentUser();
return false; // deny any user access, just as a test
}
...but this doesn't prevent logged in users from downloading the doc if they know the URL.
Thanks!