It is great that SilverStripe can restrict access to individual pages based on group membership, but is there any way to restrict access to files based on group membership? For example, I would like to have a Members Only section for my organization. On that page I would like to put a link to a membership roster that is in PDF format. I know I can restrict access to the page that has the link, but if someone types in the URL for the attachment directly they will have immediate access to the file. Is there a way to control access?
Wouldn't it be easier just to use .htaccess file and use Basic authentication? What is the additional benefit from using silverstripe Users?
With .htaccss you would have to maintain two user databases; in my case I am dealing with about a hundred users broken up into five groups. Each group needs access to different files. Maintaining .htaccess accounts and SilverStripe accounts for all users would be a nightmare.