I have a uploads file outside of the protected folder.
In here i store the images for “previous work” and i have started to store the files for users it stores quotes with their personal information) the issue is that i can browse to this location with no “access rights” meaning the files are accessible to everyone.
i have moved their location but now struggling with the simplest thing! i have this controller action but when i link to it, i just keep getting #404 page does not exists
I know using Forbidden exception isn’t the right thing just a place holder while i was testing.
public function actionViewQuote($id)
{
$model = quote::findOne($id);
$file =Yii::$app->basePath.$model->quote_path;
if(file_exists($file))
{
return Yii::$app->response->xsendFile($file);
}else{
throw new ForbiddenHttpException('You do not have permission to view this page.');
}
}