We have made an ‘uploads/’ folder in ‘/basic/web/’ directory, where we store PDF reports and images.
So, the URL formed to view these files is something like; "http://<domain>/basic/web/uploads/<filename.pdf>"
Thus, URL is public and anybody having the URL is able to view files.
We need to restrict access to files;
if the user is logged-in
if user has certain permissions [authorize() is already written. We need to just give a call to this function.]
Can somebody help me with approach to restrict user access to files?