I have been using Yii for a few months. I am working on a mid-size project that handles users, groups and some interaction between users (By example, users can make proposals in their groups, other users can comment on proposals, there are group moderators/administrators, and so on)
I am about to start a part of my project that involves managing user files. Basically I will handle 2 kind of files: images and pdfs. Images will be grouped in galleries, each having a name and description. Only the group administrators can create galleries (no restriction on the number of galleries) and upload files. Other users can see the pictures and files of their group only.
As I said, I have been working with Yii for some months, but I can’t find clear information on user files management. I have a few questions.
Where to store files?
Should files be stored in database? If not, what directory should I use to store files?
Is there some kind of standard for this?
What facilities are provided by Yii for file management?
What about security issues? By example, files uploaded are not public, they can only be seen inside the group they belong to.
I’m of course not mister almighty, but as far as I know, these kind of considerations are not solved by using Yii in the first place. Yii will help you with some helper classes, that’s for sure, but will not give you a full specification about where and how to store and read the files.
I have used several different setups for handling files. Each of them comes with its pros and cons. You could write them on disk, you could use a web service like AWS S3 (often called a bucket) or use a database. In case of the first two, you could keep the reference to the files with the user object in the database, in case of the latter you keep only the file itself in the database.
See the CFileHelper class which helps you storing files on disk. Storing in the database ain’t that difficult and storing with external services (such as AWS S3) often comes with its extensions.
I think you should fix that by yourself. You could, for example, create a custom CWebUser implementation that validates whether the user should have access to a given group and use that function when a file is requested. External services often use some kind of authentication as well (in terms of access keys that you could store with the user object).
I will look at the CFileHelper class you said. Is there another one you know?
And about the first question (where to store files) I think I will store them on disk, and keeping a table on db with the gallery/files info. So my question is what directory? inside or outside the protected dir? How could I access those files later (in terms of the framework)?
