I'm using the Upload property editor in a member type so that we can upload documents for that member to view.
The default configuration is working fine however the URLs of the uploaded content is publicly accessible.
I thought a solution was to add an event handler for when a Media is saved and I could then put some logic in the handler to automatically set permissions on the uploaded document, however when adding an event handler for MediaService.Saved it is not called when the Upload property editor is used, only when we interact with the Media section in Backoffice.
Does anyone know of a way to automatically, or via a handler, secure documents using the Upload property editor?
I have used it many times and it does exactly what you have described unless you want specific members to have access to their own files and not others?
So, I would probably approach this by adding a member picker to a media folder indicating that the contents should be accessible only by that member.
Then I would create a http handler which would need to check the request, find the media item, find its parent (folder) check for member id, check for member logged in, then either allow or deny
Secure upload property editor
Hi All,
I'm using the Upload property editor in a member type so that we can upload documents for that member to view.
The default configuration is working fine however the URLs of the uploaded content is publicly accessible.
I thought a solution was to add an event handler for when a Media is saved and I could then put some logic in the handler to automatically set permissions on the uploaded document, however when adding an event handler for MediaService.Saved it is not called when the Upload property editor is used, only when we interact with the Media section in Backoffice.
Does anyone know of a way to automatically, or via a handler, secure documents using the Upload property editor?
Thanks, David
Hi David,
The media protect package (licensed) is what you need. https://our.umbraco.org/projects/website-utilities/media-protect/
Jeavon
Thanks for the reply Jeavon. I reached out to Richard earlier and he replied to let me know that his plugin does not support this configuration.
I have used it many times and it does exactly what you have described unless you want specific members to have access to their own files and not others?
Ah yes, I see that is what you want. Media protect will stop public requests but won't support specific member to media permissions.
So, I would probably approach this by adding a member picker to a media folder indicating that the contents should be accessible only by that member.
Then I would create a http handler which would need to check the request, find the media item, find its parent (folder) check for member id, check for member logged in, then either allow or deny
is working on a reply...