Thread

I currently use a CMS by SoftIdiom which is a Perl based CMS. I am looking to move to a PHP based CMS and am looking at quite a few. ExpressionEngine has risen quickly to the top.

What I cannot seem to work out is if EE can support the following functionality.

A common requirement is to Upload PDF and Word Docs. Currently I can do that along with some META DATA but…

Once Uploaded I want to restrict the access to these files based on members or membership groups. Anyone not in teh group cannot access the file and when a user searches the Articles/Assets they are not displayed to non-members or memebrs of a group without appropriate permissions.

Also - yes there is more - any PDF or Word doc must be able to have Comments attached to that entry. So users can say if it was useful or appropriate (not those specifically but that sort of idea).

Hope that makes sense…

Kind regards,

Mark

It depends on how secure you need them to be.  ‘Out of the box’, it would be very easy to enter each doc as a weblog entry- or multiple docs uploaded with a single entry.  Put the url in a custom field(s).  Then- you could set it up so only logged in members- or members in a specific group- can see that content.  There are a LOT of ways to do it- the wiki talks about access restrictions on templates- sometimes I’ll use a custom status of ‘private’ if some content is public and some is private- then use conditionals so only members see the public content.  You can do that on a per article or per field basis- depending on what you need.  If the search needs to work differently for members/non-members, I’d likely do it via status- include the private status for members, exclude it for non.

The above is simple- and it will allow commenting and searching just like normal- it just allows you to prevent non-members from seeing specific content.  What it doesn’t do is prevent them from downloading the material if they know the direct link to the pdf.  So if they can guess, or if someone sends it to them, the docs themselves aren’t restricted.  (Of course, someone could just send them the doc if they were going to send them the link, so not sure it matters.)  However- if you need a higher level of protection on the docs, it would take some custom coding to do it.

Make sense?  And have you tried one of the trial options?  Those provide a good way to get the feel for how you might approach restricted content using EE.

Hi, Thanks for the response - Yes - I really need for the PDFs and Other Resources to be unreachable by using a URL/Path to the PDF. In other words - they need to be out of the Web Root (I guess) Uploadable to there but delivered by a Script which has access to the Secure Directory based on the logged in (validated)users choice.

Fairly new to all this so apologies if I am not making sense.

Ah- that would take some custom coding.  That said- I do it on several sites via a custom module.  I don’t keep up the public version all that well- and with it, I use htaccess to prevent direct access to the file rather than putting it above root- because the standard file upload gave me trouble getting above root.  I can link you to it if you’d like to check it out, though.  We use it in production (‘we’ is not ‘EE’), but I tend to tweak my personal code a fair bit.

Short answer- it’s not ‘out of the box’, but with a little php know-how, it’s not difficult to do.

Hi Robin, Yes htaccess - forgot - I have a little PHP knowledge - really small amount but learning more every day. The more I learn the more I need to learn. Yes a link to the code would be good. Just knowing it was within the realms of possibility helps me at this stage too.

Trying to get to grips with CodeIgniter too. Every thime I think I have it something new pops up to make me re-consider 🙄

Thanks for your responses.

Mark

Heh- yep, I’ve been reading up on my javascript trying to learn that one, so I know exactly how you feel.  OK- public script is here- logic is pretty simple.  Feel free to riff off of it as needed.  I do believe it’s in operation on that site, so you’ll likely need to login to get it.