Tell us what you are trying to do?
- We create a post type with a custom File field "File Upload" for users to upload their sensitive document.
- Files are uploaded well but they are available for public access. For example hidden link
- We want only admin and file author to be able to access the uploaded file.
- We prefer secure and reliable solution that integrates well with Toolset. Specifically, we would like to tell Toolset to save files to non-public directory, generate unique ids for them and provide interface (script) for downloading them using their ids.
Is there any documentation that you are following?
- NA.
Given that this is a component of wordpress itself then Toolset doesn't have any control over the media files on the website and a purely wordpress based solution is needed.
We prefer secure and reliable solution that integrates well with Toolset. Specifically, we would like to tell Toolset to save files to non-public directory, generate unique ids for them and provide interface (script) for downloading them using their ids.
This may be possible to achieve but it would require the use of custom code to achieve. Unfortunately custom coding is outside of the support scope of our Forum.
I hope the plugin was able to resolve this issue for you.
1. Does this https://wordpress.org/plugins/prevent-direct-access/ plugin integrate with Toolset? Can we install and configure this plugin so that files uploaded using a Toolset form can be accessed only by admins and authors?
2. Can we configure Toolset so that files uploaded using a Toolset form can be saved to a specific location?
1. Does this https://wordpress.org/plugins/prevent-direct-access/ plugin integrate with Toolset? Can we install and configure this plugin so that files uploaded using a Toolset form can be accessed only by admins and authors?
I'm not aware of any of plugins of these type being integrated with Toolset. As mentioned this solution is for restricting the media library, so the plugin itself would need to only allow Access by admins and Authors.
Based on the plugin's video overview this seems to be possible to allow the admins to have access to the files. hidden link
However it seems to not be a part of the free version. You would require the Gold membership for user role option.
2. Can we configure Toolset so that files uploaded using a Toolset form can be saved to a specific location?
No you are not able to do this. The files uploaded with Toolset will be saved in the area that is set as your media directory.
We can buy this https://wordpress.org/plugins/prevent-direct-access/ plugint. However because our files are uploaded using Toolset form, we need uploaded files to be configured by Toolset custom code so that only admins and file owners (uploaders) can view it. This must be done automatically right after files are uploaded and saved by Toolset form. Configuring permissions manually is not appropriate for us.
Does Toolset have any filter or event to achieve this capability?
Does Toolset have any filter or event to achieve this capability?
No Toolset doesn't have a hook that can be used to achieve this.
Secondly the Prevent Direct Access plugin will restrict all the uploaded files based on the permissions that you set in the plugin itself. So even if you are uploading the files through our Toolset plugins, the setting from the Prevent Direct Access plugin should still apply since Toolset is saving the files in the media library.
Any plugin that applies permissions and restrict the media library files, it will also affect the files that are uploaded by Toolset .
Please let me know if this provides a bit more clarity for you.
Given that Toolset itself doesn't allow you to prevent direct access to the media files then the solution will definitely come from 3rd party sources.
Once you've gotten a chance to try out the plugin then you can go ahead and mark this ticket as resolved.
Secondly you can also setup a clean website with just toolset and the Prevent Direct Access plugin in order to test out its functionality while you wait for Beda to resolve your file upload issue.
