3

I use an Ajax application to upload files in a Symfony2 web application. When I upload the files, I put them in a path like:

"%kernel.root_dir%/../web/bundles/acmehome/images/uploaded"

I have a lot of troubles regarding the management of these files.

Are all the files in web directory visible/searchable/browsable? If yes, which path should I use for storage purpose in order to make them visible only for registered users?

I make this question because here the user Rook suggested not to store the files in the web root.

Community
  • 1
  • 1
JeanValjean
  • 17,172
  • 23
  • 113
  • 157

2 Answers2

0

Yes, in the default configuration, all the files are visible/searchable/browsable. You can restricted access by an .htaccess file in the directory.

I think it's a good way to move uploaded files in a not web root folder.

This topic interested me a lot.

jeremieca
  • 1,156
  • 2
  • 13
  • 38
0

What i did to manage that is to create a database entry for each upload

1 - I upload file into folder like web/upload/[month]/[day] (I protected upload folder with .htaccess)

2 - (I created a doctrine entity called upload) during the upload i create a entry with name, description, file path, file extension, owner type (the entity where i upload the file), owner id (the entity id)

3 - finally, if i uploaded my file on a "blog entity" (vendor\entity\Blog) or on a comment entity (vendor\entity\Comment), i will request all the files that belongs to.

$em = $this->getDoctrine()->getEntityManager();
        $documents = $em->getRepository('VendorBundle:Upload')->findBy(array(
        'ownerType' =>$entityName,
        'ownerId'   =>$id
    ));

This approach is very flexible an allow you to create an upload module that can goes on every kind of entity. More over, since upload are indexed, the search through search engine is much more efficient (since you can add metadata like description, name,...)

Chopchop
  • 2,899
  • 18
  • 36
  • Well, my question is more related to "where to store the files" and not to "which model use to store them". About defining subdirectories, I don't know if there is such advantage. Read [that Q/A](http://stackoverflow.com/questions/12178171/user-files-organization-in-a-web-server). – JeanValjean Nov 19 '12 at 15:35
  • The real problem with uploading file is to show to the user where it is stored on the server, cause if it's a script thing, they have to call it from url to execute it. – Chopchop Nov 23 '12 at 09:33
  • But i won't put it in web/bundles cause it's usually where we store things (according doc). I'd rather prefer web/upload/random() – Chopchop Nov 23 '12 at 09:39
  • Why should I define a random name dir? I can set a random name to the file... Moreover, If I want to deny the access to a directory I think that .htaccess should works. – JeanValjean Nov 23 '12 at 10:22
  • I know! But we are a company that does data retrieval. It is easy to get a file by name if its name has a prefixed pattern – JeanValjean Dec 03 '12 at 18:01
  • that doesnt adress the question, its still possible to access them from outside. I don't know but maybe this site can help you: http://developmentwithart.com/2012/08/29/how-to-serve-protected-files-in-Symfony2-using-X-Sendfile/ – Gigala Jun 12 '13 at 12:55