Your advice on private user document management (static resources?)

For a new site I want to create a system where each user can have private documents. The idea is that the user can upload the documents in his own folder and only he and the admin user group can see the files (and download them again).

I thought about doing it this way:

- when a new user is created I use a plugin to automatically create a folder outside of the webroot with the ID of the new user as name of the folder.
- on the user page I get the ID of the logged in user and use this to show all the uploaded files with for example the FileDownloadR addon.
- on the admin page I want to list all the files from all of the users. I loop through the users in a certain user group and for each user ID I check if there’s a folder on the server with that ID as name and use the FileDownloadR addon to show the files per user.

However there are a few extra requirements:
- the user needs to be able to add some metadata to the file (for example a PDF document), like a title and description.
- the files contain sensitive information, so it is critical that the location of the file is hidden or can’t be reached from an url (that’s why I wanted to keep the user folders outside of the webroot). Only the user that uploaded the file and the admin user group should be able to view / download the file.
- the user needs to be able to upload (and download) files to his folder from the frontend.

I read a little about static resources and they seem suitable for the first requirement, the ability to add metadata to downloadable files. However, I’m not sure if it’s possible to create a static resource from the frontend (with FormIt for example) and have a file that's uploaded through a form placed as content of the static resource. I also wonder if you can list static resources like that on the user and admin pages (also frontend).

I’m curious what way other MODX users would approach this. Do you have any advice for me? Any pitfalls that I should be aware of? Thanks for any help!

Well, I'm still trying to get this working using static resources and storing the files outside of the web root. I'm already stuck with that part though.

Here's what happens:

1) I've created a media source with the following settings:
basePath: /home/user/domains/mywebsite.com/files/
basePathRelative: no
baseUrl: [empty]
baseUrlRelative: no

The folder 'files' exists at the specified location and the rights are set to 777.

2) Now creating a static resource. I open the file browser for the static resource content field and select the media source I've just created. First thing that's weird: no files are showing. I hit the upload button, select a file and upload. This results in the following message:

The specified directory is not a directory.: /home/user/domains/mywebsite.com/files/

What could be wrong? the specified directory is there... Also tried without the slash at the beginning, and without the trailing slash. Same result. In the file tab this media source is also not showing any content (I put some test files in there so there should be content).

Hope someone can help me!

Are you sure that 777 is the proper permission? Many servers require 755 for folders and 644 for files.

Thanks, just tried with 755 for the folder and 644 for the file, but get the same error when uploading.
Could this have to do with some other server setting? Maybe it's not allowed to access files outside of the web root from within the manager?

There are so many possible server configurations that it's hard to say what the problem might be.

Check your config.core.php file and see what path it is using. Sometimes the actual path to your web root (and hence its parent directory) is not what it appears to be at first look.

Ok, thanks, I understand. But at least you don't see any errors in my initial setup, right? Tomorrow I'll try soms other things.

No, that's exactly what I do.

1. Create a folder above the web root.

2. Create a Media Source that points to that folder. Provide the same full path in the base_path and base_url. This is for a reason... while the URL has no meaning, it does cause the almost correct path to be inserted into the static resource field. All it's missing is the leading /. See the discussion below for a drawback to this method of getting the full path. Remember, static resources do not work with Media Sources. There is no facility for storing what media source is used, and there is no facility for fetching the full path from a given media source.

3. Make sure the files are binary files (.pdf, etc), flagged as such in the Content Type (Content -> Content Types), since only binary static resources are streamed with the correct HTTP headers. They should also be set as "attachment" rather than "inline". The browser may or may not trigger the expected behavior for the files if they are "inline".

Another way I've dealt with the fact that Static Resources don't work with Media Sources is to make a chunk with the same base path as the Media Source, then either the editor has to add the chunk tags before the abbreviated path that gets inserted into the field, or use a plugin to automatically prepend the chunk tags to the field before saving.

I use a chunk since if the media source's path should be changed for any reason, you don't want the full path saved in the resource's content. You would need to edit every single one of them to update the full path. Having it in a chunk makes it much easier.

If you manually put the test files there, you could have an ownership issue in spite of the file permissions. Try "chown"ing them to www-data or whatever your appropriate web user is. Another thing that I've had to do in the past (without really understanding why) is change the permissions of the directories further up the tree to be the same as you need for the directory. Of course, this may break your security requirements, but worth trying to see if that's the issue. As Susan said, there are a myriad possibilities...

Thanks Susan for your detailed explanation. It's really helpful for me to see how you have done it. I think I followed the exact same steps. Also thanks for you idea about the chunk with the media source's path, good solution. And also thanks to Robert for your ideas, I'm going to try that as well. I did manually put the test files there, so yes that could be the problem.

In the meantime I started to wonder if it's really necessary / that much safer to put the files above the web root. What do you think? The files are PDF/Word files that only certain users should see. They contain personal data of that user. I want to use static resources to represent them and to make them available for download.

I was wondering, isn't the fact that I'm using static resources already making it safer (in that the user can't see the actual location of the file - he can't right? -, so also cannot guess the location of other files from other users)? And maybe I can use .htaccess to restrict direct access to the folder (if it's in the web root).

Or would you really recommend putting these files outside of the web root? And is the fact that I have to give access to that location (with base_dir settings etc) not creating another security issue? I'm kind of lost here, so I would really appreciate your insights on this!

Yes, an .htaccess directive denying all to the directory where the files are would do the job. Having them outside of the web root is just that much more secure, but if your server is configured to make that difficult, then all you can do is the best you can do.