I have a system where employees can upload files. There are three ways:
Upload to my account in public, private or secure mode
Upload to my department account in public, private or secure mode
Upload to my organization’s account in public, private or secure mode.
where accessibility is visible to everyone, confidential only to a group or person, and protected for everyone in the organization.
All files for the organization are stored in a directory, for example, / files / <organizationId> /, on a file server as
files for + - 234809
| + Img1.jpg
| + Doc1.pdf
+ - 808234
| + doc2.pdf
I keep the file path and privacy level in the database. Thus, I can control whether the link to the file URL is displayed to the user on this page.
The problem is that I have no control over the file URL ... therefore, if someone types img1.jpg in their browser address bar, there is no way to find out if the registered user has the right to see img1.jpg .
Any suggestion?
This is a Java application. However, there is a separate instance of Glassfish that acts as a file server. Since the application has not yet been released, we are ready to adopt a better file access strategy.
, , . , , , , , .
Nishant