Instantly share code, notes, and snippets.

What would you like to do?
For Concrete5 v8, how to programmatically set file permissions so that they are only accessible by a single user plus a single group of users and are stored outside of the webroot.
use Concrete\Core\Entity\File\File;
use Concrete\Core\File\Set\Set as FileSet;
use Concrete\Core\File\StorageLocation\StorageLocationFactory as FileStorageLocationFactory;
use Concrete\Core\Permission\Access\Entity\GroupEntity as GroupPermissionAccessEntity;
use Concrete\Core\Permission\Access\Entity\UserEntity as UserPermissionAccessEntity;
use Concrete\Core\Support\Facade\Application;
use Concrete\Core\User\Group\Group as UserGroup;
use PermissionKey;
use UserInfo;
// assumes Advanced Permissions have been enabled
function adjustPermissions(
File $f,
string $fileSetName,
string $fileStorageLocationName, // for security, this should reside outside of webroot
string $groupName,
int $uID)
// add file to file set
$fs = FileSet::createAndGetSet($fileSetName, FileSet::TYPE_PUBLIC, 1);
// assign storage location
$app = Application::getFacadeApplication();
$location = $app[FileStorageLocationFactory::class]->fetchByName($fileStorageLocationName)[0];
// override parent folder permissions
// remove Guest access
$pk = PermissionKey::getByHandle('view_file');
$pa = $pk->getPermissionAccessObject();
$pe = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
// enable access by passed-in group
$g = UserGroup::getByName($groupName);
if (is_object($g)) {
$pae = GroupPermissionAccessEntity::getOrCreate($g);
$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
// enable access by passed-in user
$ui = UserInfo::getByID($uID);
if (is_object($ui)) {
$pae = UserPermissionAccessEntity::getOrCreate($ui);
$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
// apply the above access settings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment