I’m facing an issue that specific URLS are available for everyone, these URLS contain sensitive file and should be displayed only for that specific customer.
For example:
John123 has an invoice that is stored under the URL domain.com/files/34873478.pdf
But if anyone on the internet paste this url in the search, will be able to see the PDF.
Does anyone know how can I solve that? I will try to implement a user checker, to make sure that page will only be accessible if that 34873478
code matches with the customer owner.
Where can I do that? On model? Controller?
What classes should I use?
Does anyone know saw a similar snippet of code or question?
Thanks