I am creating a wp plugin which is almost like a crm system.
I wish for registered users within the backend of wordpress to be able to upload files (pdf, doc, png) and attach these files to their customer records.
I understand how to do this in terms of database and in terms of how to upload files etc.
I would like to restrict access to the files to an admin or the uploading user only. No public user or other user should be able to access these uploaded files.
Would you create a new upload folder for every user in a non-public folder and access the file only via the plugin programmatically checking the credentials?
Is there a known or better method of doing this?
Note – this is an example and needs to be fine – tuned according to your needs .
Also keep in mind that the
posts_where
filter is very powerful and it modify the query . use with caution and remove the filter if and when it is not needed.