Hello, We have a on-premise application in Mendix 6.10.2 version. We have file’s URL like http://myapp/file?guid=1234 If a user is typing this URL without being authenticated, there’s a blank page and he cannot access file. This scenario is OK. When a user is authenticated, he can type the URL and he will be able to open or download the document. This scenario is NOT OK. We want to check user’s roles to allow him or not to open or download it. I tried using RequestHandler but it seems it is already “out of the box” and seems not possible to override. I was able to add a “/hello” requesthandler which is working well. But add requesthandler “/file” do nothing. Does someone have any ideas how to handle that ? Or simply, is it something that is managed in a new version of Mendix ? An upgrade is foreseen soon but I have no idea if this point is solved or managed in a newer version. Many thanks in advance
asked
Jerome Sablon
4 answers
2
You can create an entity with a generalization of the entity System.FileDocument.
Then you simply don’t grant user access to that entity.
Yes, this is how we do it. Always use a microflow to do the download where you check the user role to see if the current user may download the file document. And where we want to show details of filedocuments we always use non persistent objects for this.
Regards,
Ronald
answered
Ronald Catersels
0
If your app is on-premise, can you update your web config file to not allow “/file?guid=1234”?
Or add a rule that rewrites the url to your custom request handler.
answered
Austin McNicholas
0
Thanks for all of your replies, but if I need to check also attributes stored in one other associated entity ? Can I add a microflow to check that ?