I have an ACL controlled application that uses the Media plugin to upload files to /app/webroot/media
. When a file is uploaded, the dirname, basename and file name are written to the database.
I'm looking for a way to restrict access to /app/webroot/media
, allowing users to only view the files associated with their user id after they have signed in. Currently, users can access other user's files which is not at all ideal. Is there a best practice for this as far as CakePHP is concerned?