You have documents, but want to limit the access to only logged in users, and also have some other sophisticated / complex rules in order to access the documents, then this package is for you.
This package will securely display or download to your media files.
You can install the package via composer:
composer require cleaniquecoders/laravel-media-securePublish the config file with:
php artisan vendor:publish --tag="media-secure-config"In case you want more control on who are able to access to the media, you can use the Laravel Policy. You just need to define the policy, then it's done. This package will use the policy to handle more sophisticated and complex rules accessing to your media files.
Make sure you are using Laravel Medialibrary package.
When the require_auth configuration is enabled ('require_auth' => true), the use who want to access to the media require to login.
When the strict configuration is enabled ('strict' => true), the parent model of the media ($media->model) is required to have its own policy registered.
This policy must define the access methods:
viewstreamdownload
These methods will be used by MediaPolicy to determine whether the user is authorised to access the media.
Since Spatie's Media Library uses polymorphic relationships, media items are attached to various parent models (e.g., Document, Post, User, etc.).
To enforce fine-grained control, MediaPolicy delegates authorisation checks to the parent model’s policy.
-
Create a policy for the parent model (e.g.,
DocumentPolicy). -
Define the following methods in that policy:
view(User $user, Document $document)stream(User $user, Document $document)download(User $user, Document $document)
namespace App\Policies;
use App\Models\Document;
use App\Models\User;
class DocumentPolicy
{
public function view(User $user, Document $document): bool
{
return $user->id === $document->user_id;
}
public function stream(User $user, Document $document): bool
{
return $user->id === $document->user_id;
}
public function download(User $user, Document $document): bool
{
return $user->id === $document->user_id;
}
}These methods must be defined because
MediaPolicyuses the value from theMediaAccessenum to callGate::allows($type, $media->model).
In your AuthServiceProvider:
protected $policies = [
\App\Models\Document::class => \App\Policies\DocumentPolicy::class,
];| Condition | Result |
|---|---|
strict = true |
Access will be denied if the parent model doesn't have a policy |
strict = false |
Access will be granted without checking the parent model's policy |
| Requirement | Mandatory | When |
|---|---|---|
| Parent model has a policy | ✅ | When strict = true |
Defines view, stream, download methods |
✅ | For enum-based access control |
Policy registered in AuthServiceProvider |
✅ | Required by Laravel's Gate system |
You upload / add media as documented in Laravel Medialibrary. Then to generate links:
// Get the view URL
// https://your-app.com/media/view/some-random-uuid
$view_url = get_view_media_url($media);
// Get the download URL
// https://your-app.com/media/download/some-random-uuid
$download_url = get_download_media_url($media);
// Get the stream URL
// https://your-app.com/media/stream/some-random-uuid
$stream_url = get_stream_media_url($media);composer testPlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.