I have historical data recorded in pdf files for our clients. Now I am developing a web platform (in Drupal) from where clients should be able to access this data. The problem is that i don't want this files to be available to anyone else than the user to whom the information belongs.
My question is if it's possible to give access to some files or folders to specific users in Drupal. Because the alternative would be to create a Role for every user which is not practical.
Check out this answer from Alex: https://stackoverflow.com/a/9850031/974809
It relates to the Drupal's files document: https://www.drupal.org/documentation/modules/file
Specifically the section "Managing file locations and access" which explain how to create private files.
Basically, you could do something like this:
At the end I found a solution that covers all my needs. I created a custom page template for the page from where i want to access the files (ex. node--4.tpl.php) that catches the username and generates a cookie with it:
global $user;
$username = $user->name;
$cookie_name = 'cookie_name';//
$cookie_value = $username;//
setcookie($cookie_name, $cookie_value, time() + (3600), "/");
Then I create a .htaccess file in each user's folder that contains this code:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !cookiename=username [NC]
RewriteRule .* http://alternativepath/ [L]
So only the user who's username is like the username i ask for in the htaccess can access the folder. In my case I ask for another field, not the username, but this should be enough as a simple example.