Access control to files uploaded
I asked a generic question before about permissions and access control, I read the files security but I am having hard time figuring out what I need to do/understand it.
Bascially, in the consol I created a root folder called Documents.
Now every user is able to run my application and drop "their own" files. Once they upload a file, the application creates the following path/file:
The user should be able to access the userId folder and contents (since it is his files). However, another user wouldn't be able to access the files. I basically don't want someone to put the full path into the browser and view document of another user.
Please note that the userId folder is created on the spot upon the first upload so this folder does not exist before.
I tried to go to consol and go to "Documents" Role permission, and I unchecked the "notAuthenticatedUser" ( I am sure it is not as simple as that). The good thing is that the path is no longer access by simply putting in browser. But also the user is not able to upload files at all to Documents using the application.
So what is the solution to what I am trying to achieve? I hope I was able to explain the problem
Thanks a lot