One folder to be accessible by one user

One solution might be to directly restrict access to the file on the server, but utilize a url rewrite to display the content — only if the id matches in the request. Obviously this doesn’t answer every question in the scenario but it does provide a proof-of-concept to indirectly convert a url into a file.

When you upload a file you could store a reference in the user metadata instead of having to track custom folders of content.

This essentially provides access to this file:

http://example.dev/wp-content/uploads/2015/12/8-1200x675.jpg

If user ID 1 is requesting access and is logged in

http://example.dev/api/file/1/2015/12/8-1200x675.jpg

<?php

if ( ! class_exists( 'FileRequest' ) ):

    class FileRequest {
        const ENDPOINT_QUERY_NAME  = 'api/file';
        const ENDPOINT_QUERY_PARAM = '__api_file';

        // WordPress hooks

        public function init() {
            add_filter( 'query_vars', array ( $this, 'add_query_vars' ), 0 );
            add_action( 'parse_request', array ( $this, 'sniff_requests' ), 0 );
            add_action( 'init', array ( $this, 'add_endpoint' ), 0 );
        }

        // Add public query vars

        public function add_query_vars( $vars ) {

            // add all the things we know we'll use

            $vars[] = static::ENDPOINT_QUERY_PARAM;
            $vars[] = 'file';
            $vars[] = 'user';

            return $vars;
        }

        // Add API Endpoint

        public function add_endpoint() {
            add_rewrite_rule( '^' . static::ENDPOINT_QUERY_NAME . '/([^/]*)/(\S+)/?', 'index.php?' . static::ENDPOINT_QUERY_PARAM . '=1&user=$matches[1]&file=$matches[2]', 'top' );

            //////////////////////////////////
            flush_rewrite_rules( false ); //// <---------- REMOVE THIS WHEN DONE
            //////////////////////////////////
        }

        // Sniff Requests

        public function sniff_requests( $wp_query ) {
            global $wp;

            if ( isset(
                $wp->query_vars[ static::ENDPOINT_QUERY_PARAM ],
                $wp->query_vars[ 'file' ],
                $wp->query_vars[ 'user' ] ) ) {
                $this->handle_request(); // handle it
            }
        }

        // Handle Requests

        protected function handle_request() {
            global $wp;

            $file = $wp->query_vars[ 'file' ];
            $user = $wp->query_vars[ 'user' ];

            // make sure the request ID is the same as the logged in user

            if ( ''.get_current_user_id() !== $user ){
                wp_send_json_error( array (
                    'message' => 'Unauthorized',
                    'error' => '401',
                ) );
            }
            else {

                // add the file request to the uploads directory
                $upload_dir = wp_upload_dir();
                $path = $upload_dir['basedir']."https://wordpress.stackexchange.com/".$file;

                // make sure url is readable -- if not, stop!
                if ( ! is_readable( $path ) ) {
                    wp_send_json_error( array (
                        'message' => 'Bad Request',
                        'error' => '400',
                    ) );
                }

                // get files contents
                $file_content = file_get_contents( $path );

                // get the mime type for headers
                $type  = get_post_mime_type( $file_content );

                // output headers
                nocache_headers();
                header( "Content-type: $type;" );
                header( "Content-Length: " . strlen( $file_content ) );

                // output file data
                echo $file_content;
            }
            die();
        }
    }

    $wpFileRequest = new FileRequest();
    $wpFileRequest->init();

endif; // FileRequest

Related Posts:

  1. List User order by ID in Descending order (Backend)
  2. Woocommerce display orders with products from specific categories to specific admins
  3. Forbid certain users to access a specific page
  4. Remove update nags for non-admins [duplicate]
  5. Any guides on creating custom admin pages?
  6. Remove Customize Background and Header from Appearance admin menu without CSS or JS
  7. Create a global variable for use in all templates
  8. Integrating WordPress to my website, while keeping my own authentication system
  9. How do I remove a require_once admin panel from the parent theme from the child theme functions.php?
  10. How to auto login user again after change user_login
  11. Handling error states with admin_post
  12. Showing user ID on user main page from screen options
  13. Getting the Current User
  14. How to display only logged in user’s post comments in comments area
  15. Authenticating to WordPress, using my own authentication two-factor system
  16. How to track a users progress through pages by inserting data into WordPress Database?
  17. Admin Menus – Name Menu different from first Submenu [duplicate]
  18. Add a Custom Class to Admin Menus
  19. How can I default to all WordPress roles when parameter is not included in shortcode?
  20. Creating a new page and automatically associating it with a template in WordPress
  21. there’s a way to include a minimal WP for check only the current user, its roles (caps?) and then release/free it?
  22. Delete option value from array using update_option()
  23. Add a wordpress blog to my website having users
  24. Why is this Ajax not working?
  25. How to get a list of all possible values of a specific user meta key?
  26. WooCommerce – Email admin with new user details
  27. User’s total comment count excluding comments on their own posts
  28. Selectbox in admin panel function linking to CSS
  29. User management system similar to wordpress one?
  30. Sort custom meta column by other meta value
  31. Add New User, extra fields which are required?
  32. user_profile_update_errors hook not executing
  33. Modify user profile data through scripting?
  34. Programmatically create page when saving custom post type post
  35. Do not execute If User is login as Administrator or any Specific Role
  36. Best practice for show data to one specific user?
  37. get_users meta_query: REGEXP not working for matching new lines
  38. Change CSS based on is_user_logged_in
  39. How to show a users bio on a page
  40. How can I open up my administrative panel to everyone?
  41. “operation successful” message
  42. How can I access string value in an array?
  43. php if username is role
  44. Get categories names as an array to use it in theme settings
  45. Get Page ID from Backend
  46. Is it possible to create new user from external form using REST API?
  47. Foreach loop inside an array_merge
  48. Show current user posts only
  49. show something only when user comes from specific page at remote host?
  50. Show site content based on user role
  51. Removing custom sort order from admin page listing
  52. Redirect admin 403 “Cheatin uh?” admin pages
  53. I installed WordPress locally now how do I login?
  54. php return username of currently viewed author profile
  55. How to list users like an archive page 10 users on page and have navigations
  56. Redirect to current user page upon link click
  57. Adding a ‘style=’ bit to image_send_to_editor output
  58. Get options from database using php class
  59. Use of antispambot with $curauth->email
  60. Limit ‘contributers’ abilities in WordPress
  61. How to add a custom filter (by coding) before access one wordpress page ? And where to call the custom filter?
  62. Generate a QR code when creating a new WordPress user
  63. Change wordpress’ database data using ajax – how to get current user id?
  64. Sort column in Users admin Tab
  65. Admin Panel 404 Error after login
  66. How to block specific user id in custom login form?
  67. admin panel – How to remove “delete” button from category editing page
  68. wordpress email checker on domain
  69. Call WP Rest-Api to GET /users/me returned NOTHING in console
  70. If user has clicked link add class and store using PHP/WordPress
  71. Store data from JavaScript object to custom table in user account
  72. How to change the value of a variable using input field?
  73. How do I track which user clicked my button?
  74. Access to “My Site” is missing from the admin bar
  75. Use WP user status (logged_in) to manage access to independent application
  76. Query to show average # of months all accounts with specific role have been active
  77. wordpress more than one ajax request at the same time issue
  78. Editable Student file associated with basic User ID
  79. Adding users to another blog
  80. Changing WordPress author name in database
  81. Private messaging – Getting and displaying the avatar/url of a message recipient
  82. Updating custom user meta
  83. Update only some custom user fields
  84. Dynamic form variables for post meta
  85. main menu page redirects to user ID
  86. Shortcodes (with a space) added to php Sample
  87. Image not displayed
  88. Get author meta of all writers
  89. Let users register weight each day and save it in DB
  90. How to post data to a word press site in case of a mobile app
  91. Parse error: syntax error, unexpected ‘}’ in C:\wamp64\www\Proiect\aplicatie\user_check.php on line 18 [closed]
  92. You do not have permission to access this document on form submit
  93. WP query with variables gives no result for specific user
  94. Import users and custom user meta from csv
  95. How to lock users account until approvation
  96. rest_cannot_create_user – Sorry, you are not allowed to create new users. CURL WORDPRESS REST API
  97. Getting invalid user ID error when creating a new user with wp_insert_user
  98. How to create a User Role and give permission to only use Web Stories plugin?
  99. AJAX WP_Query’s order and orderby parameters not working
  100. How to add custom user role into wordpress