[ic] Restricting access to PDFs

[Grant]

> > I'd like to limit the display of PDF files to admins.  I've put my
> > PDFs in a directory below the docroot and set up apache2 to require
> > authentication to access that directory.  The whole thing works fine,
> > But I was wondering if there might be an IC way to do this?
> Sure is.
>
> In your "pages/" directory, create a directory to hold your PDFs. In
> that directory, drop in two files: ".access" and ".access_gate".
>
> ".access" is an empty file that tells IC to look at ".access_gate" when
> gating access to requests within this directory.
>
> ".access_gate" contains a simple list of rules that define what content
> is available to a user, where the left side defines what pages in that
> directory are effected and the right side defines an expression that
> should return true or false.
>
> So - say your admins have a session variable set that's "is_admin", your
> access gate might look like:
>
> public_pdf.pdf : 1
> * : [data session is_admin]
>
> The file "public_pdf.pdf" would be available to everyone. Everything
> else would be only available to sessions that have "is_admin" set to a
> true value.  The * applies to all pages in this directory.
>
> The only caveats I've found - rules you apply in a parent directory
> don't apply to a child directory, so if you've got a tree of pages you
> need to drop ".access_gate" and ".access" files into each one.
>
> Docs here:
>
> http://www.icdevgroup.org/doc/icadvanced.html#Controlling%20Access%20to%20Certain%20Pages
>
> But - in my experience, this is pleasantly easy.
>
> As to HTTPS only access - try tweaking AlwaysSecure in your catalog.cfg.
> That'll make ic link to the directory always with a secure link.  You'll
> still probably need an Apache Rewrite rule, though, to keep direct
> accesses to PDFs under HTTPS.
>
> -DJCP

That sounds right on.  Do you know in what version of IC this was
implemented?  Thanks a lot for the tips.

- Grant