Protecting Your PDFs
Download Permissions
When a user attempts to download a generated PDF, Fillable PDFs does a series of checks to see if the user has access to the PDF. If the user or PDF passes one of the following checks, they are granted access to download the PDF.
- The PDF has Public Access enabled.
- The URL contains a matching file signature. This signature (previously referred to as the token) can be included using the {fillable_pdfs} merge tag.
- Users with access to the forgravity_fillablepdfs_view_generated_pdfs capability.*
- User who submitted the Gravity Forms entry and was logged in when the form was submitted.
- User who submitted the Gravity Forms entry and was not logged in when the form was submitted.**
Notes:
* By default, this capability is only enabled on users with the Administrator or Super Administrator role as part of the capabilities Gravity Forms extends these roles by default. If you’d like to give it to a lower user role, you’d need to add this capability to that role using a role management plugin like Members.
You can change also the capability Fillable PDFs checks for using the fg_fillablepdfs_view_pdf_capabilities filter.
** This requires the user to have the same IP address as the submitter of the Gravity Forms entry and be attempting to download the file within 20 minutes of form submission.
If you do not log IP addresses, the user will not be able to download the file.
You can use the fg_fillablepdfs_logged_out_timeout filter to modify how long after submission the user can download the file.
Direct File Access
Generated PDFs are stored in your WordPress’ file system within the Gravity Forms upload folder.
When the Fillable PDFs folder is created, an .htaccess file is created that denies direct access to the directory listing and the files within. This will protect websites on Apache and Litespeed web servers. Other web servers, like Nginx, will require a modification to the server configuration to block access to that folder as follows:
Fillable PDFs checks if the generated PDFs folder is accessible once per week. If it is, a dismissible warning will be displayed on all Gravity Forms page to notify you.
Using the fg_fillablepdfs_base_path filter, you can change where the Fillable PDFs folder is located. If you are unable to block public access to the default folder, this filter can be used to move the Fillable PDFs folder outside of your public directory. Fillable PDFs stores the direct file path as part of the PDF meta. If you move PDF files created prior to Fillable PDFs 2.3, they will be inaccessible.