Protecting Your Documents
Download Permissions
When a user attempts to download a generated PDF, Legal Signing does a series of checks to see if the user has access to the PDF. If the user or PDF passes one of the following checks, they are granted access to download the PDF.
- The PDF has Public Access enabled.
- The URL contains a matching file signature. This signature (previously referred to as the token) can be included using the {legal_signing} merge tag.
- Users with access to the forgravity_legalsigning_view_generated_pdfs capability.*
- User who submitted the Gravity Forms entry and was logged in when the form was submitted.
- User who submitted the Gravity Forms entry and was not logged in when the form was submitted.**
Notes:
* By default, this capability is only enabled on users with the Administrator or Super Administrator role as part of the capabilities Gravity Forms extends these roles by default. If you’d like to give it to a lower user role, you’d need to add this capability to that role using a role management plugin like Members.
You can change also the capability Legal Signing checks for using the fg_legalsigning_view_pdf_capabilities filter.
** This requires the user to have the same IP address as the submitter of the Gravity Forms entry and be attempting to download the file within 20 minutes of form submission.
If you do not log IP addresses, the user will not be able to download the file.
You can use the fg_legalsigning_logged_out_timeout filter to modify how long after submission the user can download the file.
Direct File Access
Generated PDFs are stored in your WordPress’ file system within the Gravity Forms upload folder.
When the Legal Signing folder is created, an .htaccess file is created that denies direct access to the directory listing and the files within. This will protect websites on Apache and Litespeed web servers. Other web servers, like Nginx, will require a modification to the server configuration to block access to that folder as follows:
Legal Signing checks if the generated PDFs folder is accessible once per week. If it is, a dismissible warning will be displayed on all Gravity Forms page to notify you.
Using the fg_legalsigning_base_path filter, you can change where the Legal Signing folder is located. If you are unable to block public access to the default folder, this filter can be used to move the Legal Signing folder outside of your public directory. Legal Signing stores the direct file path as part of the PDF meta.