Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Edris89's avatar

How to get in Laravel 5+ the users private storage file

Hi there I am using Laravel 5.6 and Image Intervention Package. I am making a photo website in laravel. The user can upload a picture, the picture is then stored in storage/app/original-photos/account/.$user_id./$filename as a original picture. Then Image intervention makes a thumbnail of that same picture and stores it in public/storage/original-photos/account/thumbs/.$user_id./$filename

I created a symlink and also when I store the picture I set the visibility of the original picture to private. All of it is working. But say a user wanted to see his original picture but it must NOT be accessible by typing or copying the link to the photo in the browser. So when I am logged in I can access the picture. If I log out I can't access the picture I says that I must login. If I am a different user I cannot access the picture aka link of the other user. So its working.

But I don't wan't to be accessible by the link even if I am logged in as the correct user. Is there some other way? I also don't wan't it to download just to view it. Later I will add a download button but not for now.

This is the function I made.

public function original($id) { $photo = Photo::findOrFail($id); $user = Auth::user()->id; $filename = ('app/original-photos/account/'.$user.'/'.$photo->photo); return response()->download(storage_path($filename), null, [], null);

}

Can somebody help me out with this one? Any help is appreciated !

Thanx alot in advance.

0 likes
2 replies
bobbybouwmann's avatar

If you just want to display the image without revealing the real path to the image you can do something like this:

// view
<img src="{{ route('image.profile', $user->slug) }}" alt="{{ $user->name }}">

// controller
public function profile($user)
{
    $user = User::with('profile')->where('slug', $user)->firstOrFail();

    $path = storage_path($user->profile->image);

    return response()->file($path);
}

This way you will have a custom route that will fetch the correct path and simply return the file. This is the easiest way to achieve what yuo want ;)

Edris89's avatar

Hi bobbybouwman, NL?

Denk dat je nederlander bent haha. Typisch nederlandse achternaam haha.

I am gonna type in english cause that would be helpful to others.

BTW thnx alot for the help.

At this moment when I log in and I wan't to see my original photo, that is working now with a different code than yours.

When an another user is logged he or she can't reach the link in the browser cause the file isn't public, doesn't belong to the user and middleware & role user is kicking in.

My question is this a reliable method? Secure?

Please or to participate in this conversation.