I am newer in cakephp .I have a pdf folder under cakephp 3.0 weroot folder parallel to the css and js folder . I have a logging function with cakephp auth component. I want to restrict that pdf folder if user not logged in. Right now if we put the url that pdf file is access either user lodded in or not .
If requested file exists in webroot/, it is delivered directly by server without PHP/CakePHP handling.
Move files out of webroot/ (ex. to files/).
Then send file in your controller
public function getPdf($id)
{
// additional auth checks
$file = $this->Attachments->getFile($id);
$response = $this->response->withFile($file['path']);
return $response;
}