Documents
A Document is a file shared between MIDDAG and a customer organization. Documents include signed contracts, proposals, reports, certificates, technical specifications, and any other file that needs to be stored securely and accessed through the admin or the customer portal.
What documents cover
The Document domain is a general-purpose file library, separate from product downloads (which are handled by the License domain). Documents serve organizational purposes:
| Category | Examples |
|---|---|
| Proposals | Quotes exported as PDF, project proposals |
| Contracts | Signed agreements, amendments, statements of work |
| Reports | Monthly service reports, audit reports |
| Certificates | Completion certificates, compliance certificates |
| Specifications | Technical specs, architecture diagrams |
Storage
Files are stored in Cloudflare R2 with metadata persisted in the WordPress database:
| Data | Where it lives |
|---|---|
| File content (PDF, DOCX, etc.) | Cloudflare R2 bucket (middag-documents) |
| Metadata (name, type, size, hash) | WordPress custom table |
| Organization link | WordPress custom table |
Files are organized by organization in R2. Each file has a SHA-256 hash stored for integrity verification.
Supported file types and limits
| Aspect | Value |
|---|---|
| Allowed types | PDF, DOCX, XLSX, PNG, JPG (configurable by admin) |
| Maximum file size | 50 MB per file |
| Access | Signed URLs with short expiration (default: 5 minutes) |
The admin can expand or restrict the allowed file types from the settings.
Access control
Documents are private to their organization. A document belonging to Organization A is never accessible to members of Organization B.
| Role | Can view/download | Can upload |
|---|---|---|
| Owner | Yes | Yes |
| Admin | Yes | Yes |
Member (with documents scope) | Yes | Yes |
| Guest | Yes | No |
Uploads require the documents scope. Guests can view and download but not upload.
How documents are created
Documents enter the system in two ways:
- Admin upload -- the admin uploads files through the WordPress admin, selecting the target organization and filling in title, type, and category.
- Customer upload -- collaborators with appropriate permissions upload files through the portal.
When a new document is uploaded for an organization, the primary contact is notified by email.
Linked entities
Documents can be linked to other records for traceability:
| Link | Purpose |
|---|---|
| Organization | Every document belongs to an organization (required). |
| Contract | Signed contract PDFs are referenced from the Contract record. |
| Entitlement | Documents can be associated with specific entitlements for context. |
Download security
Downloads use signed URLs generated on demand:
- Customer or admin clicks "Download" in the portal or admin.
- System generates a signed URL from R2 with a 5-minute expiration.
- Browser redirects to the signed URL for the download.
- If the URL expires before the download starts, the user clicks again to generate a fresh one.
This ensures files are never exposed through permanent public URLs.
What admins see
In the WordPress admin, the document list shows:
- File name and type
- Organization
- Category (proposal, report, certificate, etc.)
- File size
- Upload date
- Uploader (admin or customer name)
Admins can filter by organization, category, or file type, and can upload documents in bulk.
Related pages
- Contracts -- signed agreements stored as documents
- Organizations -- the owner of all documents
- Licenses -- software downloads (handled separately)
- Entitlements -- access records that documents can be linked to