On Mon, Jan 24, 2011 at 10:02 PM, Jason Stelzer <[email protected]>wrote:
> Thanks, the django site mentions access control, but only really in > the context of mod_python. So that doesn't really help me. > > http://docs.djangoproject.com/en/dev/howto/apache-auth/ > > x-sendfile looks promising, I'll check it out. > Here is the function which I wrote hope this help @auth_decorators.login_required def download_attachment(request, ,filename): """ we do not want to serve static files from django so this view just sets the header for nginx to process """ import os abs_filename = os.path.join('/downloads/', filename) response = HttpResponse() # 200 OK response['Content-Type']="" response['X-Accel-Redirect'] = abs_filename return response > > > On Mon, Jan 24, 2011 at 11:26 AM, vishwajeet singh <[email protected]> > wrote: > > > > > > On Mon, Jan 24, 2011 at 9:36 PM, Jason Stelzer <[email protected]> > > wrote: > >> > >> I have a scenario that is probably pretty common. > >> > >> I have a set of static files that I would like to restrict access to. > >> The only real restriction is that people who are not logged in to my > >> application should not be able to download these files. I'm using a > >> python 2.6, django 1.2 and apache 2.2. > >> > >> To achieve this, I'm starting to look at the info here: > >> http://code.google.com/p/modwsgi/wiki/FileWrapperExtension > >> > >> I have also started to read up on the posts about wsgi.file_wrapper > >> talked about here: > >> http://blog.dscpl.com.au/search/label/mod_wsgi > >> > >> My questions come down to this: > >> > >> Am I on the right track? > >> > >> My content is logically grouped like this: > >> /media/<section1> > >> /media/<section2> > >> /media/section3> > >> > >> If i were to want to restrict access to one (or more) of the > >> sub-sections, I am thinking that I could create a mapping in my > >> urls.py that corresponds to the correct section and let my > >> wsgi.file_wrapper handle it. Is this a correct assumption? > >> > >> It would be convenient if the file wrapper were a part of my > >> application since it's essentially looking for a valid http session to > >> see if a user is 'logged in' or not. Any special caveats I need to be > >> mindful of? > >> > >> Thanks for any tips/pointers. I'm quite new to python/wsgi so if these > >> questions are in a faq I have not yet read a url would be both > >> appreciated and sufficient. > >> > >> > > > > > > I faced the similar issue some time back and found this link pretty > useful > > http://blog.zacharyvoase.com/2009/09/08/sendfile/ > > I was able to serve static files to authenticated users through nginx > > > >> > >> -- > >> J. > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "modwsgi" group. > >> To post to this group, send email to [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]<modwsgi%[email protected]> > . > >> For more options, visit this group at > >> http://groups.google.com/group/modwsgi?hl=en. > >> > > > > > > > > -- > > Vishwajeet Singh > > +91-9657702154 | [email protected] | http://bootstraptoday.com > > Twitter: http://twitter.com/vishwajeets | LinkedIn: > > http://www.linkedin.com/in/singhvishwajeet > > > > -- > > You received this message because you are subscribed to the Google Groups > > "modwsgi" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<modwsgi%[email protected]> > . > > For more options, visit this group at > > http://groups.google.com/group/modwsgi?hl=en. > > > > > > -- > J. > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<modwsgi%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/modwsgi?hl=en. > > -- Vishwajeet Singh +91-9657702154 | [email protected] | http://bootstraptoday.com Twitter: http://twitter.com/vishwajeets | LinkedIn: http://www.linkedin.com/in/singhvishwajeet -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
