On Tue, Apr 22, 2008 at 8:32 AM, Jonathan Vanasco <[EMAIL PROTECTED]> wrote: > > I think that the poster is trying to make the directories viewable > only to people who have authenticated to the server -- a la .htaccess > > http://wiki.pylonshq.com/pages/viewpage.action?pageId=9011252 > > http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Authorization
The public directory is served separately from the controllers -- it's served by 'static_app' in middleware.py. So a controller-based authorization system cannot protect the public directory. I can think of only two ways to do this, and neither would be simple for a beginner. 1) Use a middleware-based authentication system such as AuthKit or repoze.who. You would also need to wrap 'static_app' in an authorization middleware, and I've never seen one of those for Pylons so you may have to write your own. There may be one in AuthKit I haven't noticed. 2) Serve the static files inside the controllers. There are two ways to do this. One is to create a controller action that serves a directory of static files, using paste.urlpasrser.StaticURLParser. The other is to use StaticURLParser itself as a pseudo-controller. I should make a HOWTO with the steps because I finally got this to work for some protected files I have, but not tonight. But the biggest question is, does your login page depend on any of these stylesheets or images? If so, it won't look right if you protect them. Likewise if your home page or any other page on the site is unprotected. The second question is, why do you want to protect them? If you're trying to prevent unauthorized users from accessing them, protection makes sense. But if you want to force authorized users to view them only embedded in an HTML page rather than directly -- you can't. If the browser can download it to decorate an HTML page with, it can also display it directly. -- Mike Orr <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
