On Sun, Mar 7, 2010 at 1:29 AM, Joel <[email protected]> wrote:
> This works. But I'm wondering whether I should be storing my user-
> uploaded files in a subdirectory of the data directory for some
> reason. And if I should be, how can I reference those files from my
> Mako templates?
>
> I remember from previous projects using PHP & Apache that storing
> files in a subdirectory of public_html would render the files publicly
> available. Access to my site will require authentication and I do not
> want the files to be publicly accessible. Do I have to worry about
> this if my uploaded files are stored in public/uploads?
Serve them from an action using FileApp or DirectoryApp.
# Route
map.connect("file", "/my_url/{path:.*}", controller="mycontroller",
action="my_action")
# Controller
from paste.fileapp import FileApp
from pylons.controllers.util import forward
def my_action(self, path, environ, start_response):
# Do authorization, abort(404) or abort(403) if disallowed.
path = os.path.join(config["permanent_store"], path)
app = FileApp(path)
return forward(app)
'app' is a WSGI application. 'forward' is a utility which delegates
to it. The ":.*" in the path variable matches slashes (which normally
aren't matched) if you're using subdirectories.
Don't put anything into the public directory unless it's truly public.
And I also wouldn't put user-uploaded material there because I think
of it as part of the application (i.e., unchanging, version
controlled).
Whether to put it inside the data directory depends. I do this in one
application. But you have to remember it's there, and that you can't
just blow away the data directory whenever you want to clear the
sessions/logs/compiled templates. If you don't have a better place on
your server for it, you can put it in the data directory.
--
Mike Orr <[email protected]>
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
