Sounds good,
I was already looking into using mod_auth_mysql for apache to handle the
directories, only thing is I would then have two login mechanisms, user
would have to enter user/pass twice, unless there is a way to pass the
credentials that TG uses to mod_auth_mysql. I'll have to look into that.
I'll have to do some playing around with different methods to see what best
fits. I think I want to deploy the final app running behind apache using
mod_python, so I'm not even sure how apache is going to handle the static
directories or if TG is going to do it, so I've got some testing and reading
to do.
Thank you very much for your responses, you've definitely helped me on my
way.
-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf Of Christopher Arndt
Sent: Tuesday, January 02, 2007 5:19 AM
To: [email protected]
Subject: [TurboGears] Re: Securing Resources
Lee Connell schrieb:
" files = get_files(user.static_dir) "
Q1. so this is pulling from the User model, so would I add another field
to
the model which holds the static_dir?
Yes, that's how I intended it. You don't have to do it that way. You
could also contruct the path for static_dir by appending/inserting the
username to some fixed path that is set in the configuration file, e.g.
static_dir = config.get('myapp.static_dir', '/Users/%s/files') %
user.user_name
Q2. Do I have to manually serve files through CP? Is there a way for CP
to
just serve up anything that's not a .py or .kid source file as a
downloadable file?
Not if you want to base access control on the identity model of your app
and without resorting to filters, I think.
What I'm most interested in is that anything under /Users/$username/files/
are all static files which are downloadable.
You could always configure your web server to serve files from this
directory directly, bypassing CherryPy, and use some other means of
authentication, i.e. HTTP Basic/Digest.
I just want to make sure
$username matches "identity.current.user" correct?
I you make sure the user is logged in, yes, i.e.
identity.not_anonymous() == True. But you have to match the user name
against identity.current.user.user_name not identity.current.user. The
latter is a 'User' object not a string.
Chris
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.16.1/611 - Release Date: 12/31/2006
12:47 PM
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.16.1/611 - Release Date: 12/31/2006
12:47 PM
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
