On 11/01/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> Surely someone else has run into this problem.
>
> Run TG behind Apache, with Apache serving up everything from the
> /static directory. Problem is, how do you restrict access to /static
> files, such that only logged-in users can see them?
>
> Actually, I'll make the problem more generic. Just say you're running
> TG only (no Apache). How then would you restrict access to /static
> files?
How would you do it just using Apache? You can just do it that way.
Alternatively, if you want to use TG's security to control access to
the files then you will have to swallow the overhead and have TG serve
the files. Create a controller whose default method takes all the
arguments from the URL, checks that the user is logged in, then serves
up a file based on those arguments.
Something like (untested):
from cherrypy.lib import cptools
class SecureFiles(controllers.Controller):
@expose()
@identity.require(identity.not_anonymous())
def default(self, *args):
filepath = "/".join(args)
return cptools.serveFile(secure_dir_path + filepath,
"application/x-download", "attachment")
Ed
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
