Hello,
Firstly, apologies from a relative noob....
I need some guidance or help on how to achieve a smooth outcome, please?
I am creating a small "multi-tenant" application. Part of the application
programmatically generates .csv files (they are reports). For obvious
"multi-tenant" reasons, each tenant should only be able to download their
own csv files. Actually this is critical for my app.
I now need to add the functions to control the necessary "multi-tenant"
segregated access. And here I am stuck.
After exhaustive reading, I came to the conclusion that using the 'uploads'
folder (together with the download() function) is going to offer the
multi-tenant security I need. Because I can be specific about the files
that each tenant can download. It also appears to stop users manually
traversing the URLs.
I have a table that controls these files, so can offer the correct
download.csv files to the correct tenants. Excellent functionality from
Web2py.
Here is the issue that I am up against: My application generates the csv
files and stores them in the 'uploads' folder. They are never uploaded
though a view.
For files that are uploaded using SQLFORM, I see that, and fully understand
why, there is a hash that changes the filename. However, in my case, my
application is generating the files, and hence I cannot figure out how to
do the filename hash so that the download() function works.
To learn about the function, I have created a simple test application that
DOES do what I want:
db.define_table('reportcsv',
Field('reportname','string'),
Field('csvfile','upload'))
To make the has method work - I can insert a file into the database/uploads
folder with this f()
def insertcsv():
stream = open('applications/testapp/uploads/rep1.csv', 'rb')
db.reportcsv.insert(csvfile=db.reportcsv.csvfile.store(stream,'sec1.csv'),reportname='report_1')
return dict()
The above insertcsv() works just fine. And the subsequent download() works
as expected. All good.... except: -
1) I am processing the file twice i.e. once when I create it; and again
when I insert/stream it into the table. This is unnecessary processing
overhead
2) I end up with 2 copies of the file. in the upload folder i.e. waste of
storage (although its not a biggie issue thus far).
So, could someone with experience in this area help me, please?: -
a) Is this the best way to ensure multi-tenant segregation of the
downloadable files? OR, is there an easier or better way to do this?
b) Is is possible to do a reportcsv.insert for a file that already exists
in the uploads folder? (i.e generating the hashed filename without having
the stream/replicate the file).
All ideas and suggestions gratefully received!
Simon
PS. I had thought of using a SQLFORM.grid as this has a nifty cvs download.
The problem is that is would generate the data each time it was run. Where
as a csv file only needs to be refreshed when necessary. Frankly, I prefer
not to bulk out the tables with that data and want to avoid the cpu
overhead.
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
