Do you have to store the file before inserting the db record? Or can you create the CSV file object and do the insert in the same action?
If not, here's the code for creating an uploaded filename: https://code.google.com/p/web2py/source/browse/gluon/dal.py#9387. The filename is of the form: tablename.fieldname.uuid_fragment.b16encoded_filename.ext. Anthony On Wednesday, August 7, 2013 3:37:10 PM UTC-4, SimonD wrote: > > Hello, > Firstly, apologies from a relative noob.... > > I need some guidance or help on how to achieve a smooth outcome, please? > I am creating a small "multi-tenant" application. Part of the application > programmatically generates .csv files (they are reports). For obvious > "multi-tenant" reasons, each tenant should only be able to download their > own csv files. Actually this is critical for my app. > I now need to add the functions to control the necessary "multi-tenant" > segregated access. And here I am stuck. > After exhaustive reading, I came to the conclusion that using the > 'uploads' folder (together with the download() function) is going to offer > the multi-tenant security I need. Because I can be specific about the files > that each tenant can download. It also appears to stop users manually > traversing the URLs. > > I have a table that controls these files, so can offer the correct > download.csv files to the correct tenants. Excellent functionality from > Web2py. > > Here is the issue that I am up against: My application generates the csv > files and stores them in the 'uploads' folder. They are never uploaded > though a view. > For files that are uploaded using SQLFORM, I see that, and fully > understand why, there is a hash that changes the filename. However, in my > case, my application is generating the files, and hence I cannot figure out > how to do the filename hash so that the download() function works. > > To learn about the function, I have created a simple test application that > DOES do what I want: > > db.define_table('reportcsv', > Field('reportname','string'), > Field('csvfile','upload')) > > To make the has method work - I can insert a file into the > database/uploads folder with this f() > def insertcsv(): > stream = open('applications/testapp/uploads/rep1.csv', 'rb') > > db.reportcsv.insert(csvfile=db.reportcsv.csvfile.store(stream,'sec1.csv'),reportname='report_1') > return dict() > > The above insertcsv() works just fine. And the subsequent download() works > as expected. All good.... except: - > 1) I am processing the file twice i.e. once when I create it; and again > when I insert/stream it into the table. This is unnecessary processing > overhead > 2) I end up with 2 copies of the file. in the upload folder i.e. waste of > storage (although its not a biggie issue thus far). > > > So, could someone with experience in this area help me, please?: - > a) Is this the best way to ensure multi-tenant segregation of the > downloadable files? OR, is there an easier or better way to do this? > b) Is is possible to do a reportcsv.insert for a file that already exists > in the uploads folder? (i.e generating the hashed filename without having > the stream/replicate the file). > > All ideas and suggestions gratefully received! > Simon > > PS. I had thought of using a SQLFORM.grid as this has a nifty cvs > download. The problem is that is would generate the data each time it was > run. Where as a csv file only needs to be refreshed when necessary. > Frankly, I prefer not to bulk out the tables with that data and want to > avoid the cpu overhead. > > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
