what are you afraid of ?
On Thursday, November 12, 2015 at 8:25:13 PM UTC+1, Mark Billion wrote:
>
> Im not sure if this is necessary/redundant, but here is my question:
>
> Is there any way to check permission for the download -- i.e., the client
> associated with the file is checked and confirmed prior to the initiation
> of the dl without having to pass extra vars -- i.e., just using the
> filename that is passed as an argument?
>
> db.define_table('foo',
> Field('client', ...),
> Field('file', ...),
> Field('auth_user', ...),
> )
>
>
> def download():
> *In pseudocode:*
> * q = db(db.foo.file == [filename]).select().last()*
> * if q.auth_user != auth.user.id <http://auth.user.id>:*
> * redirect/fail*
> """
> allows downloading of uploaded files
> http://..../[app]/default/download/[filename]
> """
> return response.download(request, db)
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
