By definition static files have no authorization because we recommend they
being served directly by the web server bypassing web2py entirely.
You can put then in a myfiles subfolder of the app and create your own
action:
@auth.requires_login()
def static():
import contenttype
filename = os.path.join(request.folder, 'myfiles',
'/'.join(rqeuest.args))
response.headers['Content-Type'] = contenttype.contenttype(filename)
if not user_permissions(auth, filename): # <-- you implement this
raise HTTP(401)
if not os.path.exists(filename):
raise HTTP(404)
with open(filename) as fp:
return fp.read()
On Thursday, 29 August 2019 01:27:17 UTC-7, Dave S wrote:
>
> I have a file that I want authorized users to be able to download, but I'm
> not sure I want it in the uploads directory (so that user/download can find
> it). I'm thinking about putting it in static, but I realize that doesn't
> default to secure (well, many static files are needed by the login page,
> for example).
>
> Is there an easy way, say with routes.py, to require login for a specific
> static file, or is the check_access() technique in the book and in <URL:
> https://groups.google.com/d/msg/web2py/3rEQJ9SfIWo/8SEH-bPxAAAJ> the way
> to do this (using nginx with a very specific pattern)?
>
> /dps
>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/436cc66a-0dba-4156-a360-c7058110eb67%40googlegroups.com.
