On Sunday, September 1, 2019 at 7:28:05 PM UTC-7, Massimo Di Pierro wrote: > > By definition static files have no authorization because we recommend they > being served directly by the web server bypassing web2py entirely. > > You can put then in a myfiles subfolder of the app and create your own > action: > > @auth.requires_login() > def static(): > import contenttype > filename = os.path.join(request.folder, 'myfiles', > '/'.join(rqeuest.args)) > response.headers['Content-Type'] = contenttype.contenttype(filename) > if not user_permissions(auth, filename): # <-- you implement this > raise HTTP(401) > if not os.path.exists(filename): > raise HTTP(404) > with open(filename) as fp: > return fp.read() > > That is essentially what I ended up doing (with the minor change of using a stream), I haven't gotten around to hotwiring the static files into the frontend (missed that comment in "deployment"), but I did think about it and using the frontend to handle that authentication, but decided not to wait for my learning curve.
Thanks. /dps > On Thursday, 29 August 2019 01:27:17 UTC-7, Dave S wrote: >> >> I have a file that I want authorized users to be able to download, but >> I'm not sure I want it in the uploads directory (so that user/download can >> find it). I'm thinking about putting it in static, but I realize that >> doesn't default to secure (well, many static files are needed by the login >> page, for example). >> >> Is there an easy way, say with routes.py, to require login for a specific >> static file, or is the check_access() technique in the book and in <URL: >> https://groups.google.com/d/msg/web2py/3rEQJ9SfIWo/8SEH-bPxAAAJ> the way >> to do this (using nginx with a very specific pattern)? >> >> /dps >> >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/3c2677fb-6ef1-4bc8-b4c3-d3a5b30719c9%40googlegroups.com.

