Im not sure if this is necessary/redundant, but here is my question:
Is there any way to check permission for the download -- i.e., the client
associated with the file is checked and confirmed prior to the initiation
of the dl without having to pass extra vars -- i.e., just using the
filename that is passed as an argument?
db.define_table('foo',
Field('client', ...),
Field('file', ...),
Field('auth_user', ...),
)
def download():
*In pseudocode:*
* q = db(db.foo.file == [filename]).select().last()*
* if q.auth_user != auth.user.id:*
* redirect/fail*
"""
allows downloading of uploaded files
http://..../[app]/default/download/[filename]
"""
return response.download(request, db)
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
