You should not block access to thinks that are in static. Things in
static should be considered ublic by default so that you can ask the
web server to serve then and by-pass web2py. This is an optimization
that you will need in production and cannot give up.
If some files need restrited access make a folder applications/myapp/
private/static and a new controller action
@auth.requires_login()
def static():
# check if if user has permission
# raise HTTP(401,"not authorized") otherwise
filename = '/'.join(request.args)
fullpath = os.path.hoin
(request.folder,'private','static',filename)
return response.stream(open(fullpath,'rb'))
access the file with
http://.../myapp/defalt/static/filename.xxx
Hope this helps.
On Jan 20, 1:43 am, Johann Spies <johann.sp...@gmail.com> wrote:
> 2009/12/23 mdipierro <mdipie...@cs.depaul.edu>:
>
> > When I say put the in uploads/ I do not mean you should upload the
> > files. You should just copy them there preserving the subfolder
> > structure. It will not break relative cross-references. When they are
> > in uploads you modify the download action to block some files.
>
> I do not know how to modify the download action. All that I see in
> the book is:
>
> def download(): """ allows downloading of uploaded files
> http://..../[app]/default/download/[filename] """
>
> return response.download(request,db)
>
> When I tryhttp://....[app]/default/download/[filename] I get an
> "Invalid Controller" error.
>
> I have tried to find documentation in the book (e.g. page 109) but do
> not know how to modify this.
>
> Regards
> Johann
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
