Field('name','upload',authorize=f)
where
def f(row):
if auth.user and auth.user.id is allowed to download row.id
return True else return False
the authorize function is called automatically (if declared) when
somebody attempts to download an uploaded document.
On 11 Giu, 14:11, weheh <richard_gor...@verizon.net> wrote:
> Once assigned, the user_id that my app creates is never changed. I
> would use the auth.user.id field, but I don't like the fact that it's
> sequential and therefore, easily guessed. I doubt that uploads can be
> hacked easily since you did such a good job with security.
> Nevertheless, I prefer to have an additional layer of obfuscation by
> having an encrypted user_id.
>
> On Jun 10, 11:32 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > The problem with this is that the, I assume, tha database links the
> > uploaded filename to the user_id and therefore you need to access the
> > database to locate the file. That is ok until the database changes and
> > somebody edits the user_id. Than you can no longer locate the file.
>
> > On Jun 10, 7:36 am, weheh <richard_gor...@verizon.net> wrote:
>
> > > I think I'm dealing with the same situation, however, I'm going about
> > > it a little differently. I'm storing files in
>
> > > uploads/users/user_id/filename
>
> > > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length
> > > anywhere from 8 to 12 characters or so. The filename is another cypher
> > > created automatically by web2py, following the table.field approach.
>
> > > One thing I'm thinking about is taking the user/user_id/filename
> > > structure entirely outside of web2py. The reason is that my server has
> > > 2 disk partitions and I might want to have these files resident under
> > > C:/ or D:/ Another reason is that I might want to gradually move
> > > these files to the cloud or another server. I'm wondering whether this
> > > is reasonable and even possible to do from within a web2py app working
> > > around the web2py way.- Hide quoted text -
>
> > - Show quoted text -
