sam wrote:
>I want to use FileField to upload files but I don't want the file URIs
>directly visible to the user.
>
Simple way is just to no tell them the URL (i.e. not using {{
object.get_field_url }} in templates).
Another way is to copy files to the directory inaccessible from web upon
file receiving.
>I think what this boils down to is to map a logical
>URL such as myapp/<file-name> to a view that checks permission first
>then retrieves the file from MEDIA_ROOT/<file-name>. But how to do
>that?
>
>
urls.py:
(r'^download/(.*)/$', 'download'),
views.py:
def download(request,filename):
obj = get_object_or_404(files,filename__exact=filename)
# Check permissions
f = file(obj.get_file_filename())
try:
content = f.read(os.path.getsize(obj.get_file_filename()))
finally:
f.close()
response = HttpResponse(content,mimetype='application/octet-stream')
response['Content-Disposition']='attachment; filename="%s"'%filename
return response
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
