On Apr 21, 12:09 pm, Brad Buran <bbu...@gmail.com> wrote: > I'm currently researching Django as a potential framework for a web > application I am building. We plan to make a variety of media (images > and videos) free on our website; however, we want to have some premium > media available only when certain criteria are met (e.g. the logged-in > user is of a certain group or has the appropriate permissions). > > What is considered the best way to implement this? I suppose we could > get Django to serve the media directly, but this would place undue > load on the server. Can anyone recommend any tips or tricks?
Groups and permissions are obviously things that can be handled by Django. For the actual serving up of the media files, there are various ways of doing it depending on how you are hosting Django. So, how are you intending to host it? Options for serving static media where Django handles request and handler deals with groups or permissions are: 1. Use X-Sendfile response header to have server send raw file. Supported by Apache, lighttpd and nginx, although possibly require option server module, eg mod_xsendfile. 2. Have nginx as front end with fastcgi backend, or with Apache/ mod_wsgi as backend and use X-Accel-Redirect response header to map to private static files hosted by nginx. 3. Under Apache/mod_wsgi, use wsgi.file_wrapper extension of WSGI to return file. This may be hard as not really well supported by Django natively at this point. 4. Under Apache/mod_wsgi daemon mode, use Location response header with 200 reponse to map to static file served by Apache. This is like X-Accel-Redirect under nginx, but you need a mod_rewrite rule to restrict access to static media sub request as created by Location directive redirect. 5. Use perlbal as front end to backend HTTP server host Django in some way and use X-Reproxy-URL response header. Like Other variants above but perlbal sends static file identified by that header. Other load balancers may support other similar headers for having them send static files. There are other ways as well provided you were happy with standard HTTP Basic/Digest authentication being done by Apache and not form/ session based logins. There is a Django ticket, which I believe still hasn't been integrated, to try and make various of these available under a simple usable interface. As such, right now, may have to integrate it explicitly. So, lots to choose from. Graham -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
