How can I serve static files while requiring Django-based access permissions?
Dear Django Users, tl;dr: Please tell me what strategies I might use to serve a large static file from within Django, from views.py. If I want to limit access to a particular page in a Django app, I can do something like this in views.py: (Note: I will use four periods to indent, because spaces or tabs might not display properly.) def private_page(request): if special_permissions_checking_function(request.user): return render_to_response('private_page_template.html') else: return render_to_response('access_denied.html') What if I want to limit access to a large static file, instead of a dynamically generated HTML template? Ideally the resulting website will be fast, but I also want to hear options that might be low performance. Thank you, Zak -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How can I serve static files while requiring Django-based access permissions?
On Tue, Nov 8, 2011 at 2:11 PM, zak2011 wrote: > Dear Django Users, > > tl;dr: Please tell me what strategies I might use to serve a large > static file from within Django, from views.py. > > If I want to limit access to a particular page in a Django app, I can > do something like this in views.py: > > (Note: I will use four periods to indent, because spaces or tabs might > not display properly.) > > def private_page(request): > if special_permissions_checking_function(request.user): > return render_to_response('private_page_template.html') > else: > return render_to_response('access_denied.html') > > What if I want to limit access to a large static file, instead of a > dynamically generated HTML template? > > The fastest way to do this is to tell the web server to serve the file from a protected location. Apache and nginx both have ways to signal from python code that a file should be read from disk and streamed to the user. This file doesn't have to be in a location which is accessible through a normal web request; ideally all access to it would be through your app, and you can do whatever access checks that you want to before serving it. Look up X-SENDFILE for Apache, or X-Accel-Redirect for nginx for the details. Ian > Ideally the resulting website will be fast, but I also want to hear > options that might be low performance. > > Thank you, > > Zak > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- Regards, Ian Clelland -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How can I serve static files while requiring Django-based access permissions?
Thank you, that is a very helpful suggestion. However, I have a followup question. What are my options if: 1. It is okay to be slow (low performance), and 2. The method must work on any webserver, not necessarily or specifically Apache or Nginx. In pure Python/Django, how do I open a file on the hard disk and put it into an HttpResponse object? Is FileWrapper involved? How come I can't find any documentation on 'FileWrapper' by searching djangoproject.org? Thanks again, Zak On Nov 8, 5:25 pm, Ian Clelland wrote: > On Tue, Nov 8, 2011 at 2:11 PM, zak2011 wrote: > > Dear Django Users, > > > tl;dr: Please tell me what strategies I might use to serve a large > > static file from within Django, from views.py. > > > If I want to limit access to a particular page in a Django app, I can > > do something like this in views.py: > > > (Note: I will use four periods to indent, because spaces or tabs might > > not display properly.) > > > def private_page(request): > > if special_permissions_checking_function(request.user): > > return render_to_response('private_page_template.html') > > else: > > return render_to_response('access_denied.html') > > > What if I want to limit access to a large static file, instead of a > > dynamically generated HTML template? > > The fastest way to do this is to tell the web server to serve the file from > a protected location. Apache and nginx both have ways to signal from python > code that a file should be read from disk and streamed to the user. This > file doesn't have to be in a location which is accessible through a normal > web request; ideally all access to it would be through your app, and you > can do whatever access checks that you want to before serving it. > > Look up X-SENDFILE for Apache, or X-Accel-Redirect for nginx for the > details. > > Ian > > > > > Ideally the resulting website will be fast, but I also want to hear > > options that might be low performance. > > > Thank you, > > > Zak > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-users@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/django-users?hl=en. > > -- > Regards, > Ian Clelland > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How can I serve static files while requiring Django-based access permissions?
On Tue, Nov 8, 2011 at 11:12 PM, zak wrote: > Thank you, that is a very helpful suggestion. > > However, I have a followup question. What are my options if: > > 1. It is okay to be slow (low performance), and > 2. The method must work on any webserver, not necessarily or > specifically Apache or Nginx. > > In pure Python/Django, how do I open a file on the hard disk and put > it into an HttpResponse object? Is FileWrapper involved? How come I > can't find any documentation on 'FileWrapper' by searching > djangoproject.org? > > Thanks again, > > Zak > In that case, just use django.views.static.serve: from django.views.static import serve def myview(request): ... return serve(request, document_root="/path/to/dir/holding/file" path="filename.doc") It is significantly slower than asking the web server to do it though - I assume you are doing this as this will be a pluggable app? If so, you should control this behaviour with a settings option, so that people can do it the optimal way if they want. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How can I serve static files while requiring Django-based access permissions?
Thanks for another great suggestion. My really pressing questions have been successfully answered, I now have a high-performance solution for the final version and a purely Python/Django solution for initial testing and demos. Hopefully I can figure out how to make the high-performance solution work, dealing with Apache or Nginx is not nearly as fun as Python. Background, for the curious: Tom's guess that I am making a pluggable app is close; I am making an app that will be deployed in at least two configurations (Windows and Linux) using probably two different HTTP servers (Apache and undecided). I want it to work before I have fully learned the ins and outs of each HTTP server on each OS, so I can use django.views.static.serve for early testing and demos. Zak On Nov 9, 5:27 am, Tom Evans wrote: > > In that case, just use django.views.static.serve: > > from django.views.static import serve > > def myview(request): > ... > return serve(request, document_root="/path/to/dir/holding/file" > path="filename.doc") > > It is significantly slower than asking the web server to do it though > - I assume you are doing this as this will be a pluggable app? If so, > you should control this behaviour with a settings option, so that > people can do it the optimal way if they want. > > Cheers > > Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.