I'm trying to secure file downloads. I use user_signature=True for an action that generates an edit form that includes an upload field. The upload widget generates a download link but the link appends the file name arg after the signature var.
I'm using: crud.settings.download_url = URL('dcoument', 'download', args=document.customer, user_signature=True) I'm then using: form = crud.update(...) This creates a download link like /document/download/51?_signature=<signature>/<filename> instead of /document/download/51/<filename>?_signature=<signature> On a related topic, I'm using that extra arg above to create separate folders for each customer (useful for multi tenant) but this breaks appadmin uploads and download links. It would be great to use a lambda for the upload folder, something like ... db.define_table('document', Field('customer', 'reference customer'), Field('document', 'upload', autodelete=True, uploadfolder=lambda r: (request.folder + 'document/download/' + row.customer)), ) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.