I think that is the point. In 'uploads' if you need authorization. In
'static' if you do not. In the latter you do not need to worry about
authorization and you can let the web server by-pass web2py (so do not
viewer action).
On Jun 17, 9:16 am, Anthony <abasta...@gmail.com> wrote:
> Thanks, Bruno -- this is very helpful. With this method, you can't enforce
> authorization, though, right? So this should only be used for uploaded files
> intended to be accessed by anyone.
>
> Anthony
>
>
>
>
>
>
>
> On Friday, June 17, 2011 6:56:52 AM UTC-4, rochacbruno wrote:
> > For security reasons, web2py does not expose the 'uploads' folder to the
> > user, this folder can be accessed only by the 'download' function.
>
> > The best way is to set the upload path pointing to /static not to /upload
> > and you will have your uploaded files to be served as static files,
> > bypassing download function.
>
> > under /static create a folder called 'picture'
>
> > *Go to the table definition and do this:*
>
> > *<model>*
> > db.define_table('announce',
>
> > Field('picture','upload',uploadfolder=request.folder+'static/pictures'),
> > )
> > *</model>*
>
> > You are saying DAL to store uploades files in to that folder under static
> > and store the ath in the field.
>
> > Now in your controller create a function do handle that (different from
> > download, it is a kind of viewer)
>
> > *<controller>*
> > def viewer():
> > row = db(db.announce.id
> > ==request.args(0)).select(db.announce.picture).first()
> > redirect(URL('static','pictures',args=row.picture))
> > *</controller>*
>
> > *Now you can fo this:*
>
> >http://server/app/default/viewer/3# record id
>
> > then you got redirected to the image (no html page)
>
> > example:
>
> >http://127.0.0.1:8000/app/static/pictures/announce.picture.aaf5d3f777...
>
> > you can always refer directly to the image path (not using the viewer
> > function) but you always need to fetch the picture name from db.
>
> > Hope it helps.
>
> > Should go on the book?
>
> > --
> > Bruno Rocha
> > [ About me:http://zerp.ly/rochacbruno]
> > [ Aprenda a programar:http://CursoDePython.com.br]
>
> > On Thu, Jun 16, 2011 at 6:09 AM, Vinicius Assef <vinic...@gmail.com>wrote:
>
> >> Hi guys.
>
> >> I have a table (called anuncio) with an upload field (called foto), so
> >> anuncio.foto is my upload field.
>
> >> I'm showing and linking it with this piece of code in my view :
> >> {{url = URL(c='anuncios',f='download', args=['uploads',
> >> anuncio.foto])}}
> >> {{=A(IMG(_src=url), _href=url)}}
>
> >> My /contollers/anuncios.py/download() function is the default, as seen
> >> below:
> >> def download():
> >> return response.download(request,db)
>
> >> When user clicks on this image, browser shows the download dialog,
> >> asking him/her where to save the image.
> >> But I'd like to simply show the image, not present the download
> >> dialog. All these images will be public.
>
> >> How I solved it:
> >> 1) I entered in /myapp/static/images and created a symbolic link
> >> called 'uploads' pointing to /myapp/uploads.
> >> 2) In my view, I changed the: {{url = URL(...}} stuff by this: {{url =
> >> URL(c='static', f='images', args=['uploads', anuncio.foto])}}
>
> >> I think this isn't the best choice because I'm pointing URL() to a
> >> fake controller and function, and I'm counting on an external
> >> resource: a symbolic link in my filesystem.
>
> >> How would be the "web2pythonic" way to do this?
>
> >> --
> >> Vinicius Assef.
