[Zope] one time downloads
Tino Wildenhain
tino@wildenhain.de
Thu, 19 Jun 2003 22:19:37 +0200
Hi Ed,
Ed Colmar wrote:
> Hey fellow zope fiends.
>
> I've got a little project I'm working on that involves setting up multiple
> one-time downloads.
>
> I'm curious if anyone out there has done something similar that would like
> to share ideas and or code.
>
> My concept was to have all the files in a secure directory somewhere.
> Make a temporary directory somewhere with a random id
> "oahnw3487cfyawcry7baw385vbyawy348vyaw" or whatever... Set the directory
> name and a flag into a db somewhere. Then after the download is complete
> (or after a certain amount of time, delete the dir and the files.
>
> Anyone have something like this already?
No need to create something in Zope for every possible
download.
You place your file somewhere in a download directory.
You remove "view" permission from it for anonymous
you can add a role in root folder for example, called
"download" - give the view permission to
manager and download for this file.
Place a python script in the path where you want to
provide the download. Give that script
proxy role as "download" (you must also have this
role to make this - simply edit your user object
in acl_users)
The script should read like this:
cookie,filename=traverse_subpath
if context.sqlQueryToCheckId(identification=cookie)
file=context.filefolder[filename]
response.setHeader('content-type':file.content_type)
return file.data
return context.ErrorMessageTemplate(context)
You can add something to check the filename, although
if you do it right the script can only provide access
to files when the cookie is the right one and where
the fileobject is accessible for the role "download".
From your HTML or E-Mail you refer to the file like this:
http://yourserver/pathToDownload/DownloadScript/1qwe7aadea7868sfsfd/file_to_download.ext
^^^^^^^^ ^^^^^^ ^^^^
The script above the "cookie" the
file
HTH
Tino Wildenhain