[Seaside] A session-aware kind of FileLibrary - how/where to start
Jupiter Jones
jupiter.jones at mail.com
Tue Mar 30 12:23:53 UTC 2021
This may be a little left-field, but if you want a more integrated approach you could try something like:
renderContentOn: canvas
canvas anchor
url: (self fileAccessUtlFroFile: #restrictedAccessFile);
with: ‘Download'
fileAccessUrlForFile: fileIdentifier
^self renderContext actionUrl copy
addField:
(self renderContext callbacks
store: (WAActionCallback on: [ self processFileAccessCallbackForFile: fileIdentifier ]));
yourself.
processFileAccessCallbackForFile: fileIdentifier
(self session isUserAllowedToDownloadFile: fileIndeitifier) ifTrue: [
self requestContext response redirectTo: (self actualUrlForFile: fileIdentifier)
]
You could also serve the file directly in the response rather than #redirectTo: if you wanted added security.
The above is incomplete, but perhaps fits the brief.
Cheers,
Jupiter
> On 30 Mar 2021, at 8:18 pm, jtuchel at objektfabrik.de wrote:
>
> Hi,
>
>
> There are situations in which I feel like after 10+ years of using Seaside, I am still a newbie. (well, same for Smalltalk after 25+ years, so this may be normal).
>
> I would like to implement some kind of FileLibrary that is aware of the current session and only delivers files to logged-on users.
>
> It seems like the best starting point for this is to subclass WARequestHandler and register it with WAAdmin. So the first thing I did was implement handleFiltered: aRequestContext. Unfortunately, neither aRequestContext nor self return a WASession, although I entered _s and _k form a logged in session into the address bar of my Browser. This may be a naive approach, but as a fist test case this seemed like a good idea ;-)
>
> Now the question I ask myself is: how do I teach my WARequestHandler subclass the trick of knowing/finding the current session. Do I add some Filter? Is subclassing WARequestHandler the wrong idea anyways? (I started my experiments with a subclass of WAFileLibrary, but that also didn't get me anywhere...).
>
> I am not asking for a ready-made solution. I'd rather try to understand a little more about Seasides innards here...
>
> Any pointers? Kick-off ideas what to look at?
>
>
> tia,
>
>
> Joachim
>
>
>
>
> --
> -----------------------------------------------------------------------
> Objektfabrik Joachim Tuchel mailto:jtuchel at objektfabrik.de
> Fliederweg 1 http://www.objektfabrik.de
> D-71640 Ludwigsburg http://joachimtuchel.wordpress.com
> Telefon: +49 7141 56 10 86 0 Fax: +49 7141 56 10 86 1
>
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
More information about the seaside
mailing list