[Seaside] A session-aware kind of FileLibrary - how/where to start

Jupiter Jones jupiter.jones at mail.com
Tue Mar 30 12:23:53 UTC 2021 

This may be a little left-field, but if you want a more integrated approach you could try something like:


renderContentOn: canvas
	canvas anchor 
		url: (self fileAccessUtlFroFile: #restrictedAccessFile); 
		with: ‘Download'


fileAccessUrlForFile: fileIdentifier
	^self renderContext actionUrl copy
		addField:
			(self renderContext callbacks
				store: (WAActionCallback on: [ self processFileAccessCallbackForFile: fileIdentifier ]));
		yourself.


processFileAccessCallbackForFile: fileIdentifier 
	(self session isUserAllowedToDownloadFile: fileIndeitifier) ifTrue: [
		self requestContext response redirectTo: (self actualUrlForFile: fileIdentifier)
	]


You could also serve the file directly in the response rather than #redirectTo: if you wanted added security.

The above is incomplete, but perhaps fits the brief.

Cheers,

Jupiter

> On 30 Mar 2021, at 8:18 pm, jtuchel at objektfabrik.de wrote:
> 
> Hi,
> 
> 
> There are situations in which I feel like after 10+ years of using Seaside, I am still a newbie. (well, same for Smalltalk after 25+ years, so this may be normal).
> 
> I would like to implement some kind of FileLibrary that is aware of the current session and only delivers files to logged-on users.
> 
> It seems like the best starting point for this is to subclass WARequestHandler and register it with WAAdmin. So the first thing I did was implement handleFiltered: aRequestContext. Unfortunately, neither aRequestContext nor self return a WASession, although I entered _s and _k form a logged in session into the address bar of my Browser. This may be a naive approach, but as a fist test case this seemed like a good idea ;-)
> 
> Now the question I ask myself is: how do I teach my WARequestHandler subclass the trick of knowing/finding the current session. Do I add some Filter? Is subclassing WARequestHandler the wrong idea anyways? (I started my experiments with a subclass of WAFileLibrary, but that also didn't get me anywhere...).
> 
> I am not asking for a ready-made solution. I'd rather try to understand a little more about Seasides innards here...
> 
> Any pointers? Kick-off ideas what to look at?
> 
> 
> tia,
> 
> 
> Joachim
> 
> 
> 
> 
> -- 
> -----------------------------------------------------------------------
> Objektfabrik Joachim Tuchel          mailto:jtuchel at objektfabrik.de
> Fliederweg 1                         http://www.objektfabrik.de
> D-71640 Ludwigsburg                  http://joachimtuchel.wordpress.com
> Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1
> 
> 
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

More information about the seaside mailing list