[Zope] Secure file downloading problem

[Dylan Reinhardt]

In method M:

<dtml-var F>

If M can't acquire F directly, you may need to use <dtml-with> or 
restrictedTraverse() to get at it.

HTH,

Dylan


At 09:37 AM 2/17/2003, Lubos Culen wrote:
>Dylan,
>
>thank you very much for help, it works - I'm only not able to "return the 
>contents of F with method M" (simple RESPONSE.redirect doesn't work 
>because then it reads directly the files which it has not privileges to 
>access) - is there some easy way to return file contents using method M?
>
>Thanks,
>
>Lubos.
>
>On Thu, 13 Feb 2003 08:52:32 -0800, Dylan Reinhardt 
><zope@dylanreinhardt.com> wrote:
>
>>Assume you have file F and method M.
>>
>>Ensure that nobody but a Manager has any privileges for F.  This will 
>>have the effect of making it unobtainable directly.
>>
>>Set up M so that it performs whatever security dance is required and 
>>returns the contents of F when appropriate.  Give M the proxy role of 
>>Manager so that it can gain access to F.
>>
>>If you want to get a little more tricky, create a new role that's used 
>>just for this purpose.  Give that role permissions on F and run M in that 
>>proxy role.
>>
>>As far as the user or their software is concerned, file F will have M's URL.
>>
>>HTH,
>>
>>Dylan
>>
>>
>>At 07:39 AM 2/13/2003, Lubos Culen wrote:
>>>Hi!
>>>
>>>I have simple task to develop in Zope - make secure files available for 
>>>download, but the user shouldn't see the REAL URL of the files (neither 
>>>in browser nor in any download manager). Is it possible to do this 
>>>through Zope? Thanks for answer,
>>>
>>>Lubos.
>>>
>>>
>>>_______________________________________________
>>>Zope maillist  -  Zope@zope.org
>>>http://mail.zope.org/mailman/listinfo/zope
>>>**   No cross posts or HTML encoding!  **
>>>(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
>>>http://mail.zope.org/mailman/listinfo/zope-dev )
>>
>
>
>
>--
>Regards,
>Lubos Culen (Mirsoft)
>INFO: http://www.mirsoft.info
>ICQ: 658788