I wish to make the uploaded file contents only viewable on the browser i.e using atreal.richfile.preview for doc/xls/pdf files. The file should not be downloadable at any cost. How do I remove the hyperlink for the template in a particular folder for all the files in that folder? I use Plone 4.1 There is AT at_download.
Cue tune from Hotel California: "You can check out any time you like, but you can never leave."
You do not not really want to disable all downloading, I believe that you really just want to disable downloads from all users but Owner. There is no practical use for putting files into something with no vehicle for EVER getting them back out...
...so you need to solve this problem with workflow:
Use a custom workflow definition that has a state for this behavior ("Confidential"). Ensure that "View" permission is not inherited from folder above in the permissions for this state, and check "Owner" (and possibly "Manager" if you see fit) as having "View" permission.
Set the confidential state as the default state for files. You can do this using Workflow policy support ("placeful workflows") in parts of the site if you do not wish to do this site-wide.
Should you wish to make the existence of the items viewable, but the download not, you are best advised to create a custom permission and a custom type to protect downloading with a permission other than "View" (but you still should use workflow state as permission-to-role mapping templates).
Script (Python) at /mysite/portal_skins/archetypes/at_download Just customize to contain nothing. Thought this will be helpful to someone who would like to keep files/ image files in Plone confidential by sharing the folders with view permission and disable checkout and copy option for the role created
Related
I have a CKAN 2.6.2 installation deployed with a few hundred datasets added using python via the API, including a number of custom fields, added with ckan.action.package_patch(id=i, extras=extra_fields).
I would like to make one of these extra fields visible only if a user has logged in to the organization.
I think either src/ckan/ckan/templates/package/snippets/additional_info.html or src/ckan/ckan/templates/snippets/additional_info.html are the templates used to generate the lines of HTML that I'd like to selectively filter, but I'm stuck on the next step.
Can anyone help with some pointers?
Extend PackageController, define custom route and from there you will need to call organization_list_for_user action that will return the organizations that user is member of, and choose which extras you will return depending if user is member of organization or not.
We have the file cookiecutter.json, which defines the default context for a template. I would like to specify, via a command flag, something like:
cookiecutter --no-input --context my-context.json <cookiecutter-template>
So that the same template can be used to generate different projects, without having to enter the data manually on the input prompts. There is a workaround to achieve this:
clone the template repo locally
modify the cookiecutter.json in the template repo
specify as template the local clone, and not the github clone
This is less than ideal, because it requires modifying a repository, does not allow for independent storage of the context files, and does not allow to use the same template to easily create different projects.
Is there a way to specify the context to cookiecutter, on the command line?
No (Not Exactly)
From what I can see there is no current way using a command line flag in the exact way you wish for.
However based on my research for this exact same problem there are two main avenues to solve this, each more or less appropriate depending on the exact situation.
Standard/Personal Context Values
In the case where you have standard, usually personal context values you wish to use over multiple projects there is the option of adding a user specific configuration.
It seems you can specify some default context settings into a .cookiecutterrc file in your home directory. (Current documentation can be found here). This is most aptly used for things such as email address, full name, github account name etc which are fairly static.
The format of the config file is yaml and an example structure would be as follows:
default_context:
full_name: "Gavin Cooper"
email: "xxxxxx#xxxxx.com"
github_username: "gjcooper"
I would assume that this relies on fields such as this being given standard names across most cookiecutter packages.
Project Specific Context Values
This solution is for when you have a project management software or other script where you want to generate project specific values (ie app_name) into the cookiecutter json format and then automatically generate your project directory structure without user input.
This requires writing a very short python script to hook into the cookiecutter internals, but is simple to use:
from cookiecutter.main import cookiecutter
import json
with open('project_context.json') as jfile:
mycontext = json.load(jfile)
cookiecutter('<local or remote cookiecutter template file>',
extra_context=mycontext,
no_input=True)
This solution I can verify has worked for me.
I am trying to connect my custom api to a plone website using the pmr2.oauth provider on the plone website and using oauthV1. Everything goes smoothly from requesting a temporary key to recieving the oauth access tokens.
But when I try to access the resources I get an invalid scope. I have been told to fill in the content type scope manager in pmr2.oauth package, I have to fill a mapping for each of the following portal types to a list of permitted subpaths: Plone site, Collection, File, Folder, Manager Folder, Page, Page and subsite.
But I have no idea what to fill in here, so I hope maybe you guys can help me.
Package owner here, first off I must apologize and say I can probably document this better (sure it's documented via doctests but it can be made better)!
What you need to fill there is the view that you want to access for that particular content type. For instance, if you wish to show the listing of all the items from within a collection you would figure out what the name of the view is (in this case, atct_topic_view). For a standard Page it would be document_view. That said, OAuth typically targets web-services that typically communicates via a more concise format, such as json, so it is possible for developers to develop new views specific to some existing (or custom) Plone content types and then these can be added to the mappings to be made available.
Lastly, the mappings are essentially the endpoint, plus an optional subpath which can be a wildcard. As of writing, specifying a wildcard for custom subpaths does not imply the root parent view being available, so let's say you have a custom download view that can let user list the formats which links to subpaths within for the actual content, you might do something like this:
Collection:
download_feed
download_feed/*
Would make available the download_feed view within the Collection content type and then any subpaths within (generally made available by implementing zope.publisher.interfaces.IPublishTraverse for the custom view).
Alternatively you can write your own ScopeManager. Just create a class that inherit from pmr2.oauth.scope.BaseScopeManager (or BTreeScopeManager), implement all the methods (and tests) and then register this within your code or with a zcml like this:
<adapter
for="zope.annotation.interfaces.IAnnotatable
your.app.interfaces.IAppLayer"
factory="your.app.ScopeManager"
provides="pmr2.oauth.interfaces.IScopeManager"
/>
Which should then override the default (Portal) Content Type based scope manager with your own.
I noticed that django-storages (or perhaps it's Django's storage API itself) overwrites files with the same name. This is a problem for me as my site allows user uploads, so I need to ensure that files are never overwritten.
Ideally I'd like to be able to pass a file name to the storage backend from the view level, but I'm struggling to find an elegant way to do this. I'd be equally happy if there's a switch somewhere where I can just do something like overwrite=False and have the backend come up with its own alternative name.
If you are using the s3boto backend not the old s3 backend in django-storages then you can change this using the AWS_S3_FILE_OVERWRITE setting: https://bitbucket.org/david/django-storages/src/83fa2f0ba20c/storages/backends/s3boto.py#cl-43
#Mark Lavin's answer aptly points out that setting AWS_S3_FILE_OVERWRITE to False avoids this problem.
You may additionally want to improve your file name-spacing a little bit. You can save files under whatever name on S3 you want (it doesn't have to be the name of the file the user uploaded). So you could save your file with the name "user_uploads/[user_id]/[user_generated_file_name]". You can also set the file name to be whatever you want as part of a download. If you save the user's uploaded file name as a field on your model, you can then specify that as the file name in the view that downloads a file.
I'm using django. I want a user to upload an image for a user post, but I'm not sure the backend of this. Should I setup a db with the url of the image, a folder for the user, a folder inside of the post, and the image finally in that folder? What is the best (fastest, efficient, nonconfusing) way of doing this?
You can use the built in django ImageField. This essentially is set up to store and reference a url relative to a media dir on the webserver.
There is a pretty basic example here.
EDIT:
For your own implementation outside of django most people would implement it in a similar way to how Django's imagefield works. Basically, you story a reference to a file in a filesystem somewhere, and store the actual file on the filesystem.
You can store the actual image in the database but I think most people prefer to not store it in the database. This stackoverflow question has a lot of info about why one would want to do it one way or another. I myself have done this both ways and like storing them in the filesystem more than in the database in most cases.
You can use the ImageField which comes built in in with django. The good thing about this it stores and manages it within Django, you can resize and get url to the image all using PIL and Django helper methods.
This is the best way for deployment as well, once you decide to deploy you will be able to tweak the system to best serve up static files, as supposed to managing it yourself.
Goodluck.