PHP's readfile equivalent for Lift
103 views
Skip to first unread message
Emmanuel Eytan
Apr 4, 2012, 11:37:13 AM4/4/12
to lif...@googlegroups.com
With PHP, if you want to make a resource visible only to some users, you put in a folder outside of what is shared by Apache but where PHP has read access. Then when the user tries of read it, if they are allowed, you open it with PHP's readfile() function. For Lift, what is the equivalent. The Siteman seems to allow any non-HTML file to be read. Can I make the Sitemap block images in a specific location for some users and not others?
AGYNAMIX Torsten Uhlmann
Apr 4, 2012, 12:08:27 PM4/4/12
to lif...@googlegroups.com
Emmanuel,
how do you decide in PHP if a user can see a file or not? I guess you have some kind of access control, probably a table that says which permissions a user has.
SiteMap controls access per URL on a broader scale. I'm not sure if you could use SiteMap to block content on a site that is generally allowed by SiteMap.
But the usual solution is to use some user-to-permissions mapping to find out if the user may see some content of a page or not and according to that for instance do not render the link to a file or image in your response page.
You could for instance create a snippet that will check the current logged in user (and you would use SiteMap to show the page only to logged in users) has a certain permission, if not the snippet could return NodeSeq.Empty which would just blind out any encapsulated content.
Or of course you can do this in css selectors:
… &
(if (hasPermission) {
"selector [img]" #> getImgUrl
} else {
"selector" #> "" // show nothing
}) &
...
--
Would that work?
Torsten.
--
AGYNAMIX(R). Passionate Software.
Inh. Torsten Uhlmann | Buchenweg 5 | 09380 Thalheim
Phone: +49 3721 273445
Fax: +49 3721 273446
Mobile: +49 151 12412427
Web: http://www.agynamix.de
Inh. Torsten Uhlmann | Buchenweg 5 | 09380 Thalheim
Phone: +49 3721 273445
Fax: +49 3721 273446
Mobile: +49 151 12412427
Web: http://www.agynamix.de
Am 04.04.2012 um 17:37 schrieb Emmanuel Eytan:
With PHP, if you want to make a resource visible only to some users, you put in a folder outside of what is shared by Apache but where PHP has read access. Then when the user tries of read it, if they are allowed, you open it with PHP's readfile() function. For Lift, what is the equivalent. The Siteman seems to allow any non-HTML file to be read. Can I make the Sitemap block images in a specific location for some users and not others?
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code
David Pollak
Apr 4, 2012, 12:51:16 PM4/4/12
to lif...@googlegroups.com
Lift runs on the Java Virtual Machine. You can call any Scala or Java code from your Lift app to access any external resources. So, you can use java.io.FileInputStream to read a file from the filesystem.
In order to serve files, please look at RestHelper and LiftRules.dispatch. You can put guards in the RestHelper serve {} block to determine if a resource should be served based on the current user.
On Wed, Apr 4, 2012 at 8:37 AM, Emmanuel Eytan <eje...@gmail.com> wrote:
With PHP, if you want to make a resource visible only to some users, you put in a folder outside of what is shared by Apache but where PHP has read access. Then when the user tries of read it, if they are allowed, you open it with PHP's readfile() function. For Lift, what is the equivalent. The Siteman seems to allow any non-HTML file to be read. Can I make the Sitemap block images in a specific location for some users and not others?
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code
Lift, the simply functional web framework http://liftweb.net
Everson Alves da Silva
Apr 4, 2012, 1:24:26 PM4/4/12
to lif...@googlegroups.com
A more concrete example of what David proposed would be: https://gist.github.com/2304000
Antonio Salazar Cardozo
Apr 4, 2012, 1:54:16 PM4/4/12
to lif...@googlegroups.com
Also worth mentioning is that, for reading arbitrary files from the filesystem, Lift comes with a couple of utility functions (in net.liftweb.util.IoHelpers, also included if you import Helpers._) such as readWholeFile (which gives you a Byte Array given a File), readWholeStream (same but given an InputStream), and readWholeThing (produces a String given a Java Reader object). Combined with Lift's LiftRules.getResource (if you have the file bundled in with your application), you can do something like:
val scriptContents:List[String] =
for {
scriptUri <- scripts.toList
scriptName = scriptUri.split("\\?")(0)
url <- LiftRules.getResource(scriptName)
reader <- tryo(new InputStreamReader(url.openStream, "UTF-8"))
} yield {
readWholeThing(reader)
}
I lifted this from some code I have lying around for taking a set of script names and reading their contents for YUI Compression purposes. I'll add that the tryo around the new InputStream will catch any IOExceptions and skip that file (because it won't produce a Full Box).
Thanks,
Antonio
Robert Marcano
Apr 4, 2012, 2:15:22 PM4/4/12
to lif...@googlegroups.com
If the file is something static and is part of the application (replaced
only when the application is updated) and you are deploying to a
standard JEE container, you can put the file inside WEB-INF folder
structure. By definition WEB-INF is never served by the web server, only
accessible by code from the application
LiftRules.defaultGetResource search classpath resources, then try the
standard ServletContext.getResource(). I think I would add the file to
WEB-INF, and use LiftRules.dispatch to make the file available to the
user after validation
Emmanuel Eytan
Apr 4, 2012, 7:36:18 PM4/4/12
to lif...@googlegroups.com
Torsten, this would work for inside an HTML page, but not for an actual image file. Lift delivers image files directly, as far as I can tell.
On Wednesday, April 4, 2012 12:51:16 PM UTC-4, David Pollak wrote:
David, I'll look into LiftRules and RestHelper. Most likely, they'll do what we need. Thanks.
On Wednesday, April 4, 2012 12:51:16 PM UTC-4, David Pollak wrote:
AGYNAMIX Torsten Uhlmann
Apr 5, 2012, 2:37:32 AM4/5/12
to lif...@googlegroups.com
Emmanuel,
yes, I was more or less describing the permission model for building a html page with snippets. I didn't really understand the OP's question too well- I think the OP had more a question on how to replace readfile than on how to allow or disallow access…
From a REST API for instance we serve the image in a Box[LiftResponse], and when the user is not allowed to see the image then you can decide what you serve instead, a default image or an error message for instance…
Thanks for pointing that out,
Torsten.
--
--
AGYNAMIX(R). Passionate Software.
Inh. Torsten Uhlmann | Buchenweg 5 | 09380 Thalheim
Phone: +49 3721 273445
Fax: +49 3721 273446
Mobile: +49 151 12412427
Web: http://www.agynamix.de
Inh. Torsten Uhlmann | Buchenweg 5 | 09380 Thalheim
Phone: +49 3721 273445
Fax: +49 3721 273446
Mobile: +49 151 12412427
Web: http://www.agynamix.de
Emmanuel Eytan
Apr 5, 2012, 12:29:37 PM4/5/12
to lif...@googlegroups.com
The goal is to allow only uploaded images after they've been moderated. I'll look at all those examples. They're really useful. Thanks.
Reply all
Reply to author
Forward
0 new messages