I want to serve files dynamically from behind the root of my web directory. Currently I'm serving all the files statically which I did just in order to include my javascripts and css files. I realize this is probably dumb but I'm not able to serve files any other way!

So, I want to serve files dynamically, without the user being able access at another time just by using a url.

My settings

ADMIN_MEDIA_PREFIX = '/media/'
MEDIA_ROOT = os.path.join( APP_DIR, 'site_media' )
MEDIA_URL = 'http://localhost:8000/site_media/'

My URLS

( r'^site_media/(?P<path>.*)$', 'django.views.static.serve', { 'document_root': settings.MEDIA_ROOT } )

Thanks!

What do you mean by "dynamically"? What is it that you're trying to achieve? Do you want to control access to the files?

If you want to run some Django-view that decides whether the user is allowed access to the file or not, you can use sendfile. See the following snippet for code on how to set the correct headers: http://djangosnippets.org/snippets/2226/

Your webserver also needs to support this header, at least apache and nginx which I've worked with does.

You also need to think about how to store and distribute the files as the server that is running the webserver needs access to the files. This will depend on your setup.

You could obfuscate the URLs in such a way that it'd be pretty hard to guess; this isn't at all secure but it would stop the casual poker-arounder. You'd also need to ensure that whatever you use to serve static media in production isn't set to display directory listings.

If you need something a little more secure, here's what I've done in the past:

In models.py:

my_storage = FileSystemStorage(location=settings.MY_FILES_ROOT, base_url='DO_NOT_USE')

class Resource (models.Model):
    //...snip...
    resource_file = models.FileField(storage = my_storage)

where settings.MY_FILES_ROOT is a path outside of where you keep your static files normally.

Then, in views.py:

def get_file(request, whatever_id):
    //check if the user is allowed to access the file here
    resource = Resource.objects.get(id=resid)
    response = HttpResponse(resource.resource_file.read(), mimetype='text/whatever')
    response['Content-Disposition'] = 'attachment; filename=whatever.ext'
    return response

Of course, this approach only works if you know the MIME type and file extension of the file, whether it's always the same (the app I did this in always served PDFs) or you extract it from the file.