How to make a private download area with django?

Question

I would like to implement a private download area on a website powered by django. The user would have to be logged in with the appropriate rights in order to be able to get some static files.

What would you recommend for writing this feature. Any tips or tricks?

Thanks in advance

Update: Maybe because of my bad english or my lack of knowledge about this architecture (that's why I am asking) but my question is: how to make sure that static files (served by the regular webserver without any need of django) access is controlled by the django authentication. I will read the django docs more carefully but i don't remember of an out-of-the-box solution for that problem.

Update2: My host provider only allows FastCgi.

Answer 1

So, searching I found this discussion thread.

There were three things said you might be interested in.

First there is the mod_python method
Then there is the mod_wsgi method

Both of which don't seem all that great.

Better is the X-Sendfile header which isn't fully standard, but works at least within apache, and lighttpd.

kibbitzing from here, we have the following.

@login_required
def serve_file(request, context):
    if <check if they have access to the file>:
        filename = "/var/www/myfile.xyz" 
        response = HttpResponse(mimetype='application/force-download') 
        response['Content-Disposition']='attachment;filename="%s"'%filename
        response["X-Sendfile"] = filename
        response['Content-length'] = os.stat("debug.py").st_size
        return response
    return <error state>

and that should be almost exactly what you want. Just make sure you turn on X-Sendfile support in whatever you happen to be using.