Find solution
Is it possible to create hidden service with django?

Suspiciousoperation error when trying to read the default value of a django filefield, any clue?

  • I need to set up a model with a FileField in django, but, if the user doesn't give a value, i should set a default. However, my model definition is the following     class AutoAttendant(models.Model):         name = models.CharField(max_length=32)         t_menu_id = models.IntegerField()         t_menu_prompt = models.FileField(upload_to='user_menus', default='%suser_menus/ringtu_default.mp3' % settings.MEDIA_URL, \                 blank=True, null=False) I was reading and django prevents access to this field to any other path rather than the specified on the upload_to parameter, so i guess this should be correct But, then, I need to read this file and send it to an external web service and when i do the following:     send_to_ws(autoattendant_instance.t_menu_prompt.path) i get a SuspiciousOperation error, any clue here? Thank you very much. EDIT: Adding more info Here is what send_to_ws does:     def add_menu(self, filepath, menu='ROOT'):         method = self.service.set_menu_prompt         f = open(filepath, 'rb')         data = f.read()         mime_type = 'audio/mpeg'         bin_param = (data, mime_type)         request = self.factory.create('ns0:SetMenuPromptRequest')         request.i_menu = self.get_menu_id(menu)         request.prompt_type = 'menu'         request.prompt = http://f.name.split('/')[-1]         response = attach(method, bin_param, ATT_EP, request)         return response In this function i build a suds soap_request object and attach the file as a binary attachment. I think the real problem is that I do an open(file) directly in this function, is there any way to work around this? also, here is the traceback     Environment:             Request Method: GET     Request URL: http://127.0.0.1:8000/account/finish/         Django Version: 1.5     Python Version: 2.7.3     Installed Applications:     ('django.contrib.auth',      'django.contrib.contenttypes',      'django.contrib.sessions',      'django.contrib.sites',      'django.contrib.messages',      'django.contrib.staticfiles',      'django.contrib.admin',      'django.contrib.admindocs',      'gunicorn',      'django_extensions',      'south',      'compressor',      'ringtu',      'localization',      'profiles',      'services')     Installed Middleware:     ('django.middleware.common.CommonMiddleware',      'django.contrib.sessions.middleware.SessionMiddleware',      'django.middleware.csrf.CsrfViewMiddleware',      'django.contrib.auth.middleware.AuthenticationMiddleware',      'django.contrib.messages.middleware.MessageMiddleware')             Traceback:     File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/handlers/http://base.py" in get_response       115.                         response = callback(request, *callback_args, **callback_kwargs)     File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/contrib/auth/http://decorators.py" in _wrapped_view       25.                 return view_func(request, *args, **kwargs)     File "/home/israelord/Work/RingTu/proyecto/code/profiles/http://views.py" in account_finish       351.     upload = ph.add_menu(user)     File "/home/israelord/Work/RingTu/proyecto/code/profiles/http://helpers.py" in add_menu       57.     response_upload = attwpr.add_menu(att)     File "/home/israelord/Work/RingTu/proyecto/code/services/http://decorators.py" in _wrap       33.             result = f(*args, **kwargs)     File "/home/israelord/Work/RingTu/proyecto/code/services/http://autoattendant_wrapper.py" in add_menu       111.         data = att_instance.t_menu_prompt.read()     File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/http://utils.py" in <lambda>       16.     read = property(lambda self: self.file.read)     File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/db/models/fields/http://files.py" in _get_file       46.             self._file = self.storage.open(http://self.name, 'rb')     File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/http://storage.py" in open       36.         return self._open(name, mode)     File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/http://storage.py" in _open       159.         return File(open(self.path(name), mode))     File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/http://storage.py" in path       259.             raise SuspiciousOperation("Attempted access to '%s' denied." % name)         Exception Type: SuspiciousOperation at /account/finish/     Exception Value: Attempted access to '/media/user_menus/ringtu_default.mp3' denied.

  • Answer:

    "That path probably doesn't exist, and Django would need unrestricted access to your system in order to create it for you. Needless to say, not a good situation. That SuspiciousOperation is in place to help prevent Django from trying to accidentally read or write from places on your filesystem it shouldn't have access to" And please use http://stackoverflow.com/, its easier over there.

Niranjan Sukumaran at Quora Visit the source

Was this solution helpful to you?

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.