I have a (AT Blob) file that users upload to a Plone 4.3 site.
It contains names and dates and is used by a view to display 'who has birthday today.
I want to disable download of the file.
What would be the best way of doing this?
PS: I also have dexterity content types on the site, so making a new content type is also an option.
I always feel reluctant to call something "the best".
One approach could be: you change the permission to role mapping for this file (--> .../manage_access) removing the "View" permission from those roles you want to prevent from downloading (this should prevent view and download) (be careful, workflow may control this permission and undo your manual changes; usually "File" has no workflow - but otherwise, surprises are possible). Of course, you now must provide special means to views presenting this file (as by default, they no longer can view it). For this, you can use so called "proxy roles". They are assignable via the ZMI to page templates and can be defined in "*.metadata" files for "FSPageTemplate" objects. To set proxy roles in Python code, you can use dm.zopepatches.security (to be found on PyPI) -- more precisely, the functions defined in its proxy module.