Uploading files in a webapp can be extremely tricky and sometimes the quickest way to do it is to store the file directly in the webserver or into a DNS (like Amazon S3) and then to save the link and the metadata inside a table in the DB. The thing is that you'll have to deal with file permissions, server storage, file management and so on (which is perfectly fine, by the way).
In this wiki, I try to implement a simple authorization schema without putting much logic inside a file
or into database table. We are constructing authorization hierarchy inside the controller. We are getting
roles for the current user from database table and assigning only roles to user that are declared in the
particular controller. We have brought down the work of loading of auth data at main
application level to controller level. This way we have pulverised auth data for entire site into smaller
units. Finally we are going to look at couple of examples.
Its very common now-a-days to have Mobile app for web apps. For Mobile apps we need web APIs to fetch data or even post/update on web. We found a very simple method to make such interface.
Mobile App can call plain get or post request and receive data back in JSON format. JSON is relatively easy for mobile app to handle while plain standard GET/POST request for easy for Web server to handle. This mixed approach saves lot of time on server side. We not really need to handle actual REST requests and still be able to exchange data between web and mobiles or ajax java-scripts or even node.js.