amazon s3 and django - Allow only the users from my website and not the anonymous users
26 views
Skip to first unread message
Kakar Nyori
Feb 6, 2015, 10:51:23 AM2/6/15
to django...@googlegroups.com
I am using amazon s3 to store uploaded user images. My problems are:
- If I permit or grantee for me, I cannot upload or download the contents.
- If I permit or grantee for everyone, all the users and (especially) anonymous users will be able to see the contents, which I don't want.
So, my question is, what do I do so that only the users from my website can upload, download and delete the content?
In that I have conditions that:
1. Only the users (user1, user2, user3, ...) who are following the user
(user0) can download/view the content?
2. Only the user who uploaded the view can delete the content.
models.py:
def get_upload_file_name(instance, filename):
return "uploaded_files/%s_%s" %(str(time()).replace('.','_'), filename)
PRIVACY = (
('H','Hide'),
('F','Followers'),
('A','All'),
)
class Status(models.Model):
body = models.TextField(max_length=200)
image = models.ImageField(blank=True, null=True, upload_to=get_upload_file_name)
privacy = models.CharField(max_length=1,choices=PRIVACY, default='F')
pub_date = models.DateTimeField(auto_now_add=True, auto_now=False)
user = models.ForeignKey(User)
settings.py:
DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'
AWS_ACCESS_KEY_ID = 'AKIAJQWEN46SZLYWFDMMA'
AWS_SECRET_ACCESS_KEY = '2COjFM30gC+rty571E8eNSDYnTdV4cE3aEd1iFTH'
AWS_STORAGE_BUCKET_NAME = 'yesme'
Nikolas Stevenson-Molnar
Feb 6, 2015, 12:40:50 PM2/6/15
to django...@googlegroups.com
It sounds like you want to use signed URLs. Since you're using
storages, this should be the default if you use the "url" property.
E.g.,
signed_url = status_obj.image.url
Then keep the file itself private. No one will be able to access it without a signed URL, and you can control who gets a signed URL in your Django app.
_Nik
signed_url = status_obj.image.url
Then keep the file itself private. No one will be able to access it without a signed URL, and you can control who gets a signed URL in your Django app.
_Nik
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/cbc5c0d5-cc42-4a67-9414-2fb74fceed1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Kakar Nyori
Feb 7, 2015, 8:58:18 AM2/7/15
to django...@googlegroups.com
Hello,
thank you for the response. Could you please give an example as to how to do that above mentioned?
Thank you.
Reply all
Reply to author
Forward
0 new messages