Searching for the best way to provide temporary access on resources for non-registered users with the rest-framework

[lnzy...@gmx.de]

 

Hi,

 

At the moment I am trying to figure out the best way to provide non-authenticated and non-registered users temporary (read and update) access to objects.

 

The first Idea I had was storing a token = models.CharField(max_length=64,unique=True) for every instance of the model which I then create in the serializer via:

def perform_create(self, serializer):

        serializer.save(owner=self.request.user, token =str(uuid.uuid4()))

 

Giving a non-registered user this token enables him to access this resource and update it, so everything is fine. From this side, but:

1. Realizing it in this way, results in the user having unlimited access (in regards to time) to that resource. I would like to limit the possible access in regards to time via TimestampSigner from the django.core.signing package by also storing a max_age per item and using that to verify the token and the age via signer.unsign(token, max_age=toke_age). Unfortunately I do not know how to integrate such a mechanic in the rest-framework in combination with the generics.RetrieveUpdateAPIView
2. Maybe there are better ways to archive that goal? I could overwrite the token after the specific max_age is exceeded so that only the authenticated owner gets access to it and the non-registered user will no longer be in possession of the token for this item.

Thoughts? Hints? Solutions for the TimestampSigner approach?

Best Regards,

Mike