Defining permissions for uploaded files

I have a class ImageMediaItem which consists of name and uploaded media file.

I’m using django-protected-media package to ensure that only authenticated users can access uploaded media files.
Then I’m using django-rules to ensure permissions per ImageMediaItem object.

Even if I protected ImageMediaItem object, each authenticated user could still manually type the URL of the uploaded media file and view it no matter if he/she has permissions to ImageMediaItem object.

How could I solve this issue ?
Is it possible to apply specific permissions to each uploaded media file ?
Or is there any other approach to this topic ?

# ...
from rules.predicates import predicate
from rules.contrib.models import RulesModel
# ...
from protected_media.models import ProtectedFileField
from protected_media.models import ProtectedImageField
# ...
def can_view_mediaitem(user, media_item):
    if media_item.viewable_by.filter(
        return True
    return False

class ImageMediaItem(RulesModel):
    # Permissions
    class Meta: 
        rules_permissions = {
            "view": can_view_mediaitem,
    viewable_by = models.ManyToManyField(User)
    # other fields
    name = models.CharField(max_length=250)
    created_at = models.DateTimeField(auto_now_add=True)
    updated_at = models.DateTimeField(auto_now=True)
    # protected media
    file_path = ProtectedImageField(upload_to=image_file_path,
# ...

This answer may depend, in part, on how you’re serving media files in your production environment.

For example, if you’re using Nginx, see the ideas presented at Show external folder html content in django - #2 by KenWhitesell

Note that it doesn’t matter whether we’re talking about static or media files here - they’re both just files being referenced via URLs.