Uploaded media files to be seen only by logged in users

I have a django app where i can upload some pdfs.
Right know, i can acess the uploaded file in a url like: ip/media/id.pdf
but everyone can get access to the pdf even if they are not logged in.
I want it to be only accessed by the users, if they’re logged in.

So, how do I do this?

I have all the default stuff to media files, like:

MEDIA_ROOT = os.path.join(BASE_DIR, “media”)
MEDIA_URL = ‘/media/’

urlpatterns = [
path(‘admin/’, admin.site.urls, name=‘admin’),
path(‘’, include(‘home.urls’)),
path(‘myapp/’, include(‘myapp.urls’)),
] + static(settings.MEDIA_URL, document_root = settings.MEDIA_ROOT )

ps - my app was deployed using IIS

So typically, in a production environment, it’s your web server that is serving the static and media files, not Django.

In that environment, the web server needs to perform whatever protection is required. I know that nginx has a facility where it can send a request to Django to get authorization for serving a file. It also has some facilities for checking headers, etc if the tests are simpler. I don’t know what might be available in IIS for that same purpose, but that’s where I’d be looking first.

Thanks man! I will search for some info related to IIS

Ken Whitesell via Django Forum <notifications@djangoproject.discoursemail.com> escreveu no dia quarta, 19/04/2023 à(s) 12:36: