I have a django app where i can upload some pdfs.
Right know, i can acess the uploaded file in a url like: ip/media/id.pdf
but everyone can get access to the pdf even if they are not logged in.
I want it to be only accessed by the users, if they’re logged in.
So, how do I do this?
I have all the default stuff to media files, like:
MEDIA_ROOT = os.path.join(BASE_DIR, “media”)
MEDIA_URL = ‘/media/’
urlpatterns = [
path(‘admin/’, admin.site.urls, name=‘admin’),
] + static(settings.MEDIA_URL, document_root = settings.MEDIA_ROOT )
ps - my app was deployed using IIS
So typically, in a production environment, it’s your web server that is serving the static and media files, not Django.
In that environment, the web server needs to perform whatever protection is required. I know that nginx has a facility where it can send a request to Django to get authorization for serving a file. It also has some facilities for checking headers, etc if the tests are simpler. I don’t know what might be available in IIS for that same purpose, but that’s where I’d be looking first.
Thanks man! I will search for some info related to IIS
Ken Whitesell via Django Forum <email@example.com> escreveu no dia quarta, 19/04/2023 à(s) 12:36: