Re: amazon s3 and django - Allow only the users from my website and not the anonymous users

Fri, 06 Feb 2015 09:41:42 -0800

It sounds like you want to use signed URLs. Since you're using storages, this should be the default if you use the "url" property. E.g., 

signed_url = status_obj.image.url
Then keep the file itself private. No one will be able to access it without a signed URL, and you can control who gets a signed URL in your Django app. 

_Nik

On 2/6/2015 7:51 AM, Kakar Nyori wrote:

I am using amazon s3 to store uploaded user images. My problems are:

- If I permit or grantee for me, I cannot upload or download the contents.
- If I permit or grantee for everyone, all the users and (especially) anonymous users will be able to see the contents, which I don't want.
So, my question is, what do I do so that only the users from my website can upload, download and delete the content? 

In that I have conditions that:

 1. Only the users (user1, user2, user3, ...) who are following the user
    (user0) can download/view the content?
 2. Only the user who uploaded the view can delete the content.

models.py:

*    def get_upload_file_name(instance, filename):*
*return "uploaded_files/%s_%s" %(str(time()).replace('.','_'), filename)*
*
*
*    PRIVACY = (*
*        ('H','Hide'),*
*        ('F','Followers'),*
*        ('A','All'),*
*    )*
*
*
*    class Status(models.Model):*
*        body = models.TextField(max_length=200)*
* image = models.ImageField(blank=True, null=True, upload_to=get_upload_file_name)* * privacy = models.CharField(max_length=1,choices=PRIVACY, default='F')* * pub_date = models.DateTimeField(auto_now_add=True, auto_now=False)* 
*        user = models.ForeignKey(User)*

settings.py:

*DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'*
*
*
*AWS_ACCESS_KEY_ID = 'AKIAJQWEN46SZLYWFDMMA'*
*
*
*AWS_SECRET_ACCESS_KEY = '2COjFM30gC+rty571E8eNSDYnTdV4cE3aEd1iFTH'*
*
*
*AWS_STORAGE_BUCKET_NAME = 'yesme'*
--
You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com <mailto:django-users+unsubscr...@googlegroups.com>. To post to this group, send email to django-users@googlegroups.com <mailto:django-users@googlegroups.com>. 
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/cbc5c0d5-cc42-4a67-9414-2fb74fceed1e%40googlegroups.com <https://groups.google.com/d/msgid/django-users/cbc5c0d5-cc42-4a67-9414-2fb74fceed1e%40googlegroups.com?utm_medium=email&utm_source=footer>. 
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/54D4FCDA.3030207%40consbio.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to