I want to protect a file that resides in an apache so that it can only be downloaded if the user that is logged in is allowed. The case is that the django test server works without problems, but it had not fallen that in Apache this approach does not seem valid and I would like to know if there is any solution with this approach.
The initial idea is for a user to upload an attachment to a folder and only that user can download it.
For this we have the following code:
urls.py
url(r'^documentos/prueba(?P<path>.*)$'.format(settings.MEDIA_URL[1:]), protected_serve_prueba),
views.py
@login_required
def protected_serve_prueba(request, path, document_root='documentos'):
if _Una_condicion_cualquiera_ == request.user:
return serve(request, 'prueba'+path, document_root)
else:
return HttpResponse("Lo siento, no tiene permiso para acceder a ese archivo")
In the apache directive
Alias /documentos/prueba /var/www/prueba/documentos/prueba
At the moment I put the directive in the apache it ignores what I put in urls.py and it shows the attachment without verifying if it has permission or not for it.
What solutions can be had to this?
Thanks!