Django - Permissions in file upload
I'm trying to build a file sharing application using Django REST Framework in the backend. In order to upload files, I have the following field in my models:
user_file = models.FileField()
However, when a user uploads a file, that file is stored in the directory of the DRF project, and if I put the path of that file in a browser, every user can then access it as well. How can I prevent this? I've thought of having an Apache HHTPd server where there would be a folder for each user and when a user tries to access a file that was not uploaded my them, the backend would do that verification and would not allow it, but I don't know if that would solves the problem?
How can I do this?
Thanks
So in your
user_file = models.FileField()
mention your upload_to directory. you can set this directory to the user id (for example).
So every user will have its own directory, and all the images and files will go to this directory.
Now in the case of accessing files. read the url.
for example: localhost.8000/1/file1.jpg
This 1 is userId and the folder name, upload_to value mentioned in models.
if this value is != userId (WRITE THIS CHECK IN VIEWS), return some error message else return the file.