Images from non public articles should be protected #36
Comments
sveetch
changed the title
sveetch
changed the title
sveetch
added
Enhancement
|
This could be achieved with a custom filefield like from https://medium.com/@hiteshgarg14/how-to-dynamically-select-storage-in-django-filefield-bc2e8f5883fd obviously with inheritance of the smartmedia field. Then Lotus should have two storage classes, one for public, another one for private. The usage of the second one should be conditioned to sendfile2 installation. Developers should be allowed to define a custom storage from setttings (for both public and private). And then the dynamic filefield will select the private storage if article is private or not where it would be the public one. There is however a matter of concern on how it will work when changing private status to public and vice versa since the file would have been saved in different storage. |
Is your feature request related to a problem? Please describe.
Currently image from draft/private/non published are just reachable from anyone that know its link.
Although it is planned to hash media filename, which will make it impossible to guess, this is not a solution since the link can still be shared or used elsewhere.
Describe the solution you'd like
Media from non public articles should be protected. The more obvious solution is to implement the common "sendfile" method for webservers, like with django-sendfile2
The text was updated successfully, but these errors were encountered: