python - django文件下载权限怎么处理

Question

涉及到文件下载权限控制，这方面一般怎么实现呢？有没有一些现成的库呢？

简单说，就是实现a.file这个文件，只允许特定用户，如jonh下载。

Answer 1

Done, thank you.

1.Write a view

def download_key(request, key_file):
    user = request.user
    if not user.is_active:
        return HttpResponseForbidden(u'此文件需要登录才可访问')
    key = KeysManager.objects.get(key_file=key_file)
    if not user.is_superuser or user not in key.who_can_see.all():
        return HttpResponseForbidden(u'您没有权限访问些文件')
    key_file_path = os.path.join(key.key_file.storage.location, key.key_file.name)
    ret = FileResponse(open(key_file_path))
    ret['Content-Disposition'] = 'attachment; filename="%s"' % key.key_file.name
    return ret

2. Hang on the url

    url(r'^keys/download/(?P<key_file>.*)$', turing.views.filedown.download_key)

Answer 2

This may not be an issue that the framework should manage. You can write something for permission management, and then use the decorator to hang it on the view function to determine whether it has sufficient permissions.