Draft: Resolve "Check authorization for media downloads" (!36) · Merge requests · grouprise / grouprise

Robert requested to merge 740-check-authorization-for-media-downloads into main Jan 06, 2022

Implement download auth check for files (grouprise.features.files) and images (grouprise.features.files). See the packages' {urls,views}.py. File access is restricted based on the usage of the file. Image access cannot be restricted usefully, as images might be used anywhere in texts (and we cannot find out with reasonable effort). Nevertheless we have control over image access now and might want to utilize it in the future.

@lars, do you want to resolve the following issues now?

Configure nginx reverse proxy optimizations upon deployment
Leave old files accessible under current URL, hide new files

Closes #740 (closed)

Edited Jan 06, 2022 by Robert

Draft: Resolve "Check authorization for media downloads"

Merge request reports