python – After authorization on the site, the user has access only to his files

Question:

Tell me how in Django to allow an authorized user to download certain (intended for him) files? To prevent this link from downloading the file in another browser or computer. And another authorized user could only download their own files, not someone else's.

Found two solutions: django-downloadview and django-sendfile . You can also use HttpResponse .

As I understand it is possible to use it with small files. Example:

def download(request):
    my_data = 'some xls file'
    response = HttpResponse(my_data, content_type='application/vnd.ms-excel')
    response['Content-Disposition'] = 'attachment; filename=file.xls'
    return response

Answer:

In django-sendfile, you can use different backends that are responsible for transferring the file itself.

The sendfile.backends.development and sendfile.backends.simple return a file using Django, and all the file transfer logic goes through python and Django.

Other backends use various mechanisms that send instructions to the web server (apache, nginx, lighthttpd) with information about which file to transfer. In this case, Django generates a custom response with a header that contains the file path and understands the web server, X-Sendfile, Location, or X-Accept-Redirect. However, this method requires the web server to support any of the above headers. In this case, the entire burden of transferring the file falls on the shoulders of the web server, not Django, and you can use this method in production.

Scroll to Top