0

I am trying to write a job board / application system and I need the ability for clients to upload a CV and then share it with employers but I can't figure out the best way to do this. The CV needs to be kept private except for who it is shared with and there needs to be the ability for clients to update the cv after submitting it to an employer.

Is there a django app that does this already, or how would I go about setting up the privacy, file sharing etc so that the files can be copied and still private to just those shared with?

Designer023
  • 1,902
  • 1
  • 26
  • 43

2 Answers2

1

Use Apache's x-sendfile, for an example see: Having Django serve downloadable files

Store the files in a private folder. Django authorizes the request and let Apache serve the file using the x-sendfile header.

Community
  • 1
  • 1
Willian
  • 2,385
  • 15
  • 17
0
  1. Use S3, and django-storages.
  2. Upload the CV to S3, with the file set as private.
  3. Create a view which will fetch a given CV from the S3 bucket, producing an "expiring URL", or that will just fetch the raw data from S3 and pass it through to the user through a view.

The file's privacy is completely controlled this way.

You could also do this by storing the uploaded file outside of your projects STATICs directory (which is assumed to be publicly accessible), and doing step 3 for that.

Or, if you want to make a DBA's head explode, store the CV as a BLOB in the database and use a view in the same way.

Jack Shedd
  • 3,501
  • 20
  • 27