0

All user-generated media files are stored in GridFS. Currently I need to implement some kind of access-system, based on permissions for files GridFS.

For example, we have file in GridFS, called "passwords.txt", and only users, that have permission "allowed_to_download_passwords", can actually get access to that file.

What I have found is using http://wiki.nginx.org/XSendfile with Django view, that will check permissions and return correct response for nginx. It works with file-system media storage, but how can I implement that with GridFS? I already have seen nginx-gridfs, but seems, like it is too old and unmaintainable...

Are there any other options, that can be used in production?

Dmitrijs Zubriks
  • 2,696
  • 6
  • 22
  • 33

1 Answers1

0

When you upload a file with GridFS, you can add some tags or properties for that file too. For example,

GridFSInputFile gInputFile = gridfs.createFile(inputStream, filename);
gInputFile.put("read_permissions", "allowed_to_download_passwords");
gInputFile.put("write_permissions", "allowed_to_change_passwords");

Now the file you uploaded will have two properties. If someone tries to read the file, you will look if the User has the "allowed_to_download_passwords" permission. If the User doesn't have that permission, than he/she read the file because the file requires "allowed_to_change_passwords" permission.

This approach needs some more programming effort.

I highly recommend you to consider using Apache ManifoldCF

ramazan polat
  • 7,111
  • 1
  • 48
  • 76