标签归档:django-authentication

在Django中,如何检查用户是否在某个组中?

问题:在Django中,如何检查用户是否在某个组中?

我在Django的管理站点中创建了一个自定义组。

在我的代码中,我想检查用户是否在该组中。我怎么做?

I created a custom group in Django’s admin site.

In my code, I want to check if a user is in this group. How do I do that?


回答 0

您只需通过上的groups属性即可访问组User

from django.contrib.auth.models import User, Group

group = Group(name = "Editor")
group.save()                    # save this new group for this example
user = User.objects.get(pk = 1) # assuming, there is one initial user 
user.groups.add(group)          # user is now in the "Editor" group

然后user.groups.all()返回[<Group: Editor>]

另外,更直接地,您可以通过以下方式检查用户是否在群组中:

if django_user.groups.filter(name = groupname).exists():

    ...

注意,groupname可以是实际的Django组对象。

You can access the groups simply through the groups attribute on User.

from django.contrib.auth.models import User, Group

group = Group(name = "Editor")
group.save()                    # save this new group for this example
user = User.objects.get(pk = 1) # assuming, there is one initial user 
user.groups.add(group)          # user is now in the "Editor" group

then user.groups.all() returns [<Group: Editor>].

Alternatively, and more directly, you can check if a a user is in a group by:

if django_user.groups.filter(name = groupname).exists():

    ...

Note that groupname can also be the actual Django Group object.


回答 1

您的User对象通过ManyToMany关系链接到Group对象。

因此,您可以将filter方法应用于user.groups

因此,要检查给定的用户是否在某个组中(例如“成员”),只需执行以下操作:

def is_member(user):
    return user.groups.filter(name='Member').exists()

如果要检查给定用户是否属于多个给定组,请使用__in运算符,如下所示:

def is_in_multiple_groups(user):
    return user.groups.filter(name__in=['group1', 'group2']).exists()

请注意,这些功能可以与@user_passes_test装饰器一起使用,以管理对视图的访问:

from django.contrib.auth.decorators import login_required, user_passes_test
@login_required
@user_passes_test(is_member) # or @user_passes_test(is_in_multiple_groups)
def myview(request):
    # Do your processing

希望有帮助

Your User object is linked to the Group object through a ManyToMany relationship.

You can thereby apply the filter method to user.groups.

So, to check if a given User is in a certain group (“Member” for the example), just do this :

def is_member(user):
    return user.groups.filter(name='Member').exists()

If you want to check if a given user belongs to more than one given groups, use the __in operator like so :

def is_in_multiple_groups(user):
    return user.groups.filter(name__in=['group1', 'group2']).exists()

Note that those functions can be used with the @user_passes_test decorator to manage access to your views :

from django.contrib.auth.decorators import login_required, user_passes_test
@login_required
@user_passes_test(is_member) # or @user_passes_test(is_in_multiple_groups)
def myview(request):
    # Do your processing

Hope this help


回答 2

如果需要组中的用户列表,则可以改为:

from django.contrib.auth.models import Group
users_in_group = Group.objects.get(name="group name").user_set.all()

然后检查

 if user in users_in_group:
     # do something

检查用户是否在组中。

If you need the list of users that are in a group, you can do this instead:

from django.contrib.auth.models import Group
users_in_group = Group.objects.get(name="group name").user_set.all()

and then check

 if user in users_in_group:
     # do something

to check if the user is in the group.


回答 3

如果您不需要网站上的用户实例(就像我一样),可以使用

User.objects.filter(pk=userId, groups__name='Editor').exists()

这只会对数据库产生一个请求,并返回一个布尔值。

If you don’t need the user instance on site (as I did), you can do it with

User.objects.filter(pk=userId, groups__name='Editor').exists()

This will produce only one request to the database and return a boolean.


回答 4

如果用户属于某个组,则可以使用以下方法在Django模板中进行检查:

{% if group in request.user.groups.all %} "some action" {% endif %}

If a user belongs to a certain group or not, can be checked in django templates using:

{% if group in request.user.groups.all %} "some action" {% endif %}


回答 5

您只需要一行:

from django.contrib.auth.decorators import user_passes_test  

@user_passes_test(lambda u: u.groups.filter(name='companyGroup').exists())
def you_view():
    return HttpResponse("Since you're logged in, you can see this text!")

You just need one line:

from django.contrib.auth.decorators import user_passes_test  

@user_passes_test(lambda u: u.groups.filter(name='companyGroup').exists())
def you_view():
    return HttpResponse("Since you're logged in, you can see this text!")

回答 6

万一您想检查用户的组是否属于预定义的组列表,以防万一:

def is_allowed(user):
    allowed_group = set(['admin', 'lead', 'manager'])
    usr = User.objects.get(username=user)
    groups = [ x.name for x in usr.groups.all()]
    if allowed_group.intersection(set(groups)):
       return True
    return False

Just in case if you wanna check user’s group belongs to a predefined group list:

def is_allowed(user):
    allowed_group = set(['admin', 'lead', 'manager'])
    usr = User.objects.get(username=user)
    groups = [ x.name for x in usr.groups.all()]
    if allowed_group.intersection(set(groups)):
       return True
    return False

回答 7

我有类似的情况,我想测试用户是否在某个组中。因此,我创建了新文件utils.py,在其中放置了所有有助于整个应用程序的小型实用程序。在那里,我有这个定义:

utils.py

def is_company_admin(user):
    return user.groups.filter(name='company_admin').exists()

所以基本上我正在测试用户是否在company_admin组中,为了清楚起见,我将此函数称为is_company_admin

当我要检查用户是否在company_admin中时,只需执行以下操作:

views.py

from .utils import *

if is_company_admin(request.user):
        data = Company.objects.all().filter(id=request.user.company.id)

现在,如果您希望在模板中进行测试,则可以在上下文中添加is_user_admin,如下所示:

views.py

return render(request, 'admin/users.html', {'data': data, 'is_company_admin': is_company_admin(request.user)})

现在,您可以在模板中评估您的响应:

users.html

{% if is_company_admin %}
     ... do something ...
{% endif %}

简单而干净的解决方案,基于可以在该线程的较早版本中找到的答案,但是以不同的方式进行。希望它会帮助某人。

在Django 3.0.4中测试。

I have similar situation, I wanted to test if the user is in a certain group. So, I’ve created new file utils.py where I put all my small utilities that help me through entire application. There, I’ve have this definition:

utils.py

def is_company_admin(user):
    return user.groups.filter(name='company_admin').exists()

so basically I am testing if the user is in the group company_admin and for clarity I’ve called this function is_company_admin.

When I want to check if the user is in the company_admin I just do this:

views.py

from .utils import *

if is_company_admin(request.user):
        data = Company.objects.all().filter(id=request.user.company.id)

Now, if you wish to test same in your template, you can add is_user_admin in your context, something like this:

views.py

return render(request, 'admin/users.html', {'data': data, 'is_company_admin': is_company_admin(request.user)})

Now you can evaluate you response in a template:

users.html

{% if is_company_admin %}
     ... do something ...
{% endif %}

Simple and clean solution, based on answers that can be found earlier in this thread, but done differently. Hope it will help someone.

Tested in Django 3.0.4.


回答 8

一行:

'Groupname' in user.groups.values_list('name', flat=True)

这等于TrueFalse

In one line:

'Groupname' in user.groups.values_list('name', flat=True)

This evaluates to either True or False.


回答 9

我已经按照以下方式完成了。似乎效率低下,但我心中没有其他选择:

@login_required
def list_track(request):

usergroup = request.user.groups.values_list('name', flat=True).first()
if usergroup in 'appAdmin':
    tracks = QuestionTrack.objects.order_by('pk')
    return render(request, 'cmit/appadmin/list_track.html', {'tracks': tracks})

else:
    return HttpResponseRedirect('/cmit/loggedin')

I have done it the following way. Seems inefficient but I had no other way in my mind:

@login_required
def list_track(request):

usergroup = request.user.groups.values_list('name', flat=True).first()
if usergroup in 'appAdmin':
    tracks = QuestionTrack.objects.order_by('pk')
    return render(request, 'cmit/appadmin/list_track.html', {'tracks': tracks})

else:
    return HttpResponseRedirect('/cmit/loggedin')

回答 10

User.objects.filter(username='tom', groups__name='admin').exists()

该查询将通知您用户:“ tom”是否属于“ admin”组

User.objects.filter(username='tom', groups__name='admin').exists()

That query will inform you user : “tom” whether belong to group “admin ” or not


回答 11

我是这样做的。对于名为的组Editor

# views.py
def index(request):
    current_user_groups = request.user.groups.values_list("name", flat=True)
    context = {
        "is_editor": "Editor" in current_user_groups,
    }
    return render(request, "index.html", context)

模板

# index.html
{% if is_editor %}
  <h1>Editor tools</h1>
{% endif %}

I did it like this. For group named Editor.

# views.py
def index(request):
    current_user_groups = request.user.groups.values_list("name", flat=True)
    context = {
        "is_editor": "Editor" in current_user_groups,
    }
    return render(request, "index.html", context)

template

# index.html
{% if is_editor %}
  <h1>Editor tools</h1>
{% endif %}

让Django提供可下载文件

问题:让Django提供可下载文件

我希望站点上的用户能够下载路径被遮盖的文件,以便不能直接下载它们。

例如,我希望URL如下所示: http://example.com/download/?f=somefile.txt

在服务器上,我知道所有可下载文件都位于文件夹中/home/user/files/

有没有一种方法可以使Django提供该文件供下载,而不是尝试查找URL和查看以显示该文件?

I want users on the site to be able to download files whose paths are obscured so they cannot be directly downloaded.

For instance, I’d like the URL to be something like this: http://example.com/download/?f=somefile.txt

And on the server, I know that all downloadable files reside in the folder /home/user/files/.

Is there a way to make Django serve that file for download as opposed to trying to find a URL and View to display it?


回答 0

对于“两全其美”,您可以将S.Lott的解决方案与xsendfile模块结合使用:django生成文件(或文件本身)的路径,但是实际的文件服务由Apache / Lighttpd处理。设置mod_xsendfile后,与视图集成将需要几行代码:

from django.utils.encoding import smart_str

response = HttpResponse(mimetype='application/force-download') # mimetype is replaced by content_type for django 1.7
response['Content-Disposition'] = 'attachment; filename=%s' % smart_str(file_name)
response['X-Sendfile'] = smart_str(path_to_file)
# It's usually a good idea to set the 'Content-Length' header too.
# You can also set any other required headers: Cache-Control, etc.
return response

当然,只有在您可以控制服务器或托管公司已经设置了mod_xsendfile的情况下,这才起作用。

编辑:

django 1.7将mimetype替换为content_type

response = HttpResponse(content_type='application/force-download')  

编辑: 对于nginx检查,它使用X-Accel-Redirect而不是apacheX-Sendfile标头。

For the “best of both worlds” you could combine S.Lott’s solution with the xsendfile module: django generates the path to the file (or the file itself), but the actual file serving is handled by Apache/Lighttpd. Once you’ve set up mod_xsendfile, integrating with your view takes a few lines of code:

from django.utils.encoding import smart_str

response = HttpResponse(mimetype='application/force-download') # mimetype is replaced by content_type for django 1.7
response['Content-Disposition'] = 'attachment; filename=%s' % smart_str(file_name)
response['X-Sendfile'] = smart_str(path_to_file)
# It's usually a good idea to set the 'Content-Length' header too.
# You can also set any other required headers: Cache-Control, etc.
return response

Of course, this will only work if you have control over your server, or your hosting company has mod_xsendfile already set up.

EDIT:

mimetype is replaced by content_type for django 1.7

response = HttpResponse(content_type='application/force-download')  

EDIT: For nginx check this, it uses X-Accel-Redirect instead of apache X-Sendfile header.


回答 1

“下载”只是HTTP标头更改。

请参阅http://docs.djangoproject.com/en/dev/ref/request-response/#telling-the-browser-to-treat-the-response-as-a-file-attachment了解如何通过下载进行响应。

您只需要一个URL定义即可"/download"

请求GETPOST字典将包含该"f=somefile.txt"信息。

您的视图函数将简单地将基本路径与“ f”值合并,打开文件,创建并返回响应对象。它应该少于12行代码。

A “download” is simply an HTTP header change.

See http://docs.djangoproject.com/en/dev/ref/request-response/#telling-the-browser-to-treat-the-response-as-a-file-attachment for how to respond with a download.

You only need one URL definition for "/download".

The request’s GET or POST dictionary will have the "f=somefile.txt" information.

Your view function will simply merge the base path with the “f” value, open the file, create and return a response object. It should be less than 12 lines of code.


回答 2

对于一个非常简单但效率不高或可扩展的解决方案,您可以仅使用内置的django serve视图。这对于快速原型或一次性工作非常有用,但是正如在整个问题中已经提到的那样,在生产中应该使用apache或nginx之类的东西。

from django.views.static import serve
filepath = '/some/path/to/local/file.txt'
return serve(request, os.path.basename(filepath), os.path.dirname(filepath))

For a very simple but not efficient or scalable solution, you can just use the built in django serve view. This is excellent for quick prototypes or one-off work, but as has been mentioned throughout this question, you should use something like apache or nginx in production.

from django.views.static import serve
filepath = '/some/path/to/local/file.txt'
return serve(request, os.path.basename(filepath), os.path.dirname(filepath))

回答 3

S.Lott具有“良好” /简单的解决方案,而elo80ka具有“最佳” /高效的解决方案。这是一个“更好” /中间的解决方案-没有服务器设置,但是对于大型文件,比简单的修复更有效率:

http://djangosnippets.org/snippets/365/

基本上,Django仍会处理文件的提供,但不会立即将整个内容加载到内存中。这使您的服务器可以(缓慢地)提供一个大文件,而不会增加内存使用量。

同样,S.Lott的X-SendFile对于较大的文件仍然更好。但是,如果您不能或不想为此烦恼,那么此中间解决方案将为您带来更高的效率,而无需麻烦。

S.Lott has the “good”/simple solution, and elo80ka has the “best”/efficient solution. Here is a “better”/middle solution – no server setup, but more efficient for large files than the naive fix:

http://djangosnippets.org/snippets/365/

Basically, Django still handles serving the file but does not load the whole thing into memory at once. This allows your server to (slowly) serve a big file without ramping up the memory usage.

Again, S.Lott’s X-SendFile is still better for larger files. But if you can’t or don’t want to bother with that, then this middle solution will gain you better efficiency without the hassle.


回答 4

尝试过@Rocketmonkeys解决方案,但下载的文件存储为* .bin并具有随机名称。那当然不好。从@ elo80ka添加另一行解决了该问题。
这是我现在使用的代码:

from wsgiref.util import FileWrapper
from django.http import HttpResponse

filename = "/home/stackoverflow-addict/private-folder(not-porn)/image.jpg"
wrapper = FileWrapper(file(filename))
response = HttpResponse(wrapper, content_type='text/plain')
response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(filename)
response['Content-Length'] = os.path.getsize(filename)
return response

现在,您可以将文件存储在私有目录中(不在/ media或/ public_html内部),并通过django将它们公开给某些用户或在某些情况下。
希望能帮助到你。

感谢@ elo80ka,@ S.Lott和@Rocketmonkeys的答案,得到了结合所有这些的完美解决方案=)

Tried @Rocketmonkeys solution but downloaded files were being stored as *.bin and given random names. That’s not fine of course. Adding another line from @elo80ka solved the problem.
Here is the code I’m using now:

from wsgiref.util import FileWrapper
from django.http import HttpResponse

filename = "/home/stackoverflow-addict/private-folder(not-porn)/image.jpg"
wrapper = FileWrapper(file(filename))
response = HttpResponse(wrapper, content_type='text/plain')
response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(filename)
response['Content-Length'] = os.path.getsize(filename)
return response

You can now store files in a private directory (not inside /media nor /public_html) and expose them via django to certain users or under certain circumstances.
Hope it helps.

Thanks to @elo80ka, @S.Lott and @Rocketmonkeys for the answers, got the perfect solution combining all of them =)


回答 5

仅提及Django 1.10中可用的FileResponse对象

编辑:在搜索通过Django流文件的简单方法时遇到了我自己的答案,所以这是一个更完整的示例(对我而言)。假定FileField名称为imported_file

views.py

from django.views.generic.detail import DetailView   
from django.http import FileResponse
class BaseFileDownloadView(DetailView):
  def get(self, request, *args, **kwargs):
    filename=self.kwargs.get('filename', None)
    if filename is None:
      raise ValueError("Found empty filename")
    some_file = self.model.objects.get(imported_file=filename)
    response = FileResponse(some_file.imported_file, content_type="text/csv")
    # https://docs.djangoproject.com/en/1.11/howto/outputting-csv/#streaming-large-csv-files
    response['Content-Disposition'] = 'attachment; filename="%s"'%filename
    return response

class SomeFileDownloadView(BaseFileDownloadView):
    model = SomeModel

urls.py

...
url(r'^somefile/(?P<filename>[-\w_\\-\\.]+)$', views.SomeFileDownloadView.as_view(), name='somefile-download'),
...

Just mentioning the FileResponse object available in Django 1.10

Edit: Just ran into my own answer while searching for an easy way to stream files via Django, so here is a more complete example (to future me). It assumes that the FileField name is imported_file

views.py

from django.views.generic.detail import DetailView   
from django.http import FileResponse
class BaseFileDownloadView(DetailView):
  def get(self, request, *args, **kwargs):
    filename=self.kwargs.get('filename', None)
    if filename is None:
      raise ValueError("Found empty filename")
    some_file = self.model.objects.get(imported_file=filename)
    response = FileResponse(some_file.imported_file, content_type="text/csv")
    # https://docs.djangoproject.com/en/1.11/howto/outputting-csv/#streaming-large-csv-files
    response['Content-Disposition'] = 'attachment; filename="%s"'%filename
    return response

class SomeFileDownloadView(BaseFileDownloadView):
    model = SomeModel

urls.py

...
url(r'^somefile/(?P<filename>[-\w_\\-\\.]+)$', views.SomeFileDownloadView.as_view(), name='somefile-download'),
...

回答 6

上面提到过,mod_xsendfile方法不允许文件名中包含非ASCII字符。

出于这个原因,我有一个可用于mod_xsendfile的补丁,只要名称是url编码的,它将允许发送任何文件,以及附加的标头:

X-SendFile-Encoding: url

也发送。

http://ben.timby.com/?p=149

It was mentioned above that the mod_xsendfile method does not allow for non-ASCII characters in filenames.

For this reason, I have a patch available for mod_xsendfile that will allow any file to be sent, as long as the name is url encoded, and the additional header:

X-SendFile-Encoding: url

Is sent as well.

http://ben.timby.com/?p=149


回答 7

试试:https//pypi.python.org/pypi/django-sendfile/

“一旦Django检查了权限,将文件上传到Web服务器(例如,带有mod_xsendfile的Apache)的抽象提取。”

Try: https://pypi.python.org/pypi/django-sendfile/

“Abstraction to offload file uploads to web-server (e.g. Apache with mod_xsendfile) once Django has checked permissions etc.”


回答 8

您应该使用流行服务器(例如 生产环境)apachenginx生产环境中提供的sendfile api 。多年以来,我一直在使用这些服务器的sendfile api保护文件。然后创建了一个简单的基于django的中间件应用程序,适合开发和生产目的。您可以在此处访问源代码。
更新:在新版本中,python提供程序使用django(FileResponse如果可用),并且还增加了对从lighthttp,caddy到hiawatha的许多服务器实现的支持

用法

pip install django-fileprovider
  • fileprovider应用添加到INSTALLED_APPS设置,
  • 添加fileprovider.middleware.FileProviderMiddlewareMIDDLEWARE_CLASSES设置
  • FILEPROVIDER_NAME设置设置为生产nginxapache在生产中使用,默认情况下是python出于开发目的。

在基于类或函数的视图中,将响应头X-File值设置为文件的绝对路径。例如,

def hello(request):  
   // code to check or protect the file from unauthorized access
   response = HttpResponse()  
   response['X-File'] = '/absolute/path/to/file'  
   return response  

django-fileprovider 以仅需最小程度修改代码的方式实现。

Nginx配置

为了防止文件直接访问,您可以将配置设置为

 location /files/ {
  internal;
  root   /home/sideffect0/secret_files/;
 }

在这里nginx设置位置网址/files/只供内部访问,如果您使用上述配置,则可以将X-File设置为

response['X-File'] = '/files/filename.extension' 

通过使用nginx配置执行此操作,文件将受到保护,您也可以从Django控制文件 views

You should use sendfile apis given by popular servers like apache or nginx in production. Many years i was using sendfile api of these servers for protecting files. Then created a simple middleware based django app for this purpose suitable for both development & production purpose.You can access the source code here.
UPDATE: in new version python provider uses django FileResponse if available and also adds support for many server implementations from lighthttp, caddy to hiawatha

Usage

pip install django-fileprovider
  • add fileprovider app to INSTALLED_APPS settings,
  • add fileprovider.middleware.FileProviderMiddleware to MIDDLEWARE_CLASSES settings
  • set FILEPROVIDER_NAME settings to nginx or apache in production, by default it is python for development purpose.

in your classbased or function views set response header X-File value to absolute path to the file. For example,

def hello(request):  
   // code to check or protect the file from unauthorized access
   response = HttpResponse()  
   response['X-File'] = '/absolute/path/to/file'  
   return response  

django-fileprovider impemented in a way that your code will need only minimum modification.

Nginx configuration

To protect file from direct access you can set the configuration as

 location /files/ {
  internal;
  root   /home/sideffect0/secret_files/;
 }

Here nginx sets a location url /files/ only access internaly, if you are using above configuration you can set X-File as,

response['X-File'] = '/files/filename.extension' 

By doing this with nginx configuration, the file will be protected & also you can control the file from django views


回答 9

Django建议您使用另一台服务器来提供静态媒体(在同一台计算机上运行的另一台服务器就可以了。)他们建议使用诸如lighttp这样的服务器。

设置非常简单。然而。如果“ somefile.txt”是根据请求生成的(内容是动态的),那么您可能希望django提供它。

Django Docs-静态文件

Django recommend that you use another server to serve static media (another server running on the same machine is fine.) They recommend the use of such servers as lighttp.

This is very simple to set up. However. if ‘somefile.txt’ is generated on request (content is dynamic) then you may want django to serve it.

Django Docs – Static Files


回答 10

def qrcodesave(request): 
    import urllib2;   
    url ="http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=s&chld=H|0"; 
    opener = urllib2.urlopen(url);  
    content_type = "application/octet-stream"
    response = HttpResponse(opener.read(), content_type=content_type)
    response["Content-Disposition"]= "attachment; filename=aktel.png"
    return response 
def qrcodesave(request): 
    import urllib2;   
    url ="http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=s&chld=H|0"; 
    opener = urllib2.urlopen(url);  
    content_type = "application/octet-stream"
    response = HttpResponse(opener.read(), content_type=content_type)
    response["Content-Disposition"]= "attachment; filename=aktel.png"
    return response 

回答 11

另一个要研究的项目:http: //readthedocs.org/docs/django-private-files/en/latest/usage.html看起来不错,我自己还没有测试过。

基本上,该项目抽象了mod_xsendfile配置,并允许您执行以下操作:

from django.db import models
from django.contrib.auth.models import User
from private_files import PrivateFileField

def is_owner(request, instance):
    return (not request.user.is_anonymous()) and request.user.is_authenticated and
                   instance.owner.pk = request.user.pk

class FileSubmission(models.Model):
    description = models.CharField("description", max_length = 200)
        owner = models.ForeignKey(User)
    uploaded_file = PrivateFileField("file", upload_to = 'uploads', condition = is_owner)

Another project to have a look at: http://readthedocs.org/docs/django-private-files/en/latest/usage.html Looks promissing, haven’t tested it myself yet tho.

Basically the project abstracts the mod_xsendfile configuration and allows you to do things like:

from django.db import models
from django.contrib.auth.models import User
from private_files import PrivateFileField

def is_owner(request, instance):
    return (not request.user.is_anonymous()) and request.user.is_authenticated and
                   instance.owner.pk = request.user.pk

class FileSubmission(models.Model):
    description = models.CharField("description", max_length = 200)
        owner = models.ForeignKey(User)
    uploaded_file = PrivateFileField("file", upload_to = 'uploads', condition = is_owner)

回答 12

我再一次遇到了同样的问题,因此使用xsendfile模块和django-filelibrary的 auth视图修饰符实现了该问题。随意将其用作您自己的解决方案的灵感。

https://github.com/danielsokolowski/django-filelibrary

I have faced the same problem more then once and so implemented using xsendfile module and auth view decorators the django-filelibrary. Feel free to use it as inspiration for your own solution.

https://github.com/danielsokolowski/django-filelibrary


回答 13

使用https://github.com/johnsensible/django-sendfile提供对静态html文件夹的受保护访问:https : //gist.github.com/iutinvg/9907731


回答 14

我做了一个项目。你可以看一下我的github仓库:

https://github.com/nishant-boro/django-rest-framework-download-expert

该模块提供了一种使用Apache模块Xsendfile在django rest框架中提供文件下载服务的简单方法。它还具有附加功能,仅向属于特定组的用户提供下载服务

I did a project on this. You can look at my github repo:

https://github.com/nishant-boro/django-rest-framework-download-expert

This module provides a simple way to serve files for download in django rest framework using Apache module Xsendfile. It also has an additional feature of serving downloads only to users belonging to a particular group