Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
User-Restricted Resource Access for media endpoint? #1049
I'm using the User-Restricted Resource Access feature by setting the AUTH_FIELD setting. I've also enabled the media endpoint for files uploaded as part of one of my apps endpoints.
But I noticed that users have access to each others files when using the media endpoint. (They can't access the resource the file is connected to because that endpoint is respecting the AUTH_FIELD setting).
I'd like for users only to be able to access media linked to resources they have access to. Is it feasible/desirable that this should be a part of Eve? If not does anyone have any advice how I could implement something myself to do this using the hook system or a custom Flask route maybe?
I just raised a new issue on this (trying to raise more attention as i think this is a fairly big issue). Thinking about it, maybe it is possible to do a pre-check: