0

I'm working on a project using Python(3.7) and Django(2.5) in which I'm building an application something like a freelancing site, but I'm stuck at one point while implementing the delivery submission part.

A user will create a service to sell and then a buyer will order his service, after that the seller has to be done the agreed job and need to submit the work to the buyer as a delivery.

The delivery will be in the form of a file, can be a text file, image file, audio, video or a code file, the problem is that I don't know how I can implement this thing in Django, so a user can send a file to another user in a private manner, so only both of these users will be able to access that file.

Here's what I have so far, for order between buyer and seller:

class Order(models.Model):
    status_choices = (
        ('Active', 'Active'),
        ('Completed', 'Completed'),
        ('Late', 'Late'),
        ('Short', 'Short'),
        ('Canceled', 'Canceled'),
        ('Submitted', 'Submitted')
    )
    gig = models.ForeignKey('Gig', on_delete=models.CASCADE)
    seller = models.ForeignKey(User, on_delete=models.CASCADE, related_name='selling')
    buyer = models.ForeignKey(User, on_delete=models.CASCADE, related_name='buying')
    created_at = models.DateTimeField(auto_now=timezone.now())
    charge_id = models.CharField(max_length=234)
    days = models.IntegerField(blank=False)
    status = models.CharField(max_length=255, choices=status_choices)

    def __str__(self):
        return f'{self.buyer} order from {self.seller}'

Any idea to implement the file sharing as delivery between two authenticated users?

Thanks in advance!

Abdul Rehman
  • 5,326
  • 9
  • 77
  • 150
  • Logical _access_ to entities is not related to any aspects of Django. I see FKs here in your `Order` model draft, so you know how to split entities and connect them. What is your question? My guess is that you are stuck because of trying to imagin everything at once. "Private" and "share" are not part of Django framework. Draw entities and relations, then add security points. If you don't write code that controls access to objects and models then everyone can access anything with, for example, substituting/brootforcing urls. – Ivan Starostin Feb 26 '19 at 08:27
  • My main concern was the approach, how should I implement this thing? Should save the file on a third party server and then share the link with both user or something else? – Abdul Rehman Feb 26 '19 at 08:29
  • This is too broad, opinion based, about general concept not related to any programming language. – Ivan Starostin Feb 26 '19 at 08:32
  • I’m talking for this implementation in the context of Django. – Abdul Rehman Feb 26 '19 at 08:35

1 Answers1

0

There is a lot of ways you could implement this.

You can simply add a field for users who access to file and let them download the file whenever they asked for download if they are authenticated and they are allowed to download that specific file.

With your model you can do something like this:

Giving gig field is your file you can create a slug or basically any link for a file and when user clicked on it you can get all the orders for that user, then check for the files that the access has been granted with these orders and if the file that users requests to download is one of them, simply let him download it.

You can let a user download a file using X-Sendfile which helps you check if users are allowed to download file or not. Example here on stackoverflow

A sample code:

def download_file_view(request, file_id):
    if not request.user:
        # Redirect user or ...
    if not request.user.is_authenticated:
        # Redirect user or ...

    # Check if this user has any orders with that file linked to it:
    if Order.objects.filter(buyer=request.user, gig__pk=file_id).exists():
        # User has bought this file already and the download should be allowed.

You can check for expiration date and all sorts of things there.

Navid Zarepak
  • 4,148
  • 1
  • 12
  • 26