In my localhost server, I was able to restrict users from accessing pdf media files which they are not supposed to access given that they are not the uploader of the file or the admin of the system.
The problem is that when I tried to deploy my application, the restriction on my media files no longer works.
This is my urls.py
urlpatterns = [ path('media/pdf/<str:path>', views.pdf, name='pdf'), ]
if settings.DEBUG:
urlpatterns += static(settings.MEDIA_URL, document_root= settings.MEDIA_ROOT)
And my MEDIA_URL and MEDIA_ROOT in settings.py:
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
Also my debug is still set to TRUE in deployment, could this also be the problem?
Related
I have recently put my website into production. I am using a company to host my projects on their servers and everything is working perfectly apart from when I upload images.
The uploading its self works and they are uploaded to the base/static/images/images folder correctly. But the website its self when uploading through django admin are trying to pull the images from the public_html/images/images folder. What would I need to change for either the images to be pulled from correct folder or images to be uploaded to correct folder. Below is my settings for my static files.
STATIC_URL = 'static/'
MEDIA_URL = 'images/'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static')
]
MEDIA_ROOT = os.path.join(BASE_DIR, 'static/images')
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
Try placing this in your main urls.py file:
from django.contrib.staticfiles.urls import static
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
urlpatterns = [
]
urlpatterns += staticfiles_urlpatterns()
urlpatterns += static(settings.MEDIA_URL, document_root = settings.MEDIA_ROOT)
I want to access logs easily on my app so I created a page for that, I click on a button and it download the log.
But I get a 404 error when I try to do that, I've set static files and media files
here are my settings
STATIC_URL = 'static/'
STATICFILES_DIRS = [
"frontend/static",
]
MEDIA_URL = 'media/'
MEDIA_ROOT = os.path.join(os.path.dirname(BASE_DIR), 'media')
LOG_URL = 'static/logs/'
LOG_ROOT = os.path.join(os.path.dirname(BASE_DIR), 'static/logs')
and here are my urls
urlpatterns += static(settings.LOG_URL, document_root = settings.LOG_ROOT)
urlpatterns += static(settings.MEDIA_URL, document_root = settings.MEDIA_ROOT)
It works when I access /media/path/to/media.file, but not for /static/logs/path/to/logs.txt, it's the same configuration for both urls so I know I miss a point, but how could I fix it? Is it because I used static and not media? Thx a lot
It depends how you deployed your Django application?
Better add media/log folder path while serving application on the web.
Per other posts on this subject, I followed the advice at https://bestprogrammingblogs.blogspot.com/2021/03/django-static-files-not-working-when-debug-is-false.html to serve static files when debug is false.
The site advises to make changes to Settings and URLs respectively
STATIC_URL = '/static/'
MEDIA_URL = '/media/'
if DEBUG:
STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static')]
else:
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
and in URLs
re_path(r'^media/(?P<path>.*)$', serve,{'document_root': settings.MEDIA_ROOT}),
re_path(r'^static/(?P<path>.*)$', serve,{'document_root': settings.STATIC_ROOT}),
path('admin/', admin.site.urls),
For some reason, my local admin works but the AWS admin site does not. Do I need to tune anything on the AWS side to get this working? My environment variables don't explicitly have any static settings at the moment.
I'm not sure that article is correct, you have to always define STATIC_ROOT, you can also define STATICFILES_DIRS if you want, both settings are not related to DEBUG status
I've set things for the setting and the URLs as follow but it doesn't load the images from media directory:
settings.py:
STATIC_URL = '/static/'
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, '/media/')
urls.py:
urlpatterns = [
path('create/', views.image_create, name='create'),
path('detail/<int:id>/<slug:slug>/', views.image_detail, name='detail'),
]
if settings.DEBUG:
urlpatterns += static(settings.MEDIA_URL,
document_root=settings.MEDIA_ROOT)
this is the link generated for the page: https://127.0.0.1:8000/images/detail/1/django-and-duke/
and the link for the image: https://127.0.0.1:8000/media/images/2020/08/02/django-and-duke.jpg
I have another app named accounts and if I add the base URL of account to the first of this media URLs it works! but I know they are separated from each other.
if you need other parts of code please tell me.
Remove the slashes in os.path.join(BASE_DIR, '/media/')
If any argument to os.path.join begins with a slash / it will overwrite all previous arguments. You're currently setting MEDIA_ROOT to be /media/
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
This urls.py of base project
urlpatterns = urlpatterns + static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT)
This is the settings.py
STATIC_URL = '/static/'
STATICFILES_DIRS=[
os.path.join(BASE_DIR,'static')
]
STATIC_ROOT=os.path.join(BASE_DIR,'assets')
MEDIA_URL ='/media/'
MEDIA_ROOT = os.path.join(BASE_DIR,'media')
This code is to add items to the database dynamically and i am not able to understand why is he adding the urlpatterns.
He is adding media urls to the url patterns. So for example if you had an image or video or something stored in your django project, you can use the browser to access these files at MEDIA_URL. In the settings.py, you are setting MEDIA_URL (where you can go in the browser '/media/'), to point to the contents of your MEDIA_ROOT (the 'media' folder)