Change the privacy level of files on AWS S3

[deshraj]

Current Scenario

Currently, anyone can access the files using the S3 links. This creates a potential threat of getting the test annotations being exposed to the public if someone gets the URL. We want to protect the files to be only accessible from the particular hostnames by setting the policy in S3 and modify the Django views to give permission to the particular set of users.

Deliverables

• [ ] Add policy on S3 to restrict the access from particular hostnames (see this https://blog.botreetechnologies.com/aws-s3-file-upload-access-control-using-boto3-with-django-web-framework-11114de2d928 for more details)
• [ ] Update the Django view using which any file served as a media has to pass through a decorator which will check whether to give access of this file to the user or not (see this https://stackoverflow.com/questions/28364935/amazon-s3-and-django-allow-only-the-users-from-my-website-and-not-the-anonymou?answertab=active#tab-top to know how to implement this)

[nagpalm7]

Sir can i take up this issue! @deshraj

[yongzx]

@deshraj I assume this is still open. I will work on this issue.

[RishabhJain2018]

Sure @yongzx You can work on this.

[yongzx]

@deshraj @RishabhJain2018 For the first task, are the files referring to the submitted files in My Submission and View All Submission? And we are only restricting the access to the users who have logged in to the dashboard right?

[KhalidRmb]

@yongzx Are you working on this? If not, I would like to do this one. @RishabhJain2018 @deshraj

[yongzx]

You can work on this one.

[bismitaguha]

Is work on this issue done? Or can I take up this issue? @RishabhJain2018 @deshraj

[Bhargavamacha]

I would like to take the issue up if it's not done yet.

[shashwatdh]

@deshraj as the issue is still open, can I work on it?

[Zahed-Riyaz]

Is this issue free to work on? I'd like to work on it if so! @RishabhJain2018