diff --git a/opentech/apply/funds/models/submissions.py b/opentech/apply/funds/models/submissions.py
index 5193385f9a8e2fbeb3bd6b3b34649d4efdde311d..fff610cbcd07b2e7b836ed6392eb2973572d56ba 100644
--- a/opentech/apply/funds/models/submissions.py
+++ b/opentech/apply/funds/models/submissions.py
@@ -24,6 +24,7 @@ from opentech.apply.activity.messaging import messenger, MESSAGES
from opentech.apply.stream_forms.blocks import UploadableMediaBlock
from opentech.apply.stream_forms.models import BaseStreamForm
+from opentech.storage_backends import PrivateMediaStorage
from .mixins import AccessFormData
from .utils import LIMIT_TO_STAFF, LIMIT_TO_STAFF_AND_REVIEWERS, WorkflowHelpers
@@ -40,10 +41,6 @@ from ..workflow import (
)
-storage_settings = getattr(settings, 'APPLY_STORAGE_CONFIG', {})
-submission_storage = DefaultStorage(**storage_settings)
-
-
class JSONOrderable(models.QuerySet):
json_field = ''
@@ -357,7 +354,7 @@ class ApplicationSubmission(
def save_path(self, file_name):
file_path = os.path.join('submissions', 'user', str(self.user.id), file_name)
- return submission_storage.generate_filename(file_path)
+ return PrivateMediaStorage.generate_filename(file_path)
def handle_file(self, file):
# File is potentially optional
@@ -368,11 +365,11 @@ class ApplicationSubmission(
# file is not changed, it is still the dictionary
return file
- saved_name = submission_storage.save(filename, file)
+ saved_name = PrivateMediaStorage.save(filename, file)
return {
'name': file.name,
'path': saved_name,
- 'url': submission_storage.url(saved_name),
+ 'url': PrivateMediaStorage.url(saved_name),
}
def handle_files(self, files):
diff --git a/opentech/settings/base.py b/opentech/settings/base.py
index a0d7b706963fa1c6754bb399690b3e751c1de7ab..4f834ef00404f4bffb51e94f5e895e170ca5d91f 100644
--- a/opentech/settings/base.py
+++ b/opentech/settings/base.py
@@ -379,35 +379,26 @@ else:
# S3 configuration
if 'AWS_STORAGE_BUCKET_NAME' in env:
- DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
+ DEFAULT_FILE_STORAGE = 'opentech.storage_backends.PublicMediaStorage'
AWS_STORAGE_BUCKET_NAME = env['AWS_STORAGE_BUCKET_NAME']
- AWS_SECRET_ACCESS_KEY = env['AWS_SECRET_ACCESS_KEY'],
- AWS_ACCESS_KEY_ID = env['AWS_ACCESS_KEY_ID'],
- AWS_QUERYSTRING_AUTH = False
- AWS_S3_FILE_OVERWRITE = False
+
+ if 'AWS_PUBLIC_BUCKET_NAME' in env:
+ AWS_PUBLIC_BUCKET_NAME = env['AWS_PUBLIC_BUCKET_NAME']
+ else:
+ AWS_PUBLIC_BUCKET_NAME = env['AWS_STORAGE_BUCKET_NAME']
+
+ if 'AWS_PRIVATE_BUCKET_NAME' in env:
+ AWS_PRIVATE_BUCKET_NAME = env['AWS_PRIVATE_BUCKET_NAME']
+ else:
+ AWS_PRIVATE_BUCKET_NAME = env['AWS_STORAGE_BUCKET_NAME']
if 'AWS_S3_CUSTOM_DOMAIN' in env:
AWS_S3_CUSTOM_DOMAIN = env['AWS_S3_CUSTOM_DOMAIN']
- if 'AWS_S3_SECURE_URLS' in env:
- AWS_S3_SECURE_URLS = (
- env['AWS_S3_SECURE_URLS'].strip().lower() == 'true'
- )
-
INSTALLED_APPS += (
'storages',
)
- if 'APPLY_AWS_BUCKET_NAME' in env:
- # Provide settings to access a secure bucket for apply documents
- # Uses defaults from above if not provided
- APPLY_STORAGE_CONFIG = {
- 'AWS_STORAGE_BUCKET_NAME': env['APPLY_AWS_BUCKET_NAME'],
- 'AWS_QUERYSTRING_AUTH': True,
- 'AWS_DEFAULT_ACL': 'private',
- 'AWS_BUCKET_ACL': 'private',
- }
-
MAILCHIMP_API_KEY = env.get('MAILCHIMP_API_KEY')
MAILCHIMP_LIST_ID = env.get('MAILCHIMP_LIST_ID')
diff --git a/opentech/storage_backends.py b/opentech/storage_backends.py
new file mode 100644
index 0000000000000000000000000000000000000000..8dfa86cc69011d05be9b9ff1e8c1402cb83be1ae
--- /dev/null
+++ b/opentech/storage_backends.py
@@ -0,0 +1,20 @@
+from django.conf import settings
+from storages.backends.s3boto3 import S3Boto3Storage
+
+
+class PublicMediaStorage(S3Boto3Storage):
+ bucket_name = settings.AWS_PUBLIC_BUCKET_NAME
+ file_overwrite = False
+ querystring_auth = False
+ url_protocol = 'https:'
+
+
+class PrivateMediaStorage(S3Boto3Storage):
+ bucket_acl = 'private'
+ bucket_name = settings.AWS_PRIVATE_BUCKET_NAME
+ custom_domain = False
+ default_acl = 'private'
+ encryption = True
+ file_overwrite = False
+ querystring_auth = True
+ url_protocol = 'https:'