Closed jstet closed 8 months ago
Are there pain points/risks associated with this? In particular are there currently/planned files on directus that should not be available via public access? Is described use case relevant, i.e. the following
Conceptually this sounds like a tough problem to solve and maybe understanding what needs to be private will help with solution design.
I would just introduce the policy to not upload files on directus that are not meant to be public @friep
agree. we should not use directus for sensitive file storage anyway. the only files (as in pdfs... ) that come to mind that might be uploaded are materials like the Geschäftsordnung of the ethics committee etc. that are supposed to be public.
if this is a need that arises more consistently we could still introduce fields like "drive_folder" or "nextcloud_folder" that gives ability to link to storage locations
todo: document this policy
Generally it would also be possible to change all the svelte API requests to happen server side, where an access token could be provided securely for non-public directus data. We can keep it in mind as an option, but it definitely simplifies development if we don't have this constraint.
documented this on gitbook
One apparently has to enable this to have access to files that are linked in other Collections. Or this there another way?