I have a blog on django on which any public can post. In post content I am using django-ckeditor RichTextUploadingField.
There is button Browse server for images in ckeditor, that let users browse images of server's upload directory and embed images in post.
But i want to restrict public from browsing images on server when they make post. They should be able upload images only, not browse every image on server that is uploaded.
Here is my models.py
class Article(models.Model):
title = models.CharField(max_length = 200)
content = RichTextUploadingField()
author = models.ForeignKey(User, on_delete= models.CASCADE, null=True)
def __str__(self):
return self.title
Forms.py
class ArticleForm(ModelForm):
class Meta:
model = Article
widgets = {
'content': RichTextUploadingField()
}
A direct setting to remove this functionality isnt provided but CKEDITOR_RESTRICT_BY_USER = True could be used to achieve the same.
Reference from the documentation:
Set the
CKEDITOR_RESTRICT_BY_USERsetting toTruein the project'ssettings.pyfile (defaultFalse). This restricts access to uploaded images to theuploading user(e.g. each user only sees and uploads their own images). Upload paths are prefixed by the string returned byget_username. IfCKEDITOR_RESTRICT_BY_USERis set to astring, the named property is used instead. Superusers can still see all images. NOTE: This restriction is only enforced within the CKEditor media browser.