def serve_images(request, *, pk, path, pa="", pb=""):
document_root = safe_join(
f"/{settings.IMAGE_FILES_SUBDIRECTORY}", pa, pb, str(pk)
)
path = posixpath.normpath(path).lstrip("/")
name = safe_join(document_root, path)
try:
image = Image.objects.get(pk=pk)
except Image.DoesNotExist:
raise Http404("Image not found.")
try:
user, _ = TokenAuthentication().authenticate(request)
except (AuthenticationFailed, TypeError):
user = request.user
if user.has_perm("view_image", image):
create_download.apply_async(
kwargs={"creator_id": user.pk, "image_id": image.pk}
)
return protected_storage_redirect(name=name)
raise PermissionDenied
