def serve_images(request, *, pk, path, pa="", pb=""): document_root = safe_join( f"/{settings.IMAGE_FILES_SUBDIRECTORY}", pa, pb, str(pk) ) path = posixpath.normpath(path).lstrip("/") name = safe_join(document_root, path) try: image = Image.objects.get(pk=pk) except Image.DoesNotExist: raise Http404("Image not found.") try: user, _ = TokenAuthentication().authenticate(request) except (AuthenticationFailed, TypeError): user = request.user if user.has_perm("view_image", image): create_download.apply_async( kwargs={"creator_id": user.pk, "image_id": image.pk} ) return protected_storage_redirect(name=name) raise PermissionDenied