I would like to allow access to some media only when the content has a certain status, it could be from Draft to Published, or another property of that content-type. If the content is in draft, then only certain users would be allowed. The rule is finer than verifying roles.
Given this example: I add a Product with an image, but the product is not yet published, so nobody should be able to retrieve the image via a direct link, by guessing the link. In this case, the image would be posted to S3 private bucket, and then once it gets published I would like the image to be moved to the S3 public bucket where internet access is allowed.
Or vice-versa, I could change the status of a product from published to draft, and thus move the media from S3 public bucket to S3 private bucket. I could also use ACLs to manage the access on object levels inside S3 buckets.
For the moment I have no idea how to expose the direct link to S3 buckets since all data in the bucket would be public . For the moment, the buckets are private, and I have to proxy server the media download from the bucket and decide which ones requires user authentication via checking the status of the product.
So there are many solutions possible for me, but I think for the purpose of strapi, it would be interesting is that on the strapi media library we could have ACLs attached to the library, folder, or object level.