Documentation clarification

[SkiFamily]

Hi, First off let me thank you for all the work you have done to facilitate integrating S3 storage with wagtail.

However I am having a bit of trouble understanding the documentation, especially the privacy part of it, the read me states:

First, set up your S3 bucket. It must be configured to:

Have a name that matches the domain name, e.g. media.llamasavers.com.

Allow the user to perform the following actions on the bucket:
        s3:ListBucket
        s3:GetBucketLocation
        s3:ListBucketMultipartUploads
        s3:ListBucketVersions

Allow the user to perform all the actions (s3:*) on the objects within the bucket.
Allow the internet traffic to access Wagtail image renditions (images/*).

In my case images uploaded by my users must be private, while images uploaded by staff can be public ( don't have to be, all objects could be private and have generated signed urls to access the objects), is this not possible with this package ?

Moreover the setting part lists:
# Disables signing of the S3 objects' URLs. When set to True it # will append authorization querystring to each URL. AWS_QUERYSTRING_AUTH = False

Which means that none of the objects would be private ?

I will go on and test the various options, but I think the documentation would greatly benefit from being clearer on which privacy options are available :)

Thanks again for the great package, I'll be glad to contribute to the documentation if need be :)