Efficiently serving large static files to many clients after login with Flask
You should look into using the X-Accel-Redirect
header.
Essentially your flask view will check permissions and if appropriate set a http header that instructs nginx to serve the file.
A quick google found this Gist which describes how to configure Flask + Nginx to work together in the manner you need.