def handle_protected_file(obj, event): if obj.getIsProtected(): api.portal.show_message( message=translate( _( u'message_protected_file', default=u'You are not allowed to delete the file "${file_title}".', mapping={ 'file_title': safe_unicode(obj.Title()), }, ), context=obj.REQUEST, ), request=obj.REQUEST, type='error' ) raise ValueError('Unable to delete a protected file.')
def __call__(self): self.file = self.request.get("file") if not self.file: raise BadRequest("No content provided.") self.filename = self.file.filename self.context.update(file=self.file, originFilename=self.filename) portal = api.portal.get() repository_tool = getToolByName(portal, "portal_repository") if repository_tool.isVersionable(self.context): # TODO: This creates another entry in the history resulting # in two consecutive history entries. repository_tool.save( self.context, comment=translate(_("File replaced with Drag & Drop."), context=self.request) ) notify(ObjectEditedEvent(self.context)) return json.dumps({"success": True})
from Products.validation import V_REQUIRED from Products.validation.config import validation from Products.validation.validators import RegexValidator from urllib import quote from ZODB.POSException import ConflictError from zope.interface import implements import logging origin_filename_validator = RegexValidator( 'isSafeOriginFilename', r'^[^\/]*$', title='', description='', errmsg=_( u'origin_filename_validator_error', default=u'The filename must not contain "/".' ) ) validation.register(origin_filename_validator) FileSchema = ATContentTypeSchema.copy() + atapi.Schema(( FileField( 'file', required=True, primary=True, searchable=True, languageIndependent=True, index_method='getIndexValue', storage=atapi.AnnotationStorage(migrate=True),
def upload(self): """Adds uploaded file. Required params: uploadfile, uploadtitle, uploaddescription """ context = aq_inner(self.context) self.request = context.REQUEST if not IFolderish.providedBy(context): context = aq_parent(context) request = context.REQUEST utility = getToolByName(context, "portal_tinymce") id_ = request["uploadfile"].filename content_type = request["uploadfile"].headers["Content-Type"] # check if container is ready to store images if self.is_temporary(context): return self.errorMessage( translate(_("Please save the object first" " to enable image upload."), context=self.request) ) # check mime type to make sure an image is uploaded if not is_image(content_type): return self.errorMessage(translate(_("Only image upload allowed."), context=self.request)) # Permission checks based on code by Danny Bloemendaal # 1) check if the current user has permissions to add stuff if not context.portal_membership.checkPermission("Add portal content", context): return self.errorMessage("You do not have permission to upload files in this folder") # 2) check image types uploadable in folder. # priority is to content_type_registry image type allowed_types = [t.id for t in context.getAllowedTypes()] tiny_image_types = utility.imageobjects.split("\n") uploadable_types = [] for typename in tiny_image_types: if typename in allowed_types: uploadable_types.append(typename) # Get an unused filename without path id_ = self.cleanupFilename(id_) for metatype in uploadable_types: try: newid = context.invokeFactory(type_name=metatype, id=id_) if newid is None or newid == "": newid = id_ break except ValueError: continue except BadRequest: return self.errorMessage(translate(_("Bad filename, please rename."), context=self.request)) else: return self.errorMessage( translate(_("Not allowed to upload a file of this type to this folder"), context=self.request) ) obj = getattr(context, newid, None) # Set title + description. # Attempt to use Archetypes mutator if there is one, in case it uses # a custom storage title = request["uploadtitle"] description = request["uploaddescription"] if description: try: obj.setDescription(description) except AttributeError: obj.description = description if HAS_DEXTERITY and IDexterityContent.providedBy(obj): if not self.setDexterityImage(obj): return self.errorMessage( translate(_("The content-type '%s' has no image-field!" % metatype), context=self.request) ) else: # set primary field pf = obj.getPrimaryField() pf.set(obj, request["uploadfile"]) if not obj: return self.errorMessage("Could not upload the file") if title and title is not "": obj.setTitle(title) else: obj.setTitle(obj.getFilename()) obj.reindexObject() folder = obj.aq_parent.absolute_url() if utility.link_using_uids: path = "resolveuid/%s" % (uuidFor(obj)) else: path = obj.absolute_url() return self.okMessage(path, folder)