def test_edit(self):
        """endpoint returns valid configuration for editor"""
        for i in range(3):
            self.override_acl({
                'max_attachment_size': 1000,
            })

            with open(TEST_DOCUMENT_PATH, 'rb') as upload:
                response = self.client.post(
                    reverse('misago:api:attachment-list'),
                    data={'upload': upload})
            self.assertEqual(response.status_code, 200)

        attachments = list(Attachment.objects.order_by('id'))

        attachments[0].uploader = None
        attachments[0].save()

        for attachment in attachments[:2]:
            attachment.post = self.post
            attachment.save()

        self.override_acl({
            'can_edit_posts': 1,
        })
        response = self.client.get(self.api_link)

        for attachment in attachments:
            add_acl(self.user, attachment)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(
            json.loads(smart_str(response.content)), {
                'id':
                self.post.pk,
                'api':
                self.post.get_api_url(),
                'post':
                self.post.original,
                'can_protect':
                False,
                'is_protected':
                self.post.is_protected,
                'poster':
                self.post.poster_name,
                'attachments': [
                    AttachmentSerializer(attachments[1],
                                         context={
                                             'user': self.user
                                         }).data,
                    AttachmentSerializer(attachments[0],
                                         context={
                                             'user': self.user
                                         }).data,
                ]
            })
    def post_editor(self, request, thread_pk, pk=None):
        thread = self.get_thread(request, thread_pk)
        post = self.get_post(request, thread, pk).unwrap()

        allow_edit_post(request.user, post)

        attachments = []
        for attachment in post.attachment_set.order_by('-id'):
            add_acl(request.user, attachment)
            attachments.append(attachment)
        attachments_json = AttachmentSerializer(attachments,
                                                many=True,
                                                context={
                                                    'user': request.user
                                                }).data

        return Response({
            'id':
            post.pk,
            'api':
            post.get_api_url(),
            'post':
            post.original,
            'attachments':
            attachments_json,
            'can_protect':
            bool(thread.category.acl['can_protect_posts']),
            'is_protected':
            post.is_protected,
            'poster':
            post.poster_name,
        })
Beispiel #3
0
    def create_attachment(self, request):
        upload = request.FILES.get('upload')
        if not upload:
            raise UploadError(_("No file has been uploaded."))

        user_roles = set(r.pk for r in request.user.get_roles())
        filetype = validate_filetype(upload, user_roles)
        validate_filesize(upload, filetype, request.user.acl_cache['max_attachment_size'])

        attachment = Attachment(
            secret=Attachment.generate_new_secret(),
            filetype=filetype,
            size=upload.size,
            uploader=request.user,
            uploader_name=request.user.username,
            uploader_slug=request.user.slug,
            uploader_ip=request.user_ip,
            filename=upload.name,
        )

        if is_upload_image(upload):
            try:
                attachment.set_image(upload)
            except IOError:
                raise UploadError(_("Uploaded image was corrupted or invalid."))
        else:
            attachment.set_file(upload)

        attachment.save()
        add_acl(request.user, attachment)

        return Response(AttachmentSerializer(attachment, context={'user': request.user}).data)
Beispiel #4
0
    def create(self, request):
        if not request.user.acl_cache['max_attachment_size']:
            raise PermissionDenied(_("You don't have permission to upload new files."))

        serializer = NewAttachmentSerializer(data=request.data, context={'request': request})
        serializer.is_valid(raise_exception=True)
        attachment = serializer.save()
        add_acl(request.user, attachment)
        return Response(AttachmentSerializer(attachment, context={'user': request.user}).data)
Beispiel #5
0
def update_attachments_caches(posts):
    for post in Post.objects.filter(pk__in=posts).iterator():
        attachments = post.attachment_set.order_by('id')
        post.attachments_cache = AttachmentSerializer(attachments, many=True).data
        for attachment in post.attachments_cache:
            del attachment['acl']
            del attachment['post']
            del attachment['uploader_ip']
        post.save()
 def sync_attachments_cache(self, post, attachments):
     if attachments:
         post.attachments_cache = AttachmentSerializer(attachments,
                                                       many=True).data
         for attachment in post.attachments_cache:
             del attachment['acl']
             del attachment['post']
     else:
         post.attachments_cache = None
     post.update_fields.append('attachments_cache')