def download_kalite(request, *args, **kwargs):
"""
A request to download KA Lite, either without zone info, or with it.
If with it, then we have to make sure it's OK for this user.
This endpoint is also set up to deal with platform, locale, and version,
though right now only direct URLs would set this (not via the download wizard).
"""
# Parse args
zone = get_object_or_None(Zone, id=kwargs.get('zone_id', None))
platform = kwargs.get("platform", "all")
locale = kwargs.get("locale", "en")
version = kwargs.get("version", kalite.VERSION)
if version == "latest":
version = kalite.VERSION
# Make sure this user has permission to admin this zone
if zone and not request.user.is_authenticated():
raise PermissionDenied(_("Requires authentication"))
elif zone:
zone_orgs = Organization.from_zone(zone)
if not zone_orgs or not set(
[org.id for org in zone_orgs]).intersection(
set(
get_or_create_user_profile(
request.user).get_organizations().keys())):
raise PermissionDenied(
_("You are not authorized to access this zone information."))
# Generate the zip file. Pre-specify the zip filename,
# as we won't know the output location otherwise.
zip_file = tempfile.mkstemp()[1]
call_command("package_for_download",
file=zip_file,
central_server=get_central_server_host(request),
**kwargs)
# Build the outgoing filename."
user_facing_filename = "kalite"
for val in [platform, locale, kalite.VERSION, zone.name if zone else None]:
user_facing_filename += ("-%s" %
val) if val not in [None, "", "all"] else ""
user_facing_filename += ".zip"
# Stream it back to the user
zh = open(zip_file, "rb")
response = HttpResponse(content=zh,
mimetype='application/zip',
content_type='application/zip')
response[
'Content-Disposition'] = 'attachment; filename="%s"' % user_facing_filename
# Not sure if we could remove the zip file here; possibly not,
# if it's a streaming response or byte-range reesponse
return response
def download_kalite(request, *args, **kwargs):
"""
A request to download KA Lite, either without zone info, or with it.
If with it, then we have to make sure it's OK for this user.
This endpoint is also set up to deal with platform, locale, and version,
though right now only direct URLs would set this (not via the download wizard).
"""
# Parse args
zone = get_object_or_None(Zone, id=kwargs.get('zone_id', None))
platform = kwargs.get("platform", "all")
locale = kwargs.get("locale", "en")
version = kwargs.get("version", kalite.VERSION)
if version == "latest":
version = kalite.VERSION
# Make sure this user has permission to admin this zone
if zone and not request.user.is_authenticated():
raise PermissionDenied(_("Requires authentication"))
elif zone:
zone_orgs = Organization.from_zone(zone)
if not zone_orgs or not set([org.id for org in zone_orgs]).intersection(set(get_or_create_user_profile(request.user).get_organizations().keys())):
raise PermissionDenied(_("You are not authorized to access this zone information."))
# Generate the zip file. Pre-specify the zip filename,
# as we won't know the output location otherwise.
zip_file = tempfile.mkstemp()[1]
call_command(
"package_for_download",
file=zip_file,
central_server=get_central_server_host(request),
**kwargs
)
# Build the outgoing filename."
user_facing_filename = "kalite"
for val in [platform, locale, kalite.VERSION, zone.name if zone else None]:
user_facing_filename += ("-%s" % val) if val not in [None, "", "all"] else ""
user_facing_filename += ".zip"
# Stream it back to the user
zh = open(zip_file,"rb")
response = HttpResponse(content=zh, mimetype='application/zip', content_type='application/zip')
response['Content-Disposition'] = 'attachment; filename="%s"' % user_facing_filename
# Not sure if we could remove the zip file here; possibly not,
# if it's a streaming response or byte-range reesponse
return response
def wrapper_fn_central(request, *args, **kwargs):
"""
The check for distributed servers already exists (require_login), so just use that below.
All this nuance is for the central server only.
"""
# inline import, to avoid unnecessary dependency on central server module
# on the distributed server.
from central.models import Organization
logged_in_user = request.user
assert not logged_in_user.is_anonymous(), "Wrapped by login_required!"
# Take care of superusers (Django admins).
if logged_in_user.is_superuser:
return handler(request, *args, **kwargs)
# Objects we're looking to verify
org = None; org_id = kwargs.get("org_id", None)
zone = None; zone_id = kwargs.get("zone_id", None)
facility = facility_from_request(request=request, *args, **kwargs)
device = None; device_id = kwargs.get("device_id", None)
user = get_user_from_request(request=request, *args, **kwargs)
# Validate user through facility
if user:
if not facility:
facility = user.facility
# Validate device through zone
if device_id:
device = get_object_or_404(Device, pk=device_id)
if not zone_id:
zone = device.get_zone()
if not zone:
raise PermissionDenied("You requested device information for a device without a zone. Only super users can do this!")
zone_id = zone.pk
# Validate device through zone
if facility:
if not zone_id:
zone = facility.get_zone()
if not zone:
raise PermissionDenied("You requested facility information for a facility with no zone. Only super users can do this!")
zone_id = zone.pk
# Validate zone through org
if zone_id and zone_id != "new":
zone = get_object_or_404(Zone, pk=zone_id)
if not org_id:
# Have to check if any orgs are accessible to this user.
for org in Organization.from_zone(zone):
if org.is_member(logged_in_user):
return handler(request, *args, **kwargs)
raise PermissionDenied("You requested information from an organization that you're not authorized on.")
if org_id and org_id != "new":
org = get_object_or_404(Organization, pk=org_id)
if not org.is_member(logged_in_user):
raise PermissionDenied("You requested information from an organization that you're not authorized on.")
elif zone_id and zone and org.zones.filter(pk=zone.pk).count() == 0:
raise PermissionDenied("This organization does not have permissions for this zone.")
# Made it through, we're safe!
return handler(request, *args, **kwargs)
def wrapper_fn_central(request, *args, **kwargs):
"""
The check for distributed servers already exists (require_login), so just use that below.
All this nuance is for the central server only.
"""
# inline import, to avoid unnecessary dependency on central server module
# on the distributed server.
from central.models import Organization
logged_in_user = request.user
assert not logged_in_user.is_anonymous(), "Wrapped by login_required!"
# Take care of superusers (Django admins).
if logged_in_user.is_superuser:
return handler(request, *args, **kwargs)
# Objects we're looking to verify
org = None; org_id = kwargs.get("org_id", None)
zone = None; zone_id = kwargs.get("zone_id", None)
facility = facility_from_request(request=request, *args, **kwargs)
device = None; device_id = kwargs.get("device_id", None)
user = get_user_from_request(request=request, *args, **kwargs)
# Validate user through facility
if user:
if not facility:
facility = user.facility
# Validate device through zone
if device_id:
device = get_object_or_404(Device, pk=device_id)
if not zone_id:
zone = device.get_zone()
if not zone:
raise PermissionDenied("You requested device information for a device without a zone. Only super users can do this!")
zone_id = zone.pk
# Validate device through zone
if facility:
if not zone_id:
zone = facility.get_zone()
if not zone:
raise PermissionDenied("You requested facility information for a facility with no zone. Only super users can do this!")
zone_id = zone.pk
# Validate zone through org
if zone_id and zone_id != "new":
zone = get_object_or_404(Zone, pk=zone_id)
if not org_id:
# Have to check if any orgs are accessible to this user.
for org in Organization.from_zone(zone):
if org.is_member(logged_in_user):
return handler(request, *args, **kwargs)
raise PermissionDenied("You requested information from an organization that you're not authorized on.")
if org_id and org_id != "new":
org = get_object_or_404(Organization, pk=org_id)
if not org.is_member(logged_in_user):
raise PermissionDenied("You requested information from an organization that you're not authorized on.")
elif zone_id and zone and org.zones.filter(pk=zone.pk).count() == 0:
raise PermissionDenied("This organization does not have permissions for this zone.")
# Made it through, we're safe!
return handler(request, *args, **kwargs)
