def popup_thumbbig(self, req):
access = AccessData(req)
if (not access.hasAccess(self, "data")
and not dozoom(self)) or not access.hasAccess(self, "read"):
req.write(t(req, "permission_denied"))
return
thumbbig = None
for file in self.getFiles():
if file.getType() == "thumb2":
thumbbig = file
break
if not thumbbig:
self.popup_fullsize(req)
else:
im = PILImage.open(thumbbig.retrieveFile())
req.writeTAL(
"contenttypes/image.html", {
"filename":
'/file/' + str(self.id) + '/' + thumbbig.getName(),
"width": im.size[0],
"height": im.size[1]
},
macro="thumbbig")
def send_nodefile_tal(req):
if "file" in req.params:
return upload_for_html(req)
id = req.params.get("id")
node = tree.getNode(id)
access = AccessData(req)
if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write') and access.hasAccess(node, 'data') and node.type in ["directory", "collections", "collection"]):
return ""
def fit(imagefile, cn):
# fits the image into a box with dimensions cn, returning new width and
# height
try:
sz = PIL.Image.open(imagefile).size
(x, y) = (sz[0], sz[1])
if x > cn[0]:
y = (y * cn[0]) / x
x = (x * cn[0]) / x
if y > cn[1]:
x = (x * cn[1]) / y
y = (y * cn[1]) / y
return (x, y)
except:
return cn
# only pass images to the file browser
files = [f for f in node.getFiles() if f.mimetype.startswith("image")]
# this flag may switch the display of a "delete" button in the customs
# file browser in web/edit/modules/startpages.html
showdelbutton = True
return req.getTAL("web/edit/modules/startpages.html", {"id": id, "node": node, "files": files, "fit": fit, "logoname": node.get("system.logo"), "delbutton": True}, macro="fckeditor_customs_filemanager")
def popup_fullsize(self, req):
access = AccessData(req)
if not access.hasAccess(self, "data") or not access.hasAccess(self, "read"):
req.write(t(req, "permission_denied"))
return
for f in self.getFiles():
if f.getType() == "doc" or f.getType() == "document":
req.sendFile(f.retrieveFile(), f.getMimeType())
return
def popup_fullsize(self, req):
access = AccessData(req)
if not access.hasAccess(self, "data") or not access.hasAccess(
self, "read"):
req.write(t(req, "permission_denied"))
return
for f in self.getFiles():
if f.getType() == "doc" or f.getType() == "document":
req.sendFile(f.retrieveFile(), f.getMimeType())
return
def popup_fullsize(self, req):
access = AccessData(req)
if not access.hasAccess(self, "data") or not access.hasAccess(self, "read"):
req.write(t(req, "permission_denied"))
return
f = ""
for filenode in self.getFiles():
if filenode.getType() in ("original", "video"):
f = "/file/" + str(self.id) + "/" + filenode.getName()
break
req.writeTAL("contenttypes/flash.html", {"path": f}, macro="fullsize")
def export(req):
p = req.path[1:].split("/")
access = AccessData(req)
if len(p) != 2:
req.error(404, "Object not found")
return
if p[0].isdigit():
try:
node = tree.getNode(p[0])
except:
return req.error(404, "Object not found")
else:
return req.error(404, "Object not found")
if not access.hasAccess(node, "read"):
req.write(t(req, "permission_denied"))
return
mask = getMetaType(node.getSchema()).getMask(p[1])
if mask:
try:
req.reply_headers['Content-Type'] = "text/plain; charset=utf-8"
req.write(mask.getViewHTML([node],
flags=8)) # flags =8 -> export type
except tree.NoSuchNodeError:
return req.error(404, "Object not found")
else:
req.error(404, "Object not found")
return
def export(req):
p = req.path[1:].split("/")
access = AccessData(req)
if len(p) != 2:
req.error(404, "Object not found")
return
if p[0].isdigit():
try:
node = tree.getNode(p[0])
except:
return req.error(404, "Object not found")
else:
return req.error(404, "Object not found")
if not access.hasAccess(node, "read"):
req.write(t(req, "permission_denied"))
return
mask = getMetaType(node.getSchema()).getMask(p[1])
if mask:
try:
req.reply_headers['Content-Type'] = "text/plain; charset=utf-8"
req.write(mask.getViewHTML([node], flags=8)) # flags =8 -> export type
except tree.NoSuchNodeError:
return req.error(404, "Object not found")
else:
req.error(404, "Object not found")
return
def popup_fullsize(self, req):
def videowidth():
return int(self.get('vid-width') or 0) + 64
def videoheight():
int(self.get('vid-height') or 0) + 53
access = AccessData(req)
if not access.hasAccess(self, "data") or not access.hasAccess(
self, "read"):
req.write(t(req, "permission_denied"))
return
f = None
for filenode in self.getFiles():
if filenode.getType() in [
"original", "video"
] and filenode.retrieveFile().endswith('flv'):
f = "/file/%s/%s" % (self.id, filenode.getName())
break
script = ""
if f:
script = '<p href="%s" style="display:block;width:%spx;height:%spx;" id="player"/p>' % (
f, videowidth(), videoheight())
# use jw player
captions_info = getCaptionInfoDict(self)
if captions_info:
logger.info(
"video: '%s' (%s): captions: dictionary 'captions_info': %s" %
(self.name, self.id, captions_info))
context = {
"file": f,
"script": script,
"node": self,
"width": videowidth(),
"height": videoheight(),
"captions_info": json.dumps(captions_info),
}
req.writeTAL("contenttypes/video.html",
context,
macro="fullsize_flv_jwplayer")
def update_node(req, path, params, data, id):
# get the user and verify the signature
if params.get('user'):
user = users.getUser(params.get('user'))
userAccess = AccessData(user=user)
if userAccess.user:
valid = userAccess.verify_request_signature(req.fullpath, params)
if not valid:
userAccess = None
else:
userAccess = None
else:
user = users.getUser('Gast')
userAccess = AccessData(user=user)
node = tree.getNode(id)
# check user access
if userAccess and userAccess.hasAccess(node, "write"):
pass
else:
s = "No Access"
req.write(s)
d = {
'status': 'fail',
'html_response_code': '403',
'errormessage': 'no access'
}
return d['html_response_code'], len(s), d
node.name = params.get('name')
metadata = json.loads(params.get('metadata'))
# set provided metadata
for key, value in metadata.iteritems():
node.set(u(key), u(value))
# service flags
node.set("updateuser", user.getName())
node.set("updatetime", format_date())
node.setDirty()
d = {
'status': 'OK',
'html_response_code': '200',
'build_response_end': time.time()
}
s = "OK"
# we need to write in case of POST request, send as buffer wil not work
req.write(s)
req.reply_headers['updatetime'] = node.get('updatetime')
return d['html_response_code'], len(s), d
def popup_thumbbig(self, req):
access = AccessData(req)
if (not access.hasAccess(self, "data") and not dozoom(self)) or not access.hasAccess(self, "read"):
req.write(t(req, "permission_denied"))
return
thumbbig = None
for file in self.getFiles():
if file.getType() == "thumb2":
thumbbig = file
break
if not thumbbig:
self.popup_fullsize(req)
else:
im = PILImage.open(thumbbig.retrieveFile())
req.writeTAL("contenttypes/image.html", {"filename": '/file/' + str(self.id) + '/' +
thumbbig.getName(), "width": im.size[0], "height": im.size[1]}, macro="thumbbig")
def send_file(req, download=0):
access = AccessData(req)
id, filename = splitpath(req.path)
if id.endswith("_transfer.zip"):
id = id[:-13]
try:
n = tree.getNode(id)
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(n, "data") and n.type not in ["directory", "collections", "collection"]:
return 403
file = None
if filename is None and n:
# build zip-file and return it
zipfilepath, files_written = build_transferzip(n)
if files_written == 0:
return 404
send_result = req.sendFile(zipfilepath, "application/zip")
if os.sep == '/': # Unix?
os.unlink(zipfilepath) # unlinking files while still reading them only works on Unix/Linux
return send_result
# try full filename
for f in n.getFiles():
if f.getName() == filename:
incUsage(n)
file = f
break
# try only extension
if not file and n.get("archive_type") == "":
file_ext = os.path.splitext(filename)[1]
for f in n.getFiles():
if os.path.splitext(f.getName())[1] == file_ext and f.getType() in ['doc', 'document', 'original', 'mp3']:
incUsage(n)
file = f
break
if existMetaField(n.getSchema(), 'nodename'):
display_file_name = '{}.{}'.format(os.path.splitext(os.path.basename(n.name))[0], os.path.splitext(filename)[-1].strip('.'))
else:
display_file_name = filename
# try file from archivemanager
if not file and n.get("archive_type") != "":
am = archivemanager.getManager(n.get("archive_type"))
req.reply_headers["Content-Disposition"] = 'attachment; filename="{}"'.format(display_file_name)
return req.sendFile(am.getArchivedFileStream(n.get("archive_path")), "application/x-download")
if not file:
return 404
req.reply_headers["Content-Disposition"] = 'attachment; filename="{}"'.format(display_file_name)
return req.sendFile(file.retrieveFile(), f.getMimeType())
def send_nodefile_tal(req):
if "file" in req.params:
return upload_for_html(req)
id = req.params.get("id")
node = tree.getNode(id)
access = AccessData(req)
if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write')
and access.hasAccess(node, 'data')
and node.type in ["directory", "collections", "collection"]):
return ""
def fit(imagefile, cn):
# fits the image into a box with dimensions cn, returning new width and
# height
try:
sz = PIL.Image.open(imagefile).size
(x, y) = (sz[0], sz[1])
if x > cn[0]:
y = (y * cn[0]) / x
x = (x * cn[0]) / x
if y > cn[1]:
x = (x * cn[1]) / y
y = (y * cn[1]) / y
return (x, y)
except:
return cn
# only pass images to the file browser
files = [f for f in node.getFiles() if f.mimetype.startswith("image")]
# this flag may switch the display of a "delete" button in the customs
# file browser in web/edit/modules/startpages.html
showdelbutton = True
return req.getTAL("web/edit/modules/startpages.html", {
"id": id,
"node": node,
"files": files,
"fit": fit,
"logoname": node.get("system.logo"),
"delbutton": True
},
macro="fckeditor_customs_filemanager")
def getPrintChildren(req, node, ret):
access = AccessData(req)
for c in node.getChildren():
if access.hasAccess(c, "read"):
ret.append(c)
getPrintChildren(req, c, ret)
return ret
def getPrintChildren(req, node, ret):
access = AccessData(req)
for c in node.getChildren():
if access.hasAccess(c, "read"):
ret.append(c)
getPrintChildren(req, c, ret)
return ret
def update_node(req, path, params, data, id):
# get the user and verify the signature
if params.get('user'):
user = users.getUser(params.get('user'))
userAccess = AccessData(user=user)
if userAccess.user:
valid = userAccess.verify_request_signature(req.fullpath, params)
if not valid:
userAccess = None
else:
userAccess = None
else:
user = users.getUser('Gast')
userAccess = AccessData(user=user)
node = tree.getNode(id)
# check user access
if userAccess and userAccess.hasAccess(node, "write"):
pass
else:
s = "No Access"
req.write(s)
d = {
'status': 'fail',
'html_response_code': '403',
'errormessage': 'no access'}
return d['html_response_code'], len(s), d
node.name = params.get('name')
metadata = json.loads(params.get('metadata'))
# set provided metadata
for key, value in metadata.iteritems():
node.set(u(key), u(value))
# service flags
node.set("updateuser", user.getName())
node.set("updatetime", format_date())
node.setDirty()
d = {
'status': 'OK',
'html_response_code': '200',
'build_response_end': time.time()}
s = "OK"
# we need to write in case of POST request, send as buffer wil not work
req.write(s)
req.reply_headers['updatetime'] = node.get('updatetime')
return d['html_response_code'], len(s), d
def show_attachmentbrowser(req):
id = req.params.get("id")
node = getNode(id)
access = AccessData(req)
if not access.hasAccess(node, "data"):
req.write(t(req, "permission_denied"))
return
# if node.getContentType().startswith("document") or node.getContentType().startswith("dissertation"):
# node.getAttachmentBrowser(req)
from core.attachment import getAttachmentBrowser
getAttachmentBrowser(node, req)
def show_attachmentbrowser(req):
id = req.params.get("id")
node = getNode(id)
access = AccessData(req)
if not access.hasAccess(node, "data"):
req.write(t(req, "permission_denied"))
return
# if node.getContentType().startswith("document") or node.getContentType().startswith("dissertation"):
# node.getAttachmentBrowser(req)
from core.attachment import getAttachmentBrowser
getAttachmentBrowser(node, req)
def getAccessRights(node):
""" Get acccess rights for the public.
The values returned descend from
http://wiki.surffoundation.nl/display/standards/info-eu-repo/#info-eu-repo-AccessRights.
This values are used by OpenAIRE portal.
"""
try: # if node.get('updatetime') is empty, the method parse_date would raise an exception
l_date = parse_date(node.get('updatetime'))
except:
l_date = date.now()
guestAccess = AccessData(user=users.getUser('Gast'))
if date.now() < l_date:
return "embargoedAccess"
elif guestAccess.hasAccess(node, 'read'):
if guestAccess.hasAccess(node, 'data'):
return "openAccess"
else:
return "restrictedAccess"
else:
return "closedAccess"
def getAccessRights(node):
""" Get acccess rights for the public.
The values returned descend from
http://wiki.surffoundation.nl/display/standards/info-eu-repo/#info-eu-repo-AccessRights.
This values are used by OpenAIRE portal.
"""
try: # if node.get('updatetime') is empty, the method parse_date would raise an exception
l_date = parse_date(node.get('updatetime'))
except:
l_date = date.now()
guestAccess = AccessData(user=users.getUser('Gast'))
if date.now() < l_date:
return "embargoedAccess"
elif guestAccess.hasAccess(node, 'read'):
if guestAccess.hasAccess(node, 'data'):
return "openAccess"
else:
return "restrictedAccess"
else:
return "closedAccess"
def send_rawimage(req):
access = AccessData(req)
try:
n = tree.getNode(splitpath(req.path)[0])
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(n, "data") and n.type != "directory":
return 403
for f in n.getFiles():
if f.getType() == "original":
return req.sendFile(f.retrieveFile(), f.getMimeType())
return 404
def popup_fullsize(self, req):
access = AccessData(req)
d = {}
svg = 0
if (not access.hasAccess(self, "data") and not dozoom(self)) or not access.hasAccess(self, "read"):
req.write(t(req, "permission_denied"))
return
zoom_exists = 0
for file in self.getFiles():
if file.getType() == "zoom":
zoom_exists = 1
if file.getName().lower().endswith('svg') and file.type == "original":
svg = 1
d["svg"] = svg
d["width"] = self.get("origwidth")
d["height"] = self.get("origheight")
d["key"] = req.params.get("id", "")
# we assume that width==origwidth, height==origheight
d['flash'] = dozoom(self) and zoom_exists
d['tileurl'] = "/tile/" + self.id + "/"
req.writeTAL("contenttypes/image.html", d, macro="imageviewer")
def send_doc(req):
access = AccessData(req)
try:
n = tree.getNode(splitpath(req.path)[0])
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(n, "data") and n.type != "directory":
return 403
for f in n.getFiles():
if f.getType() in ["doc", "document"]:
incUsage(n)
return req.sendFile(f.retrieveFile(), f.getMimeType())
return 404
def send_rawimage(req):
access = AccessData(req)
try:
n = tree.getNode(splitpath(req.path)[0])
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(n, "data") and n.type != "directory":
return 403
for f in n.getFiles():
if f.getType() == "original":
incUsage(n)
return req.sendFile(f.retrieveFile(), f.getMimeType())
return 404
def popup_fullsize(self, req):
def videowidth():
return int(self.get('vid-width') or 0) + 64
def videoheight():
int(self.get('vid-height') or 0) + 53
access = AccessData(req)
if not access.hasAccess(self, "data") or not access.hasAccess(self, "read"):
req.write(t(req, "permission_denied"))
return
f = None
for filenode in self.getFiles():
if filenode.getType() in ["original", "video"] and filenode.retrieveFile().endswith('flv'):
f = "/file/%s/%s" % (self.id, filenode.getName())
break
script = ""
if f:
script = '<p href="%s" style="display:block;width:%spx;height:%spx;" id="player"/p>' % (f, videowidth(), videoheight())
# use jw player
captions_info = getCaptionInfoDict(self)
if captions_info:
logger.info("video: '%s' (%s): captions: dictionary 'captions_info': %s" % (self.name, self.id, captions_info))
context = {
"file": f,
"script": script,
"node": self,
"width": videowidth(),
"height": videoheight(),
"captions_info": json.dumps(captions_info),
}
req.writeTAL("contenttypes/video.html", context, macro="fullsize_flv_jwplayer")
def send_attachment(req):
access = AccessData(req)
id, filename = splitpath(req.path)
try:
node = tree.getNode(id)
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(node, "data") and n.type != "directory":
return 403
# filename is attachment.zip
for file in node.getFiles():
if file.getType() == "attachment":
sendZipFile(req, file.retrieveFile())
break
def send_attachment(req):
access = AccessData(req)
id, filename = splitpath(req.path)
try:
node = tree.getNode(id)
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(node, "data") and n.type != "directory":
return 403
# filename is attachment.zip
for file in node.getFiles():
if file.getType() == "attachment":
sendZipFile(req, file.retrieveFile())
break
def popup_fullsize(self, req):
access = AccessData(req)
d = {}
svg = 0
if (not access.hasAccess(self, "data")
and not dozoom(self)) or not access.hasAccess(self, "read"):
req.write(t(req, "permission_denied"))
return
zoom_exists = 0
for file in self.getFiles():
if file.getType() == "zoom":
zoom_exists = 1
if file.getName().lower().endswith(
'svg') and file.type == "original":
svg = 1
d["svg"] = svg
d["width"] = self.get("origwidth")
d["height"] = self.get("origheight")
d["key"] = req.params.get("id", "")
# we assume that width==origwidth, height==origheight
d['flash'] = dozoom(self) and zoom_exists
d['tileurl'] = "/tile/" + self.id + "/"
req.writeTAL("contenttypes/image.html", d, macro="imageviewer")
def send_rawfile(req, n=None):
access = AccessData(req)
if not n:
id, filename = splitpath(req.path)
n = None
try:
n = tree.getNode(id)
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(n, "data") and n.getContentType() not in ["directory", "collections", "collection"]:
return 403
for f in n.getFiles():
if f.getType() == "original":
return req.sendFile(f.retrieveFile(n), f.getMimeType(n))
return 404
def send_attfile(req):
access = AccessData(req)
f = req.path[9:].split('/')
try:
node = getNode(f[0])
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(node, "data") and node.type != "directory":
return 403
if len([file for file in node.getFiles() if file._path in ["/".join(f[1:]), "/".join(f[1:-1])]]) == 0: # check filepath
return 403
filename = clean_path("/".join(f[1:]))
path = join_paths(config.get("paths.datadir"), filename)
mime, type = getMimeType(filename)
if(get_filesize(filename) > 16 * 1048576):
req.reply_headers["Content-Disposition"] = 'attachment; filename="{}"'.format(filename)
return req.sendFile(path, mime)
def send_rawfile(req, n=None):
access = AccessData(req)
if not n:
id, filename = splitpath(req.path)
n = None
try:
n = tree.getNode(id)
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(n, "data") and n.getContentType() not in [
"directory", "collections", "collection"
]:
return 403
for f in n.getFiles():
if f.getType() == "original":
incUsage(n)
return req.sendFile(f.retrieveFile(n), f.getMimeType(n))
return 404
def send_attfile(req):
access = AccessData(req)
f = req.path[9:].split('/')
try:
node = getNode(f[0])
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(node, "data") and node.type != "directory":
return 403
if len([
file for file in node.getFiles()
if file._path in ["/".join(f[1:]), "/".join(f[1:-1])]
]) == 0: # check filepath
return 403
filename = clean_path("/".join(f[1:]))
path = join_paths(config.get("paths.datadir"), filename)
mime, type = getMimeType(filename)
if (get_filesize(filename) > 16 * 1048576):
req.reply_headers[
"Content-Disposition"] = 'attachment; filename="{}"'.format(
filename)
return req.sendFile(path, mime)
def upload_for_html(req):
user = users.getUserFromRequest(req)
datatype = req.params.get("datatype", "image")
id = req.params.get("id")
node = tree.getNode(id)
access = AccessData(req)
if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write')
and access.hasAccess(node, 'data')):
return 403
for key in req.params.keys():
if key.startswith("delete_"):
filename = key[7:-2]
for file in n.getFiles():
if file.getName() == filename:
n.removeFile(file)
if "file" in req.params.keys(): # file
# file upload via (possibly disabled) upload form in custom image
# browser
file = req.params["file"]
del req.params["file"]
if hasattr(file, "filesize") and file.filesize > 0:
try:
logger.info(user.name + " upload " + file.filename + " (" +
file.tempname + ")")
nodefile = importFile(file.filename, file.tempname)
node.addFile(nodefile)
req.request["Location"] = req.makeLink(
"nodefile_browser/%s/" % id, {})
except EncryptionException:
req.request["Location"] = req.makeLink(
"content", {
"id": id,
"tab": "tab_editor",
"error":
"EncryptionError_" + datatype[:datatype.find("/")]
})
except:
logException("error during upload")
req.request["Location"] = req.makeLink(
"content", {
"id":
id,
"tab":
"tab_editor",
"error":
"PostprocessingError_" + datatype[:datatype.find("/")]
})
return send_nodefile_tal(req)
if "upload" in req.params.keys(): # NewFile
# file upload via CKeditor Image Properties / Upload tab
file = req.params["upload"]
del req.params["upload"]
if hasattr(file, "filesize") and file.filesize > 0:
try:
logger.info(user.name + " upload via ckeditor " +
file.filename + " (" + file.tempname + ")")
nodefile = importFile(file.filename, file.tempname)
node.addFile(nodefile)
except EncryptionException:
req.request["Location"] = req.makeLink(
"content", {
"id": id,
"tab": "tab_editor",
"error":
"EncryptionError_" + datatype[:datatype.find("/")]
})
except:
logException("error during upload")
req.request["Location"] = req.makeLink(
"content", {
"id":
id,
"tab":
"tab_editor",
"error":
"PostprocessingError_" + datatype[:datatype.find("/")]
})
url = '/file/' + id + '/' + file.tempname.split('/')[-1]
res = """<script type="text/javascript">
// Helper function to get parameters from the query string.
function getUrlParam(paramName)
{
var reParam = new RegExp('(?:[\?&]|&)' + paramName + '=([^&]+)', 'i') ;
var match = window.location.search.match(reParam) ;
return (match && match.length > 1) ? match[1] : '' ;
}
funcNum = getUrlParam('CKEditorFuncNum');
window.parent.CKEDITOR.tools.callFunction(funcNum, "%(fileUrl)s","%(customMsg)s");
</script>;""" % {
'fileUrl': url.replace('"', '\\"'),
'customMsg':
(t(lang(req), "edit_fckeditor_cfm_uploadsuccess")),
}
return res
return send_nodefile_tal(req)
def show_printview(req):
""" create a pdf preview of given node (id in path e.g. /print/[id]/[area])"""
p = req.path[1:].split("/")
try:
nodeid = int(p[1])
except ValueError:
raise ValueError("Invalid Printview URL: " + req.path)
if len(p) == 3:
if p[2] == "edit":
req.reply_headers['Content-Type'] = "application/pdf"
editprint = printmethod(req)
if editprint:
req.write(editprint)
else:
req.write("")
return
# use objects from session
if str(nodeid) == "0":
children = []
if "contentarea" in req.session:
try:
nodes = req.session["contentarea"].content.files
except:
c = req.session["contentarea"].content
nodes = c.resultlist[c.active].files
for n in nodes:
c_mtype = getMetaType(n.getSchema())
c_mask = c_mtype.getMask("printlist")
if not c_mask:
c_mask = c_mtype.getMask("nodesmall")
_c = c_mask.getViewHTML([n], VIEW_DATA_ONLY + VIEW_HIDE_EMPTY)
if len(_c) > 0:
children.append(_c)
req.reply_headers['Content-Type'] = "application/pdf"
req.write(
printview.getPrintView(lang(req), None,
[["", "", t(lang(req), "")]], [], 3,
children))
else:
node = getNode(nodeid)
if node.get("system.print") == "0":
return 404
access = AccessData(req)
if not access.hasAccess(node, "read"):
req.write(t(req, "permission_denied"))
return
style = int(req.params.get("style", 2))
# nodetype
mtype = getMetaType(node.getSchema())
mask = None
metadata = None
if mtype:
for m in mtype.getMasks():
if m.getMasktype() == "fullview":
mask = m
if m.getMasktype() == "printview":
mask = m
break
if not mask:
mask = mtype.getMask("nodebig")
if mask:
metadata = mask.getViewHTML([node],
VIEW_DATA_ONLY + VIEW_HIDE_EMPTY)
if not metadata:
metadata = [['nodename', node.getName(), 'Name', 'text']]
files = node.getFiles()
imagepath = None
for file in files:
if file.getType().startswith("presentati"):
imagepath = file.retrieveFile()
# children
children = []
if node.isContainer():
ret = []
getPrintChildren(req, node, ret)
for c in ret:
if not c.isContainer():
# items
c_mtype = getMetaType(c.getSchema())
c_mask = c_mtype.getMask("printlist")
if not c_mask:
c_mask = c_mtype.getMask("nodesmall")
_c = c_mask.getViewHTML([c], VIEW_DATA_ONLY)
if len(_c) > 0:
children.append(_c)
else:
# header
items = getPaths(c, AccessData(req))
p = []
for item in items[0]:
p.append(u(item.getName()))
p.append(u(c.getName()))
children.append([(c.id, " > ".join(p[1:]), u(c.getName()),
"header")])
if len(children) > 1:
col = []
order = []
try:
sort = getCollection(node).get("sortfield")
except:
sort = ""
for i in range(0, 2):
col.append((0, ""))
order.append(1)
if req.params.get("sortfield" + str(i)) != "":
sort = req.params.get("sortfield" + str(i), sort)
if sort != "":
if sort.startswith("-"):
sort = sort[1:]
order[i] = -1
_i = 0
for c in children[0]:
if c[0] == sort:
col[i] = (_i, sort)
_i += 1
if col[i][1] == "":
col[i] = (0, children[0][0][0])
# sort method for items
def myCmp(x, y, col, order):
cx = ""
cy = ""
for item in x:
if item[0] == col[0][1]:
cx = item[1]
break
for item in y:
if item[0] == col[0][1]:
cy = item[1]
break
if cx.lower() > cy.lower():
return 1 * order[0]
return -1 * order[0]
sorted_children = []
tmp = []
for item in children:
if item[0][3] == "header":
if len(tmp) > 0:
tmp.sort(lambda x, y: myCmp(x, y, col, order))
sorted_children.extend(tmp)
tmp = []
sorted_children.append(item)
else:
tmp.append(item)
tmp.sort(lambda x, y: myCmp(x, y, col, order))
sorted_children.extend(tmp)
children = sorted_children
req.reply_headers['Content-Type'] = "application/pdf"
req.write(
printview.getPrintView(lang(req), imagepath, metadata,
getPaths(node, AccessData(req)), style,
children, getCollection(node)))
def upload_new_node(req, path, params, data):
try:
uploadfile = params['data']
del params['data']
except KeyError:
uploadfile = None
# get the user and verify the signature
if params.get('user'):
# user=users.getUser(params.get('user'))
#userAccess = AccessData(user=user)
_user = users.getUser(params.get('user'))
if not _user: # user of dynamic
class dummyuser: # dummy user class
# return all groups with given dynamic user
def getGroups(self):
return [g.name for g in tree.getRoot('usergroups').getChildren() if g.get(
'allow_dynamic') == '1' and params.get('user') in g.get('dynamic_users')]
def getName(self):
return params.get('user')
def getDirID(self): # unique identifier
return params.get('user')
def isAdmin(self):
return 0
_user = dummyuser()
userAccess = AccessData(user=_user)
if userAccess.user:
user = userAccess.user
if not userAccess.verify_request_signature(
req.fullpath +
'?',
params):
userAccess = None
else:
userAccess = None
else:
user = users.getUser(config.get('user.guestuser'))
userAccess = AccessData(user=user)
parent = tree.getNode(params.get('parent'))
# check user access
if userAccess and userAccess.hasAccess(parent, "write"):
pass
else:
s = "No Access"
req.write(s)
d = {
'status': 'fail',
'html_response_code': '403',
'errormessage': 'no access'}
logger.error("user has no edit permission for node %s" % parent)
return d['html_response_code'], len(s), d
datatype = params.get('type')
uploaddir = users.getUploadDir(user)
n = tree.Node(name=params.get('name'), type=datatype)
if isinstance(uploadfile, types.InstanceType): # file object used
nfile = importFile(uploadfile.filename, uploadfile.tempname)
else: # string used
nfile = importFileFromData(
'uploadTest.jpg',
base64.b64decode(uploadfile))
if nfile:
n.addFile(nfile)
else:
logger.error("error in file uploadservice")
try: # test metadata
metadata = json.loads(params.get('metadata'))
except ValueError:
metadata = dict()
# set provided metadata
for key, value in metadata.iteritems():
n.set(u(key), u(value))
# service flags
n.set("creator", user.getName())
n.set("creationtime", format_date())
parent.addChild(n)
# process the file, we've added to the new node
if hasattr(n, "event_files_changed"):
try:
n.event_files_changed()
except OperationException as e:
for file in n.getFiles():
if os.path.exists(file.retrieveFile()):
os.remove(file.retrieveFile())
raise OperationException(e.value)
# make sure the new node is visible immediately from the web service and
# the search index gets updated
n.setDirty()
tree.remove_from_nodecaches(parent)
d = {
'status': 'Created',
'html_response_code': '201',
'build_response_end': time.time()}
s = "Created"
# provide the uploader with the new node ID
req.reply_headers['NodeID'] = n.id
# we need to write in case of POST request, send as buffer will not work
req.write(s)
return d['html_response_code'], len(s), d
def validate(req, op):
path = req.path[1:].split("/")
if len(path) == 3 and path[2] == "overview":
return showFieldOverview(req)
if len(path) == 4 and path[3] == "editor":
res = showEditor(req)
# mask may have been edited: flush masks cache
flush_maskcache(req=req)
return res
if len(path) == 5 and path[3] == "editor" and path[4] == "show_testnodes":
template = req.params.get('template', '')
testnodes_list = req.params.get('testnodes', '')
width = req.params.get('width', '400')
item_id = req.params.get('item_id', None)
mdt_name = path[1]
mask_name = path[2]
mdt = tree.getRoot('metadatatypes').getChild(mdt_name)
mask = mdt.getChild(mask_name)
access = AccessData(req)
sectionlist = []
for nid in [x.strip() for x in testnodes_list.split(',') if x.strip()]:
section_descr = {}
section_descr['nid'] = nid
section_descr['error_flag'] = '' # in case of no error
try:
node = tree.getNode(nid)
section_descr['node'] = node
if access.hasAccess(node, "data"):
try:
node_html = mask.getViewHTML([node], VIEW_DEFAULT, template_from_caller=[template, mdt, mask, item_id], mask=mask)
section_descr['node_html'] = node_html
except:
error_text = str(sys.exc_info()[1])
template_line = 'for node id ' + str(nid) + ': ' + error_text
try:
m = re.match(r".*line (?P<line>\d*), column (?P<column>\d*)", error_text)
if m:
mdict = m.groupdict()
line = int(mdict.get('line', 0))
column = int(mdict.get('column', 0))
error_text = error_text.replace('line %d' % line, 'template line %d' % (line - 1))
template_line = 'for node id ' + str(nid) + '<br/>' + error_text + '<br/><code>' + esc(template.split(
"\n")[line - 2][0:column - 1]) + '<span style="color:red">' + esc(template.split("\n")[line - 2][column - 1:]) + '</span></code>'
except:
pass
section_descr['error_flag'] = 'Error while evaluating template:'
section_descr['node_html'] = template_line
else:
section_descr['error_flag'] = 'no access'
section_descr['node_html'] = ''
except tree.NoSuchNodeError:
section_descr['node'] = None
section_descr['error_flag'] = 'NoSuchNodeError'
section_descr['node_html'] = 'for node id ' + str(nid)
sectionlist.append(section_descr)
# remark: error messages will be served untranslated in English
# because messages from the python interpreter (in English) will be added
return req.getTAL("web/admin/modules/metatype.html", {'sectionlist': sectionlist}, macro="view_testnodes")
if len(path) == 2 and path[1] == "info":
return showInfo(req)
if "file" in req.params and hasattr(req.params["file"], "filesize") and req.params["file"].filesize > 0:
# import scheme from xml-file
importfile = req.params.get("file")
if importfile.tempname != "":
xmlimport(req, importfile.tempname)
if req.params.get("acttype", "schema") == "schema":
# section for schema
for key in req.params.keys():
# create new metadatatype
if key.startswith("new"):
return MetatypeDetail(req, "")
# edit metadatatype
elif key.startswith("edit_"):
return MetatypeDetail(req, str(key[5:-2]))
# delete metadata
elif key.startswith("delete_"):
deleteMetaType(key[7:-2])
break
# show details for given metadatatype
elif key.startswith("detaillist_"):
return showDetailList(req, str(key[11:-2]))
# show masklist for given metadatatype
elif key.startswith("masks_"):
return showMaskList(req, str(key[6:-2]))
# reindex search index for current schema
elif key.startswith("indexupdate_") and "cancel" not in req.params.keys():
schema = tree.getNode(key[12:])
searcher.reindex(schema.getAllItems())
break
# save schema
if "form_op" in req.params.keys():
if req.params.get("form_op", "") == "cancel":
return view(req)
if req.params.get("mname", "") == "" or req.params.get("mlongname", "") == "" or req.params.get("mdatatypes", "") == "":
return MetatypeDetail(req, req.params.get("mname_orig", ""), 1) # no name was given
elif not checkString(req.params.get("mname", "")):
return MetatypeDetail(req, req.params.get("mname_orig", ""), 4) # if the name contains wrong characters
elif req.params.get("mname_orig", "") != req.params.get("mname", "") and existMetaType(req.params.get("mname")):
return MetatypeDetail(req, req.params.get("mname_orig", ""), 2) # metadata still existing
_active = 0
if req.params.get("mactive", "") != "":
_active = 1
updateMetaType(req.params.get("mname", ""),
description=req.params.get("description", ""),
longname=req.params.get("mlongname", ""), active=_active,
datatypes=req.params.get("mdatatypes", "").replace(";", ", "),
bibtexmapping=req.params.get("mbibtex", ""),
citeprocmapping=req.params.get("mciteproc", ""),
orig_name=req.params.get("mname_orig", ""))
mtype = getMetaType(req.params.get("mname"))
if mtype:
mtype.setAccess("read", "")
for key in req.params.keys():
if key.startswith("left"):
mtype.setAccess(key[4:], req.params.get(key).replace(";", ","))
break
elif req.params.get("acttype") == "field":
# section for fields
for key in req.params.keys():
# create new meta field
if key.startswith("newdetail_"):
return FieldDetail(req, req.params.get("parent"), "")
# edit meta field
elif key.startswith("editdetail_"):
return FieldDetail(req, req.params.get("parent"), key[11:-2])
# delete metafield: key[13:-2] = pid | n
elif key.startswith("deletedetail_"):
deleteMetaField(req.params.get("parent"), key[13:-2])
return showDetailList(req, req.params.get("parent"))
# change field order up
if key.startswith("updetail_"):
moveMetaField(req.params.get("parent"), key[9:-2], -1)
return showDetailList(req, req.params.get("parent"))
# change field order down
elif key.startswith("downdetail_"):
moveMetaField(req.params.get("parent"), key[11:-2], 1)
return showDetailList(req, req.params.get("parent"))
if "form_op" in req.params.keys():
if req.params.get("form_op", "") == "cancel":
return showDetailList(req, req.params.get("parent"))
if existMetaField(req.params.get("parent"), req.params.get("mname")) and req.params.get("form_op", "") == "save_newdetail":
return FieldDetail(req, req.params.get("parent"), req.params.get("orig_name", ""), 3) # field still existing
elif req.params.get("mname", "") == "" or req.params.get("mlabel", "") == "":
return FieldDetail(req, req.params.get("parent"), req.params.get("orig_name", ""), 1)
elif not checkString(req.params.get("mname", "")):
# if the name contains wrong characters
return FieldDetail(req, req.params.get("parent"), req.params.get("orig_name", ""), 4)
_option = ""
for o in req.params.keys():
if o.startswith("option_"):
_option += o[7]
_fieldvalue = ""
if req.params.get("mtype", "") + "_value" in req.params.keys():
_fieldvalue = str(req.params.get(req.params.get("mtype") + "_value"))
_filenode = None
if "valuesfile" in req.params.keys():
valuesfile = req.params.pop("valuesfile")
_filenode = importFileToRealname(valuesfile.filename, valuesfile.tempname)
_attr_dict = {}
if req.params.get("mtype", "") + "_handle_attrs" in req.params.keys():
attr_names = [s.strip() for s in req.params.get(req.params.get("mtype", "") + "_handle_attrs").split(",")]
key_prefix = req.params.get("mtype", "") + "_attr_"
for attr_name in attr_names:
attr_value = req.params.get(key_prefix + attr_name, "")
_attr_dict[attr_name] = attr_value
updateMetaField(req.params.get("parent", ""), req.params.get("mname", ""),
req.params.get("mlabel", ""), req.params.get("orderpos", ""),
req.params.get("mtype", ""), _option, req.params.get("mdescription", ""),
_fieldvalue, fieldid=req.params.get("fieldid", ""),
filenode=_filenode,
attr_dict=_attr_dict)
return showDetailList(req, req.params.get("parent"))
elif req.params.get("acttype") == "mask":
# mask may have been edited: flush masks cache
flush_maskcache(req=req)
# section for masks
for key in req.params.keys():
# new mask
if key.startswith("newmask_"):
return MaskDetails(req, req.params.get("parent"), "")
# edit metatype masks
elif key.startswith("editmask_"):
return MaskDetails(req, req.params.get("parent"), key[9:-2], err=0)
# delete mask
elif key.startswith("deletemask_"):
mtype = getMetaType(req.params.get("parent"))
mtype.removeChild(tree.getNode(key[11:-2]))
return showMaskList(req, req.params.get("parent"))
# create autmatic mask with all fields
elif key.startswith("automask_"):
generateMask(getMetaType(req.params.get("parent")))
return showMaskList(req, req.params.get("parent"))
# cope selected mask
if key.startswith("copymask_"):
mtype = getMetaType(req.params.get("parent"))
mask = mtype.getMask(key[9:-2])
cloneMask(mask, "copy_" + mask.getName())
return showMaskList(req, req.params.get("parent"))
if "form_op" in req.params.keys():
if req.params.get("form_op", "") == "cancel":
return showMaskList(req, req.params.get("parent"))
if req.params.get("mname", "") == "":
return MaskDetails(req, req.params.get("parent", ""), req.params.get("morig_name", ""), err=1)
elif not checkString(req.params.get("mname", "")):
# if the name contains wrong characters
return MaskDetails(req, req.params.get("parent", ""), req.params.get("morig_name", ""), err=4)
mtype = getMetaType(req.params.get("parent", ""))
if req.params.get("form_op") == "save_editmask":
mask = mtype.getMask(req.params.get("maskid", ""))
elif req.params.get("form_op") == "save_newmask":
mask = tree.Node(req.params.get("mname", ""), type="mask")
mtype.addChild(mask)
mask.setName(req.params.get("mname"))
mask.setDescription(req.params.get("mdescription"))
mask.setMasktype(req.params.get("mtype"))
mask.setSeparator(req.params.get("mseparator"))
if req.params.get("mtype") == "export":
mask.setExportMapping(req.params.get("exportmapping") or "")
mask.setExportHeader(req.params.get("exportheader"))
mask.setExportFooter(req.params.get("exportfooter"))
_opt = ""
if "types" in req.params.keys():
_opt += "t"
if "notlast" in req.params.keys():
_opt += "l"
mask.setExportOptions(_opt)
mask.setLanguage(req.params.get("mlanguage", ""))
mask.setDefaultMask("mdefault" in req.params.keys())
mask.setAccess("read", "")
for key in req.params.keys():
if key.startswith("left"):
mask.setAccess(key[4:], req.params.get(key).replace(";", ","))
break
return showMaskList(req, str(req.params.get("parent", "")))
return view(req)
def export_shoppingbag_zip(req):
from web.frontend.streams import sendZipFile
from utils.utils import join_paths
import core.config as config
import random
import os
access = AccessData(req)
items = []
for key in req.params.keys():
if key.startswith("select_"):
_nid = key[7:]
_n = tree.getNode(_nid)
if access.hasAccess(_n, 'read'):
items.append(_nid)
dest = join_paths(config.get("paths.tempdir"), str(random.random())) + "/"
# images
if req.params.get("type") == "image":
if req.params.get("metadata") in ["no", "yes"]:
format_type = req.params.get("format_type")
processtype = ""
processvalue = ""
if format_type == "perc":
processtype = "percentage"
_perc = req.params.get("img_perc", ";").split(";")
if _perc[0] != "":
processvalue = _perc[0]
else:
processvalue = int(_perc[1])
elif format_type == "pix":
processtype = "pixels"
_pix = req.params.get("img_pix", ";;").split(";")
if _pix[0] != "":
processvalue = _pix[0]
else:
processvalue = int(_pix[1])
elif format_type == "std":
processtype = "standard"
processvalue = req.params.get("img_pix", ";;").split(";")[2]
for item in items:
node = tree.getNode(item)
if not access.hasAccess(node, 'data'):
continue
if node.processImage(processtype, processvalue, dest) == 0:
print "image not found"
# documenttypes
if req.params.get("type") == "document":
if req.params.get("metadata") in ["no", "yes"]:
if not os.path.isdir(dest):
os.mkdir(dest)
for item in items:
node = tree.getNode(item)
if not access.hasAccess(node, 'data'):
continue
if node.processDocument(dest) == 0:
print "document not found"
# documenttypes
if req.params.get("type") == "media":
if req.params.get("metadata") in ["no", "yes"]:
if not os.path.isdir(dest):
os.mkdir(dest)
for item in items:
node = tree.getNode(item)
if not access.hasAccess(node, 'data'):
continue
if node.processMediaFile(dest) == 0:
print "file not found"
# metadata
def flatten(arr):
return sum(
map(lambda a: flatten(a) if (a and isinstance(a[0], list) and a != "") else [a], [a for a in arr if a not in['', []]]), [])
if req.params.get("metadata") in ["yes", "meta"]:
for item in items:
node = tree.getNode(item)
if not access.hasAccess(node, 'read'):
continue
if not os.path.isdir(dest):
os.mkdir(dest)
content = {"header": [], "content": []}
for c in flatten(node.getFullView(lang(req)).getViewHTML([node], VIEW_DATA_ONLY)):
content["header"].append(c[0])
content["content"].append(c[1])
f = open(dest + item + ".txt", "w")
f.write("\t".join(content["header"]) + "\n")
f.write("\t".join(content["content"]) + "\n")
f.close()
if len(items) > 0:
sendZipFile(req, dest)
for root, dirs, files in os.walk(dest, topdown=False):
for name in files:
os.remove(os.path.join(root, name))
for name in dirs:
os.rmdir(os.path.join(root, name))
if os.path.isdir(dest):
os.rmdir(dest)
def upload_for_html(req):
user = users.getUserFromRequest(req)
datatype = req.params.get("datatype", "image")
id = req.params.get("id")
node = tree.getNode(id)
access = AccessData(req)
if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write') and access.hasAccess(node, 'data')):
return 403
for key in req.params.keys():
if key.startswith("delete_"):
filename = key[7:-2]
for file in n.getFiles():
if file.getName() == filename:
n.removeFile(file)
if "file" in req.params.keys(): # file
# file upload via (possibly disabled) upload form in custom image
# browser
file = req.params["file"]
del req.params["file"]
if hasattr(file, "filesize") and file.filesize > 0:
try:
logger.info(
user.name + " upload " + file.filename + " (" + file.tempname + ")")
nodefile = importFile(file.filename, file.tempname)
node.addFile(nodefile)
req.request["Location"] = req.makeLink(
"nodefile_browser/%s/" % id, {})
except EncryptionException:
req.request["Location"] = req.makeLink("content", {
"id": id, "tab": "tab_editor", "error": "EncryptionError_" + datatype[:datatype.find("/")]})
except:
logException("error during upload")
req.request["Location"] = req.makeLink("content", {
"id": id, "tab": "tab_editor", "error": "PostprocessingError_" + datatype[:datatype.find("/")]})
return send_nodefile_tal(req)
if "upload" in req.params.keys(): # NewFile
# file upload via CKeditor Image Properties / Upload tab
file = req.params["upload"]
del req.params["upload"]
if hasattr(file, "filesize") and file.filesize > 0:
try:
logger.info(
user.name + " upload via ckeditor " + file.filename + " (" + file.tempname + ")")
nodefile = importFile(file.filename, file.tempname)
node.addFile(nodefile)
except EncryptionException:
req.request["Location"] = req.makeLink("content", {
"id": id, "tab": "tab_editor", "error": "EncryptionError_" + datatype[:datatype.find("/")]})
except:
logException("error during upload")
req.request["Location"] = req.makeLink("content", {
"id": id, "tab": "tab_editor", "error": "PostprocessingError_" + datatype[:datatype.find("/")]})
url = '/file/' + id + '/' + file.tempname.split('/')[-1]
res = """<script type="text/javascript">
// Helper function to get parameters from the query string.
function getUrlParam(paramName)
{
var reParam = new RegExp('(?:[\?&]|&)' + paramName + '=([^&]+)', 'i') ;
var match = window.location.search.match(reParam) ;
return (match && match.length > 1) ? match[1] : '' ;
}
funcNum = getUrlParam('CKEditorFuncNum');
window.parent.CKEDITOR.tools.callFunction(funcNum, "%(fileUrl)s","%(customMsg)s");
</script>;""" % {
'fileUrl': url.replace('"', '\\"'),
'customMsg': (t(lang(req), "edit_fckeditor_cfm_uploadsuccess")),
}
return res
return send_nodefile_tal(req)
def send_file(req, download=0):
access = AccessData(req)
id, filename = splitpath(req.path)
if id.endswith("_transfer.zip"):
id = id[:-13]
try:
n = tree.getNode(id)
except tree.NoSuchNodeError:
return 404
if not access.hasAccess(n, "data") and n.type not in [
"directory", "collections", "collection"
]:
return 403
file = None
if filename is None and n:
# build zip-file and return it
zipfilepath, files_written = build_transferzip(n)
if files_written == 0:
return 404
send_result = req.sendFile(zipfilepath, "application/zip")
if os.sep == '/': # Unix?
os.unlink(
zipfilepath
) # unlinking files while still reading them only works on Unix/Linux
return send_result
# try full filename
for f in n.getFiles():
if f.getName() == filename:
incUsage(n)
file = f
break
# try only extension
if not file and n.get("archive_type") == "":
file_ext = os.path.splitext(filename)[1]
for f in n.getFiles():
if os.path.splitext(
f.getName())[1] == file_ext and f.getType() in [
'doc', 'document', 'original', 'mp3'
]:
incUsage(n)
file = f
break
if existMetaField(n.getSchema(), 'nodename'):
display_file_name = '{}.{}'.format(
os.path.splitext(os.path.basename(n.name))[0],
os.path.splitext(filename)[-1].strip('.'))
else:
display_file_name = filename
# try file from archivemanager
if not file and n.get("archive_type") != "":
am = archivemanager.getManager(n.get("archive_type"))
req.reply_headers[
"Content-Disposition"] = 'attachment; filename="{}"'.format(
display_file_name)
return req.sendFile(am.getArchivedFileStream(n.get("archive_path")),
"application/x-download")
if not file:
return 404
req.reply_headers[
"Content-Disposition"] = 'attachment; filename="{}"'.format(
display_file_name)
return req.sendFile(file.retrieveFile(), f.getMimeType())
def handle_request(req):
user = users.getUserFromRequest(req)
access = AccessData(req)
errors = []
if "cmd" in req.params:
cmd = req.params["cmd"]
if cmd == "list_files":
targetnodeid = req.params.get("targetnodeid", "")
m_upload_field_name = req.params.get("m_upload_field_name", "")
n = tree.getNode(targetnodeid)
s = {'response': 'response for cmd="%s"' % cmd}
filelist, filelist2 = getFilelist(n, m_upload_field_name)
filelist = [_t[0:-1] for _t in filelist]
s['filelist'] = filelist
html_filelist = mkfilelist(n, filelist2, deletebutton=1, language=None, request=req)
html_filelist = html_filelist.replace("____FIELDNAME____", "%s" % m_upload_field_name)
s['html_filelist'] = html_filelist
req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4))
return 200
elif cmd == 'delete_file':
s = {'response': 'response for cmd="%s"' % cmd}
f_name = req.params.get('prefixed_filename', '')
f_name = f_name[len('delete_'):]
targetnodeid = req.params.get("targetnodeid", "")
m_upload_field_name = req.params.get("m_upload_field_name", "")
n = tree.getNode(targetnodeid)
fs = n.getFiles()
if not access.hasAccess(n, 'data'):
msg = "m_upload: no access for user '%s' to node %s ('%s', '%s') from '%s'" % (
user.name, str(n.id), n.name, n.type, str(req.ip))
logging.getLogger("backend").info(msg)
errors.append(msg)
s['errors'] = errors
req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4))
return 403
for f in fs:
if f.getName() == f_name:
msg = "metadata m_upload: going to remove file '%s' from node '%s' (%s) for request from user '%s' (%s)" % (
f_name, n.name, str(n.id), user.name, str(req.ip))
logging.getLogger("backend").info(msg)
n.removeFile(f)
try:
os.remove(f.retrieveFile())
except:
pass
break
filecount = len(getFilelist(n, m_upload_field_name)[0])
n.set(m_upload_field_name, filecount)
s['errors'] = errors
req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4))
return 200
else:
s = {'response': 'response for cmd="%s" not completely implemented feature' % cmd}
req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4))
return 200
filename = None
filesize = 0
s = {}
if "submitter" in req.params.keys():
submitter = req.params.get("submitter", "").split(';')[0]
targetnodeid = req.params.get("targetnodeid_FOR_" + submitter, None)
targetnode = None
if targetnodeid:
try:
targetnode = tree.getNode(targetnodeid)
except:
msg = "metadata m_upload: targetnodeid='%s' for non-existant node for upload from '%s'" % (str(targetnodeid), str(req.ip))
errors.append(msg)
logging.getLogger("backend").error(msg)
else:
msg = "metadata m_upload could not find 'targetnodeid' for upload from '%s'" % str(req.ip)
errors.append(msg)
logging.getLogger("backend").error(msg)
if not access.hasAccess(targetnode, 'data'):
msg = "m_upload: no access for user '%s' to node %s ('%s', '%s') from '%s'" % (
user.name, str(targetnode.id), targetnode.name, targetnode.type, str(req.ip))
logging.getLogger("backend").info(msg)
errors.append(msg)
s['errors'] = errors
req.write("%s" % json.dumps(s, indent=4))
return
filename = None
file_key = "m_upload_file_FOR_" + submitter
if file_key in req.params:
file = req.params[file_key]
del req.params[file_key]
filename = file.filename
filesize = file.filesize
filetempname = file.tempname
else:
msg = t(lang(req), "no file for this field submitted")
errors.append(msg)
if filename:
diskname = normalizeFilename(filename)
nodeFile = importFileToRealname(diskname, filetempname, prefix='m_upload_%s_' % (submitter, ), typeprefix="u_")
if nodeFile:
imported_filename = nodeFile.getName()
imported_filesize = nodeFile.getSize()
imported_filepath = nodeFile.retrieveFile()
imported_filemimetype = nodeFile.getMimeType()
else:
msg = "metadata m_upload: could not create file node for request from '%s'" % (str(req.ip))
errors.append(msg)
logging.getLogger("backend").error(msg)
if targetnode and filename:
targetnode.addFile(nodeFile)
filecount = len(getFilelist(targetnode, submitter)[0])
targetnode.set(submitter, filecount)
copy_report = t(lang(req), "uploaded file: %s; size: %d bytes") % (filename, filesize)
else:
copy_report = ""
else:
msg = "metadata m_upload: could not find submitter for request from '%s'" % (str(req.ip))
errors.append(msg)
logging.getLogger("backend").error(msg)
s = {
'errors': errors,
'copy_report': copy_report,
}
req.write("%s" % json.dumps(s, indent=4))
return 200
def upload_new_node(req, path, params, data):
try:
uploadfile = params['data']
del params['data']
except KeyError:
uploadfile = None
# get the user and verify the signature
if params.get('user'):
# user=users.getUser(params.get('user'))
#userAccess = AccessData(user=user)
_user = users.getUser(params.get('user'))
if not _user: # user of dynamic
class dummyuser: # dummy user class
# return all groups with given dynamic user
def getGroups(self):
return [
g.name
for g in tree.getRoot('usergroups').getChildren()
if g.get('allow_dynamic') == '1'
and params.get('user') in g.get('dynamic_users')
]
def getName(self):
return params.get('user')
def getDirID(self): # unique identifier
return params.get('user')
def isAdmin(self):
return 0
_user = dummyuser()
userAccess = AccessData(user=_user)
if userAccess.user:
user = userAccess.user
if not userAccess.verify_request_signature(req.fullpath + '?',
params):
userAccess = None
else:
userAccess = None
else:
user = users.getUser(config.get('user.guestuser'))
userAccess = AccessData(user=user)
parent = tree.getNode(params.get('parent'))
# check user access
if userAccess and userAccess.hasAccess(parent, "write"):
pass
else:
s = "No Access"
req.write(s)
d = {
'status': 'fail',
'html_response_code': '403',
'errormessage': 'no access'
}
logger.error("user has no edit permission for node %s" % parent)
return d['html_response_code'], len(s), d
datatype = params.get('type')
uploaddir = users.getUploadDir(user)
n = tree.Node(name=params.get('name'), type=datatype)
if isinstance(uploadfile, types.InstanceType): # file object used
nfile = importFile(uploadfile.filename, uploadfile.tempname)
else: # string used
nfile = importFileFromData('uploadTest.jpg',
base64.b64decode(uploadfile))
if nfile:
n.addFile(nfile)
else:
logger.error("error in file uploadservice")
try: # test metadata
metadata = json.loads(params.get('metadata'))
except ValueError:
metadata = dict()
# set provided metadata
for key, value in metadata.iteritems():
n.set(u(key), u(value))
# service flags
n.set("creator", user.getName())
n.set("creationtime", format_date())
parent.addChild(n)
# process the file, we've added to the new node
if hasattr(n, "event_files_changed"):
try:
n.event_files_changed()
except OperationException as e:
for file in n.getFiles():
if os.path.exists(file.retrieveFile()):
os.remove(file.retrieveFile())
raise OperationException(e.value)
# make sure the new node is visible immediately from the web service and
# the search index gets updated
n.setDirty()
tree.remove_from_nodecaches(parent)
d = {
'status': 'Created',
'html_response_code': '201',
'build_response_end': time.time()
}
s = "Created"
# provide the uploader with the new node ID
req.reply_headers['NodeID'] = n.id
# we need to write in case of POST request, send as buffer will not work
req.write(s)
return d['html_response_code'], len(s), d
def show_printview(req):
""" create a pdf preview of given node (id in path e.g. /print/[id]/[area])"""
p = req.path[1:].split("/")
try:
nodeid = int(p[1])
except ValueError:
raise ValueError("Invalid Printview URL: " + req.path)
if len(p) == 3:
if p[2] == "edit":
req.reply_headers['Content-Type'] = "application/pdf"
editprint = printmethod(req)
if editprint:
req.write(editprint)
else:
req.write("")
return
# use objects from session
if str(nodeid) == "0":
children = []
if "contentarea" in req.session:
try:
nodes = req.session["contentarea"].content.files
except:
c = req.session["contentarea"].content
nodes = c.resultlist[c.active].files
for n in nodes:
c_mtype = getMetaType(n.getSchema())
c_mask = c_mtype.getMask("printlist")
if not c_mask:
c_mask = c_mtype.getMask("nodesmall")
_c = c_mask.getViewHTML([n], VIEW_DATA_ONLY + VIEW_HIDE_EMPTY)
if len(_c) > 0:
children.append(_c)
req.reply_headers['Content-Type'] = "application/pdf"
req.write(printview.getPrintView(lang(req), None, [["", "", t(lang(req), "")]], [], 3, children))
else:
node = getNode(nodeid)
if node.get("system.print") == "0":
return 404
access = AccessData(req)
if not access.hasAccess(node, "read"):
req.write(t(req, "permission_denied"))
return
style = int(req.params.get("style", 2))
# nodetype
mtype = getMetaType(node.getSchema())
mask = None
metadata = None
if mtype:
for m in mtype.getMasks():
if m.getMasktype() == "fullview":
mask = m
if m.getMasktype() == "printview":
mask = m
break
if not mask:
mask = mtype.getMask("nodebig")
if mask:
metadata = mask.getViewHTML([node], VIEW_DATA_ONLY + VIEW_HIDE_EMPTY)
if not metadata:
metadata = [['nodename', node.getName(), 'Name', 'text']]
files = node.getFiles()
imagepath = None
for file in files:
if file.getType().startswith("presentati"):
imagepath = file.retrieveFile()
# children
children = []
if node.isContainer():
ret = []
getPrintChildren(req, node, ret)
for c in ret:
if not c.isContainer():
# items
c_mtype = getMetaType(c.getSchema())
c_mask = c_mtype.getMask("printlist")
if not c_mask:
c_mask = c_mtype.getMask("nodesmall")
_c = c_mask.getViewHTML([c], VIEW_DATA_ONLY)
if len(_c) > 0:
children.append(_c)
else:
# header
items = getPaths(c, AccessData(req))
p = []
for item in items[0]:
p.append(u(item.getName()))
p.append(u(c.getName()))
children.append([(c.id, " > ".join(p[1:]), u(c.getName()), "header")])
if len(children) > 1:
col = []
order = []
try:
sort = getCollection(node).get("sortfield")
except:
sort = ""
for i in range(0, 2):
col.append((0, ""))
order.append(1)
if req.params.get("sortfield" + str(i)) != "":
sort = req.params.get("sortfield" + str(i), sort)
if sort != "":
if sort.startswith("-"):
sort = sort[1:]
order[i] = -1
_i = 0
for c in children[0]:
if c[0] == sort:
col[i] = (_i, sort)
_i += 1
if col[i][1] == "":
col[i] = (0, children[0][0][0])
# sort method for items
def myCmp(x, y, col, order):
cx = ""
cy = ""
for item in x:
if item[0] == col[0][1]:
cx = item[1]
break
for item in y:
if item[0] == col[0][1]:
cy = item[1]
break
if cx.lower() > cy.lower():
return 1 * order[0]
return -1 * order[0]
sorted_children = []
tmp = []
for item in children:
if item[0][3] == "header":
if len(tmp) > 0:
tmp.sort(lambda x, y: myCmp(x, y, col, order))
sorted_children.extend(tmp)
tmp = []
sorted_children.append(item)
else:
tmp.append(item)
tmp.sort(lambda x, y: myCmp(x, y, col, order))
sorted_children.extend(tmp)
children = sorted_children
req.reply_headers['Content-Type'] = "application/pdf"
req.write(printview.getPrintView(lang(req), imagepath, metadata, getPaths(
node, AccessData(req)), style, children, getCollection(node)))
