Ejemplo n.º 1
0
def publication_attached_file(request, publication_id):
    if(not request.user.is_authenticated()):
        logger.warn('access to restricted: user: %r, publication: %r',
            request.user,publication_id) 
        return HttpResponse('Log in required.', status=401)

    try:
        publication = Publication.objects.get(publication_id=publication_id)

        if (not hasattr(publication, 'attachedfile')
            or publication.attachedfile is None):
            msg = 'publication found, but has no attached_file for id: %r' % publication_id
            logger.exception(msg)
            raise Http404(msg)

        authorization = ScreenAuthorization()
        authorized = authorization._is_resource_authorized(
            'screen',request.user,'read')
        if not authorized:
            userprofile = request.user.userprofile
            screensaver_user = None
            if hasattr(userprofile,'screensaveruser'):
                screensaver_user = userprofile.screensaveruser
            if ( screensaver_user is not None
                    and hasattr(publication,'screen') 
                    and publication.screen is not None):
                authorized = authorization._is_screen_authorized(
                    publication.screen, screensaver_user, 'read')
        if not authorized:
            msg = ('%s permission needed for user: %s'
                       % ('screen/read',request.user))
            logger.warn(msg)
            return HttpResponse(msg, status=403)
        else:
            logger.info(
                'User allowed to file %s',
                request.user)
            return _download_file(request,publication.attachedfile)
    except ObjectDoesNotExist,e:
        msg = 'could not find publication object for id: %r' % publication_id
        logger.exception(msg)
        return HttpResponse(status=404)
Ejemplo n.º 2
0
Archivo: views.py Proyecto: gmat/lims
def publication_attached_file(request, publication_id):
    if (not request.user.is_authenticated()):
        logger.warn('access to restricted: user: %r, publication: %r',
                    request.user, publication_id)
        return HttpResponse('Log in required.', status=401)

    try:
        publication = Publication.objects.get(publication_id=publication_id)

        if (not hasattr(publication, 'attachedfile')
                or publication.attachedfile is None):
            msg = 'publication found, but has no attached_file for id: %r' % publication_id
            logger.exception(msg)
            raise Http404(msg)

        authorization = ScreenAuthorization()
        authorized = authorization._is_resource_authorized(
            'screen', request.user, 'read')
        if not authorized:
            userprofile = request.user.userprofile
            screensaver_user = None
            if hasattr(userprofile, 'screensaveruser'):
                screensaver_user = userprofile.screensaveruser
            if (screensaver_user is not None
                    and hasattr(publication, 'screen')
                    and publication.screen is not None):
                authorized = authorization._is_screen_authorized(
                    publication.screen, screensaver_user, 'read')
        if not authorized:
            msg = ('%s permission needed for user: %s' %
                   ('screen/read', request.user))
            logger.warn(msg)
            return HttpResponse(msg, status=403)
        else:
            logger.info('User allowed to file %s', request.user)
            return _download_file(request, publication.attachedfile)
    except ObjectDoesNotExist, e:
        msg = 'could not find publication object for id: %r' % publication_id
        logger.exception(msg)
        return HttpResponse(status=404)
Ejemplo n.º 3
0
def attached_file(request, attached_file_id):
    if(not request.user.is_authenticated()):
        logger.warn('access to restricted: user: %r, file: %r',
            request.user,attached_file) 
        return HttpResponse('Log in required.', status=401)

    af = None
    try:
        af = AttachedFile.objects.get(attached_file_id=attached_file_id)
        authorization = ScreenAuthorization()
        authorized = authorization._is_resource_authorized(
            'screen',request.user,'read')
        if not authorized:
            userprofile = request.user.userprofile
            screensaver_user = None
            if hasattr(userprofile,'screensaveruser'):
                screensaver_user = userprofile.screensaveruser
            if ( hasattr(attached_file,'screensaver_user') 
                and attached_file.screensaver_user is not None):
                if attached_file.screensaver_user.user == userprofile:
                    authorized = True
            if ( screensaver_user is not None
                    and hasattr(publication,'screen') 
                    and publication.screen is not None):
                authorized = authorization._is_screen_authorized(
                    publication.screen, screensaver_user, 'read')
        if not authorized:
            msg = ('%s permission needed for user: %s'
                       % ('attachedfiles/read',request.user))
            logger.warn(msg)
            return HttpResponse(msg, status=403)
        else:
            logger.info(
                'User allowed attached file access to own files %s',
                request.user)
            return _download_file(request,af)
    except ObjectDoesNotExist,e:
        msg = 'could not find attached file object for id: %r' % attached_file_id
        logger.exception(msg)
        return HttpResponse(status=404)
Ejemplo n.º 4
0
Archivo: views.py Proyecto: gmat/lims
def attached_file(request, attached_file_id):
    if (not request.user.is_authenticated()):
        logger.warn('access to restricted: user: %r, file: %r', request.user,
                    attached_file)
        return HttpResponse('Log in required.', status=401)

    af = None
    try:
        af = AttachedFile.objects.get(attached_file_id=attached_file_id)
        authorization = ScreenAuthorization()
        authorized = authorization._is_resource_authorized(
            'screen', request.user, 'read')
        if not authorized:
            userprofile = request.user.userprofile
            screensaver_user = None
            if hasattr(userprofile, 'screensaveruser'):
                screensaver_user = userprofile.screensaveruser
            if (hasattr(attached_file, 'screensaver_user')
                    and attached_file.screensaver_user is not None):
                if attached_file.screensaver_user.user == userprofile:
                    authorized = True
            if (screensaver_user is not None
                    and hasattr(publication, 'screen')
                    and publication.screen is not None):
                authorized = authorization._is_screen_authorized(
                    publication.screen, screensaver_user, 'read')
        if not authorized:
            msg = ('%s permission needed for user: %s' %
                   ('attachedfiles/read', request.user))
            logger.warn(msg)
            return HttpResponse(msg, status=403)
        else:
            logger.info('User allowed attached file access to own files %s',
                        request.user)
            return _download_file(request, af)
    except ObjectDoesNotExist, e:
        msg = 'could not find attached file object for id: %r' % attached_file_id
        logger.exception(msg)
        return HttpResponse(status=404)