def publication_attached_file(request, publication_id):
if(not request.user.is_authenticated()):
logger.warn('access to restricted: user: %r, publication: %r',
request.user,publication_id)
return HttpResponse('Log in required.', status=401)
try:
publication = Publication.objects.get(publication_id=publication_id)
if (not hasattr(publication, 'attachedfile')
or publication.attachedfile is None):
msg = 'publication found, but has no attached_file for id: %r' % publication_id
logger.exception(msg)
raise Http404(msg)
authorization = ScreenAuthorization()
authorized = authorization._is_resource_authorized(
'screen',request.user,'read')
if not authorized:
userprofile = request.user.userprofile
screensaver_user = None
if hasattr(userprofile,'screensaveruser'):
screensaver_user = userprofile.screensaveruser
if ( screensaver_user is not None
and hasattr(publication,'screen')
and publication.screen is not None):
authorized = authorization._is_screen_authorized(
publication.screen, screensaver_user, 'read')
if not authorized:
msg = ('%s permission needed for user: %s'
% ('screen/read',request.user))
logger.warn(msg)
return HttpResponse(msg, status=403)
else:
logger.info(
'User allowed to file %s',
request.user)
return _download_file(request,publication.attachedfile)
except ObjectDoesNotExist,e:
msg = 'could not find publication object for id: %r' % publication_id
logger.exception(msg)
return HttpResponse(status=404)
def publication_attached_file(request, publication_id):
if (not request.user.is_authenticated()):
logger.warn('access to restricted: user: %r, publication: %r',
request.user, publication_id)
return HttpResponse('Log in required.', status=401)
try:
publication = Publication.objects.get(publication_id=publication_id)
if (not hasattr(publication, 'attachedfile')
or publication.attachedfile is None):
msg = 'publication found, but has no attached_file for id: %r' % publication_id
logger.exception(msg)
raise Http404(msg)
authorization = ScreenAuthorization()
authorized = authorization._is_resource_authorized(
'screen', request.user, 'read')
if not authorized:
userprofile = request.user.userprofile
screensaver_user = None
if hasattr(userprofile, 'screensaveruser'):
screensaver_user = userprofile.screensaveruser
if (screensaver_user is not None
and hasattr(publication, 'screen')
and publication.screen is not None):
authorized = authorization._is_screen_authorized(
publication.screen, screensaver_user, 'read')
if not authorized:
msg = ('%s permission needed for user: %s' %
('screen/read', request.user))
logger.warn(msg)
return HttpResponse(msg, status=403)
else:
logger.info('User allowed to file %s', request.user)
return _download_file(request, publication.attachedfile)
except ObjectDoesNotExist, e:
msg = 'could not find publication object for id: %r' % publication_id
logger.exception(msg)
return HttpResponse(status=404)
def attached_file(request, attached_file_id):
if(not request.user.is_authenticated()):
logger.warn('access to restricted: user: %r, file: %r',
request.user,attached_file)
return HttpResponse('Log in required.', status=401)
af = None
try:
af = AttachedFile.objects.get(attached_file_id=attached_file_id)
authorization = ScreenAuthorization()
authorized = authorization._is_resource_authorized(
'screen',request.user,'read')
if not authorized:
userprofile = request.user.userprofile
screensaver_user = None
if hasattr(userprofile,'screensaveruser'):
screensaver_user = userprofile.screensaveruser
if ( hasattr(attached_file,'screensaver_user')
and attached_file.screensaver_user is not None):
if attached_file.screensaver_user.user == userprofile:
authorized = True
if ( screensaver_user is not None
and hasattr(publication,'screen')
and publication.screen is not None):
authorized = authorization._is_screen_authorized(
publication.screen, screensaver_user, 'read')
if not authorized:
msg = ('%s permission needed for user: %s'
% ('attachedfiles/read',request.user))
logger.warn(msg)
return HttpResponse(msg, status=403)
else:
logger.info(
'User allowed attached file access to own files %s',
request.user)
return _download_file(request,af)
except ObjectDoesNotExist,e:
msg = 'could not find attached file object for id: %r' % attached_file_id
logger.exception(msg)
return HttpResponse(status=404)
def attached_file(request, attached_file_id):
if (not request.user.is_authenticated()):
logger.warn('access to restricted: user: %r, file: %r', request.user,
attached_file)
return HttpResponse('Log in required.', status=401)
af = None
try:
af = AttachedFile.objects.get(attached_file_id=attached_file_id)
authorization = ScreenAuthorization()
authorized = authorization._is_resource_authorized(
'screen', request.user, 'read')
if not authorized:
userprofile = request.user.userprofile
screensaver_user = None
if hasattr(userprofile, 'screensaveruser'):
screensaver_user = userprofile.screensaveruser
if (hasattr(attached_file, 'screensaver_user')
and attached_file.screensaver_user is not None):
if attached_file.screensaver_user.user == userprofile:
authorized = True
if (screensaver_user is not None
and hasattr(publication, 'screen')
and publication.screen is not None):
authorized = authorization._is_screen_authorized(
publication.screen, screensaver_user, 'read')
if not authorized:
msg = ('%s permission needed for user: %s' %
('attachedfiles/read', request.user))
logger.warn(msg)
return HttpResponse(msg, status=403)
else:
logger.info('User allowed attached file access to own files %s',
request.user)
return _download_file(request, af)
except ObjectDoesNotExist, e:
msg = 'could not find attached file object for id: %r' % attached_file_id
logger.exception(msg)
return HttpResponse(status=404)
