def admin_edit_user(request, user_id):
"""Edit user."""
# Security check.
if not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You must be superuser"},
context_instance=RequestContext(request))
user = get_object_or_404(Profile, pk=user_id)
if request.method == "POST":
form = forms.ProfileForm(request.POST, instance=user)
if form.is_valid():
user = form.save()
# Auditing.
log_activity("A",
"Edited user {0}".format(user.username),
request)
return HttpResponseRedirect(reverse("users.views.admin_show_user", args=(user.id,)))
else:
form = forms.ProfileForm(instance=user)
return render_to_response("admin/edit_user.html",
{"form": form, "user": user},
context_instance=RequestContext(request))
def delete_tag(request, id):
"""Un-Tag image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not (request.user.is_superuser
or request.user in analysis.case.users.all()):
return render_to_response(
"error.html", {"error": "You are not authorized to tag this."},
context_instance=RequestContext(request))
# Validation check.
if not request.POST.get("tagName"):
return HttpResponse("Tag empty.")
try:
tag = Tag.objects.get(owner=request.user,
text=request.POST.get("tagName"))
except ObjectDoesNotExist:
return HttpResponse(False)
analysis.tag_set.remove(tag)
# Auditing.
log_activity("I", "Tag on image removed: %s" % analysis.file_name, request)
return HttpResponse(True)
def new_hashes(request):
"""New hash list."""
if request.method == "POST":
form = forms.ListForm(request.POST, request.FILES)
if form.is_valid():
list = form.save(commit=False)
list.owner = request.user
list.save()
# Read file.
with open(request.FILES["hash_list"].temporary_file_path(), "r") as file:
for row in file.readlines():
Hash.objects.get_or_create(value=row.strip(), list=list)
# Auditing.
log_activity("H",
"Created new hash list {0}".format(list.name),
request)
return HttpResponseRedirect(reverse("hashes.views.show_hashes", args=(list.id,)))
else:
form = forms.ListForm()
return render_to_response("hashes/new.html",
{"form": form},
context_instance=RequestContext(request))
def admin_edit_user(request, user_id):
"""Edit user."""
# Security check.
if not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You must be superuser"},
context_instance=RequestContext(request))
user = get_object_or_404(Profile, pk=user_id)
if request.method == "POST":
form = forms.ProfileForm(request.POST, instance=user)
if form.is_valid():
user = form.save()
# Auditing.
log_activity("A", "Edited user %s" % user.username, request)
return HttpResponseRedirect(
reverse("users.views.admin_show_user", args=(user.id, )))
else:
form = forms.ProfileForm(instance=user)
return render_to_response("admin/edit_user.html", {
"form": form,
"user": user
},
context_instance=RequestContext(request))
def new_image(request, case_id):
"""Upload a new image."""
case = get_object_or_404(Case, pk=case_id)
# Security check.
if not request.user.is_superuser and not request.user in case.users.all():
return render_to_response("error.html",
{"error": "You are not authorized to add image to this."},
context_instance=RequestContext(request))
if case.state == "C":
return render_to_response("error.html",
{"error": "You cannot add an image to a closed case."},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.UploadImageForm(request.POST, request.FILES)
if form.is_valid():
content_type = get_content_type_from_file(request.FILES["image"].temporary_file_path())
task = Analysis.add_task(request.FILES["image"].temporary_file_path(), case=case,
user=request.user, content_type=content_type,
image_id=save_file(file_path=request.FILES["image"].temporary_file_path(),
content_type=content_type),
thumb_id=create_thumb(request.FILES["image"].temporary_file_path()),
file_name=request.FILES["image"].name)
# Auditing.
log_activity("I",
"Created new analysis %s" % task.file_name,
request)
# Response designed for Plupload component.
response = HttpResponse('{"jsonrpc": "2.0", "result": null, "id": "id"}', content_type="application/json")
# Never cache AJAX response.
response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT"
response["Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
response["Pragma"] = "no-cache"
return response
else:
# Deal with a validation error. We are using Plupload which basically is an AJAX component
# so we have to deal with custom validation errors passing in JSON.
# Plupload needs a status code 200/OK to get additional data passed from the web server.
response = HttpResponse(json.dumps({"jsonrpc" : "2.0",
"error" : {"code": 88,
"message": " ".join([(" ".join([force_text(i) for i in v])) for k, v in form.errors.items()])},
"id" : "id"}),
content_type="application/json")
# Never cache AJAX response.
response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT"
response["Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
response["Pragma"] = "no-cache"
return response
else:
# Request is not a POST.
form = forms.UploadImageForm()
return render_to_response("analyses/images/new_image.html",
{"form": form, "case": case},
context_instance=RequestContext(request))
def new_image(request):
"""Upload a new image."""
user = api_authenticate(request.POST.get("api_key"))
if request.POST.get("case_id"):
case = get_object_or_404(Case, pk=request.POST.get("case_id"))
# Security check.
if not case.can_write(user):
return HttpResponse("You are not authorized to add image to this", status=400)
if case.state == "C":
return HttpResponse("You cannot add an image to a closed case", status=400)
else:
case = None
task = Analysis.add_task(request.FILES["image"].temporary_file_path(),
file_name=request.FILES["image"].name, case=case, user=user,
content_type=request.FILES["image"].content_type,
image_id=save_file(file_path=request.FILES["image"].temporary_file_path(),
content_type=request.FILES["image"].content_type),
thumb_id=create_thumb(request.FILES["image"].temporary_file_path()))
# Auditing.
log_activity("I",
"Created new analysis via API %s" % task.file_name,
request,
user=user)
response_data = {"id": task.id}
return HttpResponse(json.dumps(response_data), content_type="application/json")
def new_hashes(request):
"""New hash list."""
if request.method == "POST":
form = forms.ListForm(request.POST, request.FILES)
if form.is_valid():
list = form.save(commit=False)
list.owner = request.user
list.save()
# Read file.
with open(request.FILES["hash_list"].temporary_file_path(), "r") as file:
for row in file.readlines():
Hash.objects.get_or_create(value=row.strip(), list=list)
# Auditing.
log_activity("H",
"Created new hash list %s" % list.name,
request)
return HttpResponseRedirect(reverse("hashes.views.show_hashes", args=(list.id,)))
else:
form = forms.ListForm()
return render_to_response("hashes/new.html",
{"form": form},
context_instance=RequestContext(request))
def add_comment(request, id):
"""Comment image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not(request.user.is_superuser or request.user in analysis.case.users.all()):
return render_to_response("error.html",
{"error": "You are not authorized to add this."},
context_instance=RequestContext(request))
form = forms.CommentForm(request.POST)
if form.is_valid():
comment = form.save(commit=False)
comment.owner = request.user
comment.save()
form.save_m2m()
# Auditing.
log_activity("I",
"Comment on image added: {0}".format(analysis.file_name),
request)
return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(analysis.id,)))
else:
return render_to_response("error.html",
{"error": "Error adding comment: %s" % form.errors},
context_instance=RequestContext(request))
def add_comment(request, id):
"""Comment image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not (request.user.is_superuser
or request.user in analysis.case.users.all()):
return render_to_response(
"error.html", {"error": "You are not authorized to add this."},
context_instance=RequestContext(request))
form = forms.CommentForm(request.POST)
if form.is_valid():
comment = form.save(commit=False)
comment.owner = request.user
comment.analysis = analysis
comment.save()
form.save_m2m()
# Auditing.
log_activity("I", "Comment on image added: %s" % analysis.file_name,
request)
return HttpResponseRedirect(
reverse("analyses.views.show_analysis", args=(analysis.id, )))
else:
return render_to_response(
"error.html",
{"error": "Error adding comment: %s" % form.errors.as_text()},
context_instance=RequestContext(request))
def delete_tag(request, id):
"""Un-Tag image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not(request.user.is_superuser or request.user in analysis.case.users.all()):
return render_to_response("error.html",
{"error": "You are not authorized to tag this."},
context_instance=RequestContext(request))
# Validation check.
if not request.POST.get("tagName"):
return HttpResponse("Tag empty.")
try:
tag = Tag.objects.get(owner=request.user, text=request.POST.get("tagName"))
except ObjectDoesNotExist:
return HttpResponse(False)
analysis.tag_set.remove(tag)
# Auditing.
log_activity("I",
"Tag on image removed: {0}".format(analysis.file_name),
request)
return HttpResponse(True)
def new_folder(request, case_id):
"""Load files from a local directory."""
case = get_object_or_404(Case, pk=case_id)
# Security check.
if not(request.user.is_superuser or request.user in case.users.all()):
return render_to_response("error.html",
{"error": "You are not authorized to add image to this."},
context_instance=RequestContext(request))
if case.state == "C":
return render_to_response("error.html",
{"error": "You cannot add an image to a closed case."},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.ImageFolderForm(request.POST)
if form.is_valid():
# Check.
if not os.path.exists(request.POST.get("path")):
return render_to_response("error.html",
{"error": "Folder does not exist."},
context_instance=RequestContext(request))
elif not os.path.isdir(request.POST.get("path")):
return render_to_response("error.html",
{"error": "Folder is not a directory."},
context_instance=RequestContext(request))
# Add all files in directory.
mime = magic.Magic(mime=True)
for file in os.listdir(request.POST.get("path")):
content_type = mime.from_file(os.path.join(request.POST.get("path"), file))
# Check if content type is allowed.
if not check_allowed_content(content_type):
# TODO: add some kind of feedback.
pass
task = Analysis()
task.owner = request.user
task.case = case
task.file_name = file
task.image_id = save_file(file_path=os.path.join(request.POST.get("path"), file),
content_type=content_type)
task.thumb_id = create_thumb(os.path.join(request.POST.get("path"), file))
task.save()
# Auditing.
log_activity("I",
"Created new analysis {0}".format(task.file_name),
request)
return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list")))
else:
form = forms.ImageFolderForm()
return render_to_response("analyses/images/new_folder.html",
{"form": form, "case": case},
context_instance=RequestContext(request))
def delete_hashes(request, list_id):
hash_list = get_object_or_404(List, pk=list_id)
# Security check.
if request.user != hash_list.owner:
return render_to_response(
"error.html", {"error": "You are not authorized to delete this."},
context_instance=RequestContext(request))
hash_list.delete()
# Auditing.
log_activity("H", "Deleted hash list {0}".format(hash_list.name), request)
return HttpResponseRedirect(reverse("hashes.views.list_hashes"))
def new_case(request):
"""Creates a new case."""
user = api_authenticate(request.POST.get("api_key"))
if request.POST.get("name"):
case = Case(name=request.POST.get("name"), description=request.POST.get("description"), owner=user)
case.save()
# Auditing.
log_activity("C", "Created new case via API %s" % case.name, request, user)
response_data = {"id": case.id}
return HttpResponse(json.dumps(response_data), content_type="application/json")
else:
return HttpResponse("Request not valid", status=400)
def delete_hashes(request, list_id):
hash_list = get_object_or_404(List, pk=list_id)
# Security check.
if request.user != hash_list.owner:
return render_to_response("error.html",
{"error": "You are not authorized to delete this."},
context_instance=RequestContext(request))
hash_list.delete()
# Auditing.
log_activity("H",
"Deleted hash list {0}".format(hash_list.name),
request)
return HttpResponseRedirect(reverse("hashes.views.list_hashes"))
def delete_case(request, case_id):
"""Delete a case."""
case = get_object_or_404(Case, pk=case_id)
# Security check.
if request.user != case.owner and not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You are not authorized to delete this."},
context_instance=RequestContext(request))
Case.objects.get(pk=case_id).delete()
# Auditing.
log_activity("C",
"Case {0} deleted".format(case.name),
request)
return HttpResponseRedirect(reverse("analyses.views.list_cases"))
def delete_comment(request, id):
"""Delete a comment."""
comment = get_object_or_404(Comment, pk=id)
# Security check.
if request.user != comment.analysis.owner and not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You are not authorized to delete this."},
context_instance=RequestContext(request))
comment.delete()
# Auditing.
log_activity("I",
"Comment on image deleted: {0}".format(comment.analysis.file_name),
request)
return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(comment.analysis.id,)))
def delete_comment(request, id):
"""Delete a comment."""
comment = get_object_or_404(Comment, pk=id)
# Security check.
if request.user != comment.analysis.owner and not request.user.is_superuser:
return render_to_response(
"error.html", {"error": "You are not authorized to delete this."},
context_instance=RequestContext(request))
comment.delete()
# Auditing.
log_activity("I",
"Comment on image deleted: %s" % comment.analysis.file_name,
request)
return HttpResponseRedirect(
reverse("analyses.views.show_analysis", args=(comment.analysis.id, )))
def edit_case(request, case_id):
"""Edit a case."""
case = get_object_or_404(Case, pk=case_id)
# Security check.
if request.user != case.owner and not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You are not authorized to edit this."},
context_instance=RequestContext(request))
if case.state == "C":
return render_to_response("error.html",
{"error": "You cannot edit a closed case."},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.CaseForm(request.POST, instance=case)
if form.is_valid():
case = form.save(commit=False)
case.owner = request.user
case.updated_at = now()
case.save()
form.save_m2m()
# Always add owner.
case.users.add(request.user)
# Auditing.
log_activity("C",
"Edited case {0}".format(case.name),
request)
return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list")))
else:
form = forms.CaseForm(instance=case)
# Redirects to case index if requested.
if request.GET.get("page", None):
return HttpResponseRedirect(reverse("analyses.views.list_cases"))
else:
return render_to_response("analyses/cases/edit.html",
{"form": form, "case": case},
context_instance=RequestContext(request))
def new_case(request):
"""Creates a new case."""
if request.method == "POST":
form = forms.CaseForm(request.POST)
if form.is_valid():
case = form.save(commit=False)
case.owner = request.user
case.save()
form.save_m2m()
# Always add owner.
case.users.add(request.user)
# Auditing.
log_activity("C",
"Created new case {0}".format(case.name),
request)
return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list")))
else:
form = forms.CaseForm()
return render_to_response("analyses/cases/new.html",
{"form": form},
context_instance=RequestContext(request))
def favorite(request, id):
"""Favorite image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not(request.user.is_superuser or request.user in analysis.case.users.all()):
return render_to_response("error.html",
{"error": "You are not authorized to view this."},
context_instance=RequestContext(request))
if Favorite.objects.filter(analysis=analysis).filter(owner=request.user).exists():
Favorite.objects.filter(analysis=analysis).filter(owner=request.user).delete()
return HttpResponse("false")
else:
Favorite(analysis=analysis, owner=request.user).save()
# Auditing.
log_activity("A",
"Favorite image added: {0}".format(analysis.file_name),
request)
#return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(analysis.id,)))
return HttpResponse("true")
def admin_new_user(request):
"""Create new users."""
# Security check.
if not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You must be superuser"},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.ProfileCreationForm(request.POST)
if form.is_valid():
user = form.save()
# Auditing.
log_activity("A", "Created new user %s" % user.username, request)
return HttpResponseRedirect(
reverse("users.views.admin_show_user", args=(user.id, )))
else:
form = forms.ProfileCreationForm()
return render_to_response("admin/new_user.html", {"form": form},
context_instance=RequestContext(request))
def admin_disable_user(request, user_id):
"""Disable user."""
# Security check.
if not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You must be superuser"},
context_instance=RequestContext(request))
user = get_object_or_404(Profile, pk=user_id)
if request.user == user:
return render_to_response("error.html",
{"error": "You can not disable yourself"},
context_instance=RequestContext(request))
user.is_active = False
user.save()
# Auditing.
log_activity("A", "Disabled user %s" % user.username, request)
return HttpResponseRedirect(reverse("users.views.admin_list_users"))
def add_tag(request, id):
"""Tag image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not (request.user.is_superuser
or request.user in analysis.case.users.all()):
return render_to_response(
"error.html", {"error": "You are not authorized to tag this."},
context_instance=RequestContext(request))
# Validation check.
if not request.POST.get("tagName"):
return HttpResponse("Tag empty.")
tag = Tag(owner=request.user, text=request.POST.get("tagName"))
tag.save()
analysis.tag_set.add(tag)
# Auditing.
log_activity("I", "Tag on image added: %s" % analysis.file_name, request)
return HttpResponse(tag.id)
def close_case(request, case_id):
"""Close a case."""
case = get_object_or_404(Case, pk=case_id)
# Security check.
if request.user != case.owner and not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You are not authorized to close this."},
context_instance=RequestContext(request))
if case.state == "C":
return render_to_response("error.html",
{"error": "You cannot edit an already closed case."},
context_instance=RequestContext(request))
case.state = "C"
case.updated_at = now()
case.save()
# Auditing.
log_activity("C",
"Closed case {0}".format(case.name),
request)
return HttpResponseRedirect(reverse("analyses.views.list_cases"))
def favorite(request, id):
"""Favorite image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not (request.user.is_superuser
or request.user in analysis.case.users.all()):
return render_to_response(
"error.html", {"error": "You are not authorized to view this."},
context_instance=RequestContext(request))
if Favorite.objects.filter(analysis=analysis).filter(
owner=request.user).exists():
Favorite.objects.filter(analysis=analysis).filter(
owner=request.user).delete()
return HttpResponse("false")
else:
Favorite(analysis=analysis, owner=request.user).save()
# Auditing.
log_activity("A", "Favorite image added: %s" % analysis.file_name, request)
#return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(analysis.id,)))
return HttpResponse("true")
def new_image(request, case_id):
"""Upload a new image."""
case = get_object_or_404(Case, pk=case_id)
# Security check.
if not request.user.is_superuser and not request.user in case.users.all():
return render_to_response("error.html",
{"error": "You are not authorized to add image to this."},
context_instance=RequestContext(request))
if case.state == "C":
return render_to_response("error.html",
{"error": "You cannot add an image to a closed case."},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.UploadImageForm(request.POST, request.FILES)
if form.is_valid():
task = form.save(commit=False)
task.owner = request.user
task.case = case
task.file_name = request.FILES["image"].name
task.image_id = save_file(file_path=request.FILES["image"].temporary_file_path(),
content_type=request.FILES["image"].content_type)
task.thumb_id = create_thumb(request.FILES["image"].temporary_file_path())
task.save()
# Auditing.
log_activity("I",
"Created new analysis {0}".format(task.file_name),
request)
return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list")))
else:
form = forms.UploadImageForm()
return render_to_response("analyses/images/new_image.html",
{"form": form, "case": case},
context_instance=RequestContext(request))
def add_tag(request, id):
"""Tag image."""
analysis = get_object_or_404(Analysis, pk=id)
# Security check.
if not(request.user.is_superuser or request.user in analysis.case.users.all()):
return render_to_response("error.html",
{"error": "You are not authorized to tag this."},
context_instance=RequestContext(request))
# Validation check.
if not request.POST.get("tagName"):
return HttpResponse("Tag empty.")
tag = Tag(owner=request.user, text=request.POST.get("tagName"))
tag.save()
analysis.tag_set.add(tag)
# Auditing.
log_activity("I",
"Tag on image added: {0}".format(analysis.file_name),
request)
return HttpResponse(tag.id)
def admin_new_user(request):
"""Create new users."""
# Security check.
if not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You must be superuser"},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.ProfileCreationForm(request.POST)
if form.is_valid():
user = form.save()
# Auditing.
log_activity("A",
"Created new user {0}".format(user.username),
request)
return HttpResponseRedirect(reverse("users.views.admin_show_user", args=(user.id,)))
else:
form = forms.ProfileCreationForm()
return render_to_response("admin/new_user.html",
{"form": form},
context_instance=RequestContext(request))
def admin_disable_user(request, user_id):
"""Disable user."""
# Security check.
if not request.user.is_superuser:
return render_to_response("error.html",
{"error": "You must be superuser"},
context_instance=RequestContext(request))
user = get_object_or_404(Profile, pk=user_id)
if request.user == user:
return render_to_response("error.html",
{"error": "You can not disable yourself"},
context_instance=RequestContext(request))
user.is_active = False
user.save()
# Auditing.
log_activity("A",
"Disabled user {0}".format(user.username),
request)
return HttpResponseRedirect(reverse("users.views.admin_list_users"))
if request.method == "POST":
form = forms.UploadImageForm(request.POST, request.FILES)
if form.is_valid():
task = form.save(commit=False)
task.owner = request.user
task.case = case
task.file_name = request.FILES["image"].name
task.image_id = save_file(
file_path=request.FILES["image"].temporary_file_path(),
content_type=request.FILES["image"].content_type)
task.thumb_id = create_thumb(
request.FILES["image"].temporary_file_path())
task.save()
# Auditing.
log_activity("I",
"Created new analysis {0}".format(task.file_name),
request)
return HttpResponseRedirect(
reverse("analyses.views.show_case", args=(case.id, "list")))
else:
form = forms.UploadImageForm()
return render_to_response("analyses/images/new_image.html", {
"form": form,
"case": case
},
context_instance=RequestContext(request))
@login_required
def new_folder(request, case_id):
form = forms.UploadImageForm(request.POST, request.FILES)
if form.is_valid():
task = form.save(commit=False)
task.owner = request.user
task.case = case
task.file_name = request.FILES["image"].name
task.image_id = save_file(
file_path=request.FILES["image"].temporary_file_path(),
content_type=request.FILES["image"].content_type)
task.thumb_id = create_thumb(
request.FILES["image"].temporary_file_path())
task.save()
# Auditing.
log_activity("I",
"Created new analysis {0}".format(task.file_name),
request)
# Response designed for Plupload component.
response = HttpResponse(
'{"jsonrpc": "2.0", "result": null, "id": "id"}',
content_type="application/json")
# Never cache AJAX response.
response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT"
response[
"Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
response["Pragma"] = "no-cache"
return response
else:
# Deal with a validation error. We are using Plupload which basically is an AJAX component
# so we have to deal with custom validation errors passing in JSON.
# Plupload needs a status code 200/OK to get additional data passed from the web server.
case = None
task = Analysis.add_task(
request.FILES["image"].temporary_file_path(),
file_name=request.FILES["image"].name,
case=case,
user=user,
content_type=request.FILES["image"].content_type,
image_id=save_file(
file_path=request.FILES["image"].temporary_file_path(),
content_type=request.FILES["image"].content_type),
thumb_id=create_thumb(request.FILES["image"].temporary_file_path()))
# Auditing.
log_activity("I",
"Created new analysis via API %s" % task.file_name,
request,
user=user)
response_data = {"id": task.id}
return HttpResponse(json.dumps(response_data),
content_type="application/json")
@require_POST
@csrf_exempt
def get_report(request):
"""Returns a report."""
user = api_authenticate(request.POST.get("api_key"))
if request.POST.get("task_id"):
task = get_object_or_404(Analysis, pk=request.POST.get("task_id"))
def new_url(request, case_id):
"""Upload a new image via URL."""
case = get_object_or_404(Case, pk=case_id)
# Security check.
if not request.user.is_superuser and not request.user in case.users.all():
return render_to_response("error.html",
{"error": "You are not authorized to add image to this."},
context_instance=RequestContext(request))
if case.state == "C":
return render_to_response("error.html",
{"error": "You cannot add an image to a closed case."},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.UrlForm(request.POST)
if form.is_valid():
# Download file.
try:
url = urllib2.urlopen(request.POST.get("url"), timeout=5)
except urllib2.URLError as e:
if hasattr(e, "reason"):
return render_to_response("error.html",
{"error": "We failed to reach a server, reason: %s" % e.reason},
context_instance=RequestContext(request))
elif hasattr(e, "code"):
return render_to_response("error.html",
{"error": "The remote server couldn't fulfill the request, HTTP error code %s" % e.code},
context_instance=RequestContext(request))
# Store temp file.
url_temp = NamedTemporaryFile(delete=True)
url_temp.write(url.read())
url_temp.flush()
# Convert to File object.
url_file = File(url_temp).name
# Check content type.
mime = magic.Magic(mime=True)
content_type = mime.from_file(url_file)
if not check_allowed_content(content_type):
return render_to_response("error.html",
{"error": "File type not supported"},
context_instance=RequestContext(request))
# Create analysis task.
task = Analysis()
task.owner = request.user
task.case = case
task.file_name = os.path.basename(urlparse.urlparse(request.POST.get("url")).path)
task.image_id = save_file(file_path=url_file, content_type=content_type)
task.thumb_id = create_thumb(url_file)
task.save()
# Auditing.
log_activity("I",
"Created new analysis {0} from URL {1}".format(task.file_name, request.POST.get("url")),
request)
return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list")))
else:
# Request is not a POST.
form = forms.UrlForm()
return render_to_response("analyses/images/new_url.html",
{"form": form, "case": case},
context_instance=RequestContext(request))
if request.method == "POST":
form = forms.UploadImageForm(request.POST, request.FILES)
if form.is_valid():
task = form.save(commit=False)
task.owner = request.user
task.case = case
task.file_name = request.FILES["image"].name
task.image_id = save_file(
file_path=request.FILES["image"].temporary_file_path(),
content_type=request.FILES["image"].content_type)
task.thumb_id = create_thumb(
request.FILES["image"].temporary_file_path())
task.save()
# Auditing.
log_activity("I", "Created new analysis %s" % task.file_name,
request)
# Response designed for Plupload component.
response = HttpResponse(
'{"jsonrpc": "2.0", "result": null, "id": "id"}',
content_type="application/json")
# Never cache AJAX response.
response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT"
response[
"Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
response["Pragma"] = "no-cache"
return response
else:
# Deal with a validation error. We are using Plupload which basically is an AJAX component
# so we have to deal with custom validation errors passing in JSON.
# Plupload needs a status code 200/OK to get additional data passed from the web server.
response = HttpResponse(json.dumps({
