Ejemplo n.º 1
0
def image_stats():
    # Get parameters
    image_id = request.args.get('id', '')
    time_from = request.args.get('from', '')
    time_to = request.args.get('to', '')
    data_type = request.args.get('data_type', '1')
    embed = request.args.get('embed', '')
    try:
        # Validate params, get iso and datetime versions
        if image_id == '':
            raise ValueError('No image was specified.')
        image_id = parse_long(image_id)
        (iso_time_from,
         iso_time_to) = process_time_parameters(time_from, time_to)
        dt_time_from = parse_iso_datetime(iso_time_from)
        dt_time_to = parse_iso_datetime(iso_time_to)
        embed = parse_boolean(embed)

        return render_template(
            'reports_image_stats.html',
            timezone=get_timezone_code(),
            timezone_seconds=get_timezone_offset(),
            time_from=dt_time_from,
            time_to=dt_time_to,
            data_type=data_type,
            db_image=data_engine.get_image(image_id=image_id),
            embed=embed)
    except Exception as e:
        log_security_error(e, request)
        if app.config['DEBUG']:
            raise
        raise InternalServerError(safe_error_str(e))
Ejemplo n.º 2
0
def system_stats():
    # Get parameters
    time_from = request.args.get('from', '')
    time_to = request.args.get('to', '')
    data_type = request.args.get('data_type', '1')
    embed = request.args.get('embed', '')
    try:
        # Validate params, get iso and datetime versions
        (iso_time_from,
         iso_time_to) = process_time_parameters(time_from, time_to)
        dt_time_from = parse_iso_datetime(iso_time_from)
        dt_time_to = parse_iso_datetime(iso_time_to)
        embed = parse_boolean(embed)

        return render_template('reports_system_stats.html',
                               timezone=get_timezone_code(),
                               timezone_seconds=get_timezone_offset(),
                               time_from=dt_time_from,
                               time_to=dt_time_to,
                               data_type=data_type,
                               embed=embed)
    except Exception as e:
        log_security_error(e, request)
        if app.config['DEBUG']:
            raise
        raise InternalServerError(safe_error_str(e))
Ejemplo n.º 3
0
def image_stats():
    # Get parameters
    image_id = request.args.get('id', '')
    time_from = request.args.get('from', '')
    time_to = request.args.get('to', '')
    data_type = request.args.get('data_type', '1')
    embed = request.args.get('embed', '')
    try:
        # Validate params, get iso and datetime versions
        if image_id == '':
            raise ValueError('No image was specified.')
        image_id = parse_long(image_id)
        (iso_time_from, iso_time_to) = process_time_parameters(time_from, time_to)
        dt_time_from = parse_iso_datetime(iso_time_from)
        dt_time_to = parse_iso_datetime(iso_time_to)
        embed = parse_boolean(embed)

        return render_template(
            'reports_image_stats.html',
            timezone=get_timezone_code(),
            timezone_seconds=get_timezone_offset(),
            time_from=dt_time_from,
            time_to=dt_time_to,
            data_type=data_type,
            db_image=data_engine.get_image(image_id=image_id),
            embed=embed
        )
    except Exception as e:
        log_security_error(e, request)
        if app.config['DEBUG']:
            raise
        raise InternalServerError(str(e))
Ejemplo n.º 4
0
def system_stats():
    # Get parameters
    time_from = request.args.get('from', '')
    time_to = request.args.get('to', '')
    data_type = request.args.get('data_type', '1')
    embed = request.args.get('embed', '')
    try:
        # Validate params, get iso and datetime versions
        (iso_time_from, iso_time_to) = process_time_parameters(time_from, time_to)
        dt_time_from = parse_iso_datetime(iso_time_from)
        dt_time_to = parse_iso_datetime(iso_time_to)
        embed = parse_boolean(embed)

        return render_template(
            'reports_system_stats.html',
            timezone=get_timezone_code(),
            timezone_seconds=get_timezone_offset(),
            time_from=dt_time_from,
            time_to=dt_time_to,
            data_type=data_type,
            embed=embed
        )
    except Exception as e:
        log_security_error(e, request)
        if app.config['DEBUG']:
            raise
        raise InternalServerError(str(e))
Ejemplo n.º 5
0
 def _get_validated_object_parameters(self, data_dict):
     params = {
         'name':
         data_dict['name'].strip(),
         'description':
         data_dict['description'],
         'group_type':
         parse_int(data_dict['group_type']),
         'access_folios':
         parse_boolean(data_dict.get('access_folios', '')),
         'access_reports':
         parse_boolean(data_dict.get('access_reports', '')),
         'access_admin_users':
         parse_boolean(data_dict.get('access_admin_users', '')),
         'access_admin_files':
         parse_boolean(data_dict.get('access_admin_files', '')),
         'access_admin_folios':
         parse_boolean(data_dict.get('access_admin_folios', '')),
         'access_admin_permissions':
         parse_boolean(data_dict.get('access_admin_permissions', '')),
         'access_admin_all':
         parse_boolean(data_dict.get('access_admin_all', ''))
     }
     validate_string(params['description'], 0, 5 * 1024)
     validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM,
                     Group.GROUP_TYPE_LDAP)
     if params['group_type'] == Group.GROUP_TYPE_LOCAL:
         validate_string(params['name'], 1, 120)
     return params
Ejemplo n.º 6
0
    def _get_validated_object_parameters(self, data_dict):
        params = {
            'description': data_dict['description'],
            'originals': parse_boolean(data_dict['originals']),
            'image_parameters': data_dict.get('image_parameters', '{}'),
            'expiry_time': parse_iso_date(data_dict['expiry_time'])
        }
        if len(data_dict['expiry_time']) >= 19:
            # It looks like expiry_time has a time part
            params['expiry_time'] = parse_iso_datetime(
                data_dict['expiry_time'])

        validate_string(params['description'], 0, 5 * 1024)
        validate_string(params['image_parameters'], 2, 100 * 1024)
        params['image_parameters'] = _image_params_to_template_dict(
            params['image_parameters'])
        if params['expiry_time'] < datetime.utcnow():
            raise ValueError('expiry time (UTC) has already passed')
        return params
Ejemplo n.º 7
0
 def _get_validated_object_parameters(self, data_dict, require_password):
     params = {
         'first_name': data_dict['first_name'],
         'last_name': data_dict['last_name'],
         'email': data_dict['email'],
         'username': data_dict['username'].strip(),
         'password': data_dict.get('password', ''),
         'auth_type': parse_int(data_dict['auth_type']),
         'allow_api': parse_boolean(data_dict.get('allow_api', ''))
     }
     validate_string(params['first_name'], 0, 120)
     validate_string(params['last_name'], 0, 120)
     validate_string(params['email'], 0, 120)
     validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD, User.AUTH_TYPE_LDAP)
     if params['auth_type'] != User.AUTH_TYPE_LDAP:
         validate_string(params['username'], 1, 120)
     if params['password'] or require_password:
         validate_string(params['password'], 6, 120)
     return params
Ejemplo n.º 8
0
 def _get_validated_object_parameters(self, data_dict):
     params = {
         'name': data_dict['name'].strip(),
         'description': data_dict['description'],
         'group_type': parse_int(data_dict['group_type']),
         'access_folios': parse_boolean(data_dict.get('access_folios', '')),
         'access_reports': parse_boolean(data_dict.get('access_reports', '')),
         'access_admin_users': parse_boolean(data_dict.get('access_admin_users', '')),
         'access_admin_files': parse_boolean(data_dict.get('access_admin_files', '')),
         'access_admin_folios': parse_boolean(data_dict.get('access_admin_folios', '')),
         'access_admin_permissions': parse_boolean(data_dict.get('access_admin_permissions', '')),
         'access_admin_all': parse_boolean(data_dict.get('access_admin_all', ''))
     }
     validate_string(params['description'], 0, 5 * 1024)
     validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM, Group.GROUP_TYPE_LDAP)
     if params['group_type'] == Group.GROUP_TYPE_LOCAL:
         validate_string(params['name'], 1, 120)
     return params
Ejemplo n.º 9
0
 def _get_validated_object_parameters(self, data_dict, require_password):
     params = {
         'first_name': data_dict['first_name'],
         'last_name': data_dict['last_name'],
         'email': data_dict['email'],
         'username': data_dict['username'].strip(),
         'password': data_dict.get('password', ''),
         'auth_type': parse_int(data_dict['auth_type']),
         'allow_api': parse_boolean(data_dict.get('allow_api', ''))
     }
     validate_string(params['first_name'], 0, 120)
     validate_string(params['last_name'], 0, 120)
     validate_string(params['email'], 0, 120)
     validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD,
                     User.AUTH_TYPE_LDAP)
     if params['auth_type'] != User.AUTH_TYPE_LDAP:
         validate_string(params['username'], 1, 120)
     if params['password'] or require_password:
         validate_string(params['password'], 8, 120)
     return params
Ejemplo n.º 10
0
def upload():
    # Get URL parameters for the upload
    file_list = request.files.getlist('files')
    path_index = request.form.get('path_index', '-1')   # Index into IMAGE_UPLOAD_DIRS or -1
    path = request.form.get('path', '')                 # Manual path when path_index is -1
    overwrite = request.form.get('overwrite')

    ret_dict = {}
    try:
        path_index = parse_int(path_index)
        overwrite = parse_boolean(overwrite)
        validate_string(path, 0, 1024)

        current_user = get_session_user()
        assert current_user is not None

        put_image_exception = None
        can_download = None
        for wkfile in file_list:
            original_filename = wkfile.filename
            if original_filename:
                db_image = None
                try:
                    # Save (also checks user-folder permissions)
                    _, db_image = image_engine.put_image(
                        current_user,
                        wkfile,
                        secure_filename(
                            original_filename,
                            app.config['ALLOW_UNICODE_FILENAMES']
                        ),
                        path_index,
                        path,
                        overwrite
                    )
                except Exception as e:
                    # Save the error to use as our overall return value
                    if put_image_exception is None:
                        put_image_exception = e
                    # This loop failure, add the error info to our return data
                    ret_dict[original_filename] = {'error': create_api_error_dict(e)}

                if db_image:
                    # Calculate download permission once (all files are going to same folder)
                    if can_download is None:
                        can_download = permissions_engine.is_folder_permitted(
                            db_image.folder,
                            FolderPermission.ACCESS_DOWNLOAD,
                            get_session_user()
                        )
                    # This loop success
                    ret_dict[original_filename] = _image_dict(db_image, can_download)

        # Loop complete. If we had an exception, raise it now.
        if put_image_exception is not None:
            raise put_image_exception

    except Exception as e:
        # put_image returns ValueError for parameter errors
        if type(e) is ValueError:
            e = ParameterError(unicode(e))
        # Attach whatever data we have to return with the error
        # Caller can then decide whether to continue if some files worked
        e.api_data = ret_dict
        raise e
    finally:
        # Store the result for the upload_complete page
        cache_engine.raw_put(
            'UPLOAD_API:' + str(current_user.id),
            ret_dict,
            expiry_secs=(60 * 60 * 24 * 7),
            integrity_check=True
        )

    # If here, all files were uploaded successfully
    return make_api_success_response(ret_dict)
Ejemplo n.º 11
0
def imagelist():
    # Check parameters
    try:
        from_path = request.args.get('path', '')
        want_info = parse_boolean(request.args.get('attributes', ''))
        limit = parse_int(request.args.get('limit', '1000'))
        validate_string(from_path, 1, 1024)
    except ValueError as e:
        raise ParameterError(e)

    # Get extra parameters for image URL construction
    image_params = request.args.to_dict()
    if 'path' in image_params:
        del image_params['path']
    if 'attributes' in image_params:
        del image_params['attributes']
    if 'limit' in image_params:
        del image_params['limit']

    # Get directory listing
    directory_info = get_directory_listing(from_path, False, limit)
    if not directory_info.exists():
        raise DoesNotExistError('Invalid path')

    ret_list = []
    db_session = data_engine.db_get_session()
    db_commit = False
    try:
        # Auto-populate the folders database
        db_folder = auto_sync_folder(
            from_path, data_engine, task_engine, _db_session=db_session
        )
        db_session.commit()

        # Require view permission or file admin
        permissions_engine.ensure_folder_permitted(
            db_folder,
            FolderPermission.ACCESS_VIEW,
            get_session_user()
        )

        # Create the response
        file_list = directory_info.contents()
        img_types = image_engine.get_image_formats()
        base_folder = add_sep(directory_info.name())
        for f in file_list:
            # Filter out non-images
            if get_file_extension(f['filename']) in img_types:
                entry_path = base_folder + f['filename']
                entry = {
                    'filename': f['filename'],
                    'url': external_url_for('image', src=entry_path, **image_params)
                }
                if want_info:
                    db_entry = auto_sync_existing_file(
                        entry_path,
                        data_engine,
                        task_engine,
                        burst_pdf=False,  # Don't burst a PDF just by finding it here
                        _db_session=db_session
                    )
                    entry['id'] = db_entry.id if db_entry else 0
                    entry['folder_id'] = db_entry.folder_id if db_entry else 0
                    entry['title'] = db_entry.title if db_entry else ''
                    entry['description'] = db_entry.description if db_entry else ''
                    entry['width'] = db_entry.width if db_entry else 0
                    entry['height'] = db_entry.height if db_entry else 0
                ret_list.append(entry)

        db_commit = True
    finally:
        try:
            if db_commit:
                db_session.commit()
            else:
                db_session.rollback()
        finally:
            db_session.close()

    return make_api_success_response(ret_list)
Ejemplo n.º 12
0
def upload():
    # Get URL parameters for the upload
    file_list = request.files.getlist('files')
    path_index = request.form.get('path_index', '-1')   # Index into IMAGE_UPLOAD_DIRS or -1
    path = request.form.get('path', '')                 # Manual path when path_index is -1
    overwrite = request.form.get('overwrite')

    ret_dict = {}
    try:
        current_user = get_session_user()
        assert current_user is not None

        # Check params
        path_index = parse_int(path_index)
        if overwrite != 'rename':
            overwrite = parse_boolean(overwrite)
        validate_string(path, 0, 1024)
        if not path and path_index < 0:
            raise ValueError('Either path or path_index is required')
        if len(file_list) < 1:
            raise ValueError('No files have been attached')

        if path_index >= 0:
            # Get a "trusted" pre-defined upload folder
            # image_engine.put_image() will create it if it doesn't exist
            _, path = get_upload_directory(path_index)
        else:
            # A manually specified folder is "untrusted" and has to exist already
            if not path_exists(path):
                raise DoesNotExistError('Path \'' + path + '\' does not exist')

        # Loop over the upload files
        put_image_exception = None
        can_download = None
        saved_files = []
        for wkfile in file_list:
            original_filepath = wkfile.filename
            original_filename = filepath_filename(original_filepath)  # v2.7.1 added
            if original_filename:
                db_image = None
                try:
                    # Don't allow filenames like "../../../etc/passwd"
                    safe_filename = secure_filename(
                        original_filename,
                        app.config['ALLOW_UNICODE_FILENAMES']
                    )
                    # v2.7.1 If we already saved a file as safe_filename during this upload,
                    # override this one to have overwrite=rename
                    overwrite_flag = 'rename' if safe_filename in saved_files else overwrite
                    # Save (this also checks user-folder permissions)
                    _, db_image = image_engine.put_image(
                        current_user,
                        wkfile,
                        path,
                        safe_filename,
                        overwrite_flag
                    )
                    # v2.7.1 Keep a record of what filenames we used during this upload
                    saved_files.append(safe_filename)
                except Exception as e:
                    # Save the error to use as our overall return value
                    if put_image_exception is None:
                        put_image_exception = e
                    # This loop failure, add the error info to our return data
                    ret_dict[original_filepath] = {
                        'error': create_api_error_dict(e, logger)
                    }

                if db_image:
                    # Calculate download permission once (all files are going to same folder)
                    if can_download is None:
                        can_download = permissions_engine.is_folder_permitted(
                            db_image.folder,
                            FolderPermission.ACCESS_DOWNLOAD,
                            get_session_user()
                        )
                    # This loop success
                    ret_dict[original_filepath] = object_to_dict(
                        _prep_image_object(db_image, can_download), _omit_fields
                    )
            else:
                logger.warning('Upload received blank filename, ignoring file')

        # Loop complete. If we had an exception, raise it now.
        if put_image_exception is not None:
            raise put_image_exception

    except Exception as e:
        # put_image returns ValueError for parameter errors
        if type(e) is ValueError:
            e = ParameterError(str(e))
        # Attach whatever data we have to return with the error
        # Caller can then decide whether to continue if some files worked
        e.api_data = ret_dict
        raise e
    finally:
        # Store the result for the upload_complete page
        cache_engine.raw_put(
            'UPLOAD_API:' + str(current_user.id),
            ret_dict,
            expiry_secs=(60 * 60 * 24 * 7)
        )

    # If here, all files were uploaded successfully
    return make_api_success_response(ret_dict)
Ejemplo n.º 13
0
def imagelist():
    # Check parameters
    try:
        from_path = request.args.get('path', '')
        want_info = parse_boolean(request.args.get('attributes', ''))
        start = parse_int(request.args.get('start', '0'))
        limit = parse_int(request.args.get('limit', '1000'))
        validate_string(from_path, 1, 1024)
        validate_number(start, 0, 999999999)
        validate_number(limit, 1, 1000)
    except ValueError as e:
        raise ParameterError(e)

    # Get extra parameters for image URL construction, remove API parameters
    image_params = request.args.to_dict()
    image_params.pop('path', None)
    image_params.pop('attributes', None)
    image_params.pop('start', None)
    image_params.pop('limit', None)

    # Get directory listing
    directory_info = get_directory_listing(from_path, False, 2, start, limit)
    if not directory_info.exists():
        raise DoesNotExistError('Invalid path')

    ret_list = []
    db_session = data_engine.db_get_session()
    db_commit = False
    try:
        # Auto-populate the folders database
        db_folder = auto_sync_folder(
            from_path, data_engine, task_engine, _db_session=db_session
        )
        db_session.commit()

        # Require view permission or file admin
        permissions_engine.ensure_folder_permitted(
            db_folder,
            FolderPermission.ACCESS_VIEW,
            get_session_user()
        )
        # Get download permission in case we need to return it later
        can_download = permissions_engine.is_folder_permitted(
            db_folder,
            FolderPermission.ACCESS_DOWNLOAD,
            get_session_user()
        )

        # Create the response
        file_list = directory_info.contents()
        supported_img_types = image_engine.get_image_formats(supported_only=True)
        base_folder = add_sep(directory_info.name())
        for f in file_list:
            # v2.6.4 Return unsupported files too. If you want to reverse this change,
            # the filtering needs to be elsewhere for 'start' and 'limit' to work properly
            supported_file = get_file_extension(f['filename']) in supported_img_types
            file_path = base_folder + f['filename']

            if want_info:
                # Need to return the database fields too
                if supported_file:
                    db_entry = auto_sync_existing_file(
                        file_path,
                        data_engine,
                        task_engine,
                        burst_pdf=False,  # Don't burst a PDF just by finding it here
                        _db_session=db_session
                    )
                    db_entry = _prep_image_object(db_entry, can_download, **image_params)
                else:
                    db_entry = _prep_blank_image_object()
                    db_entry.filename = f['filename']
                    db_entry.supported = False
                # Return images in full (standard) image dict format
                entry = object_to_dict(db_entry, _omit_fields)
            else:
                # Return images in short dict format
                entry = {
                    'filename': f['filename'],
                    'supported': supported_file,
                    'url': (external_url_for('image', src=file_path, **image_params)
                            if supported_file else '')
                }

            ret_list.append(entry)

        db_commit = True
    finally:
        try:
            if db_commit:
                db_session.commit()
            else:
                db_session.rollback()
        finally:
            db_session.close()

    return make_api_success_response(ret_list)