def post(self, analysis_id):
analysis_id = int(analysis_id.split("/")[0])
analysis_id_sent = int(self.get_argument('analysis_id'))
action = self.get_argument('action')
if analysis_id != analysis_id_sent or action != 'delete_analysis':
raise QiitaPetAuthorizationError(
self.current_user.id,
'analysis/results/%d-delete' % analysis_id)
analysis = Analysis(analysis_id)
analysis_name = analysis.name
check_analysis_access(self.current_user, analysis)
try:
Analysis.delete(analysis_id)
msg = ("Analysis <b><i>%s</i></b> has been deleted." %
(analysis_name))
level = "success"
except Exception as e:
e = str(e)
msg = ("Couldn't remove <b><i>%s</i></b> analysis: %s" %
(analysis_name, e))
level = "danger"
LogEntry.create(
'Runtime',
"Couldn't remove analysis ID %d: %s" % (analysis_id, e))
self.redirect(u"/analysis/show/?level=%s&message=%s" % (level, msg))
def get(self, filepath_id):
filepath_id = int(filepath_id)
# Check access to file
accessible_filepaths = get_accessible_filepath_ids(self.current_user)
if filepath_id not in accessible_filepaths:
raise QiitaPetAuthorizationError(
self.current_user, 'filepath id %s' % str(filepath_id))
relpath = filepath_id_to_rel_path(filepath_id)
fname = basename(relpath)
# If we don't have nginx, write a file that indicates this
self.write("This installation of Qiita was not equipped with nginx, "
"so it is incapable of serving files. The file you "
"attempted to download is located at %s" % relpath)
self.set_header('Content-Description', 'File Transfer')
self.set_header('Content-Type', 'application/octet-stream')
self.set_header('Content-Transfer-Encoding', 'binary')
self.set_header('Expires', '0')
self.set_header('Cache-Control', 'no-cache')
self.set_header('X-Accel-Redirect', '/protected/' + relpath)
self.set_header('Content-Disposition',
'attachment; filename=%s' % fname)
self.finish()
def validate_absolute_path(self, root, absolute_path):
"""Overrides StaticFileHandler's method to include authentication
"""
# Get the filename (or the base directory) of the result
if root[-1] != '/':
root = "%s/" % root
len_prefix = len(commonprefix([root, absolute_path]))
base_requested_fp = absolute_path[len_prefix:].split(sep, 1)[0]
current_user = self.current_user
# If the user is an admin, then allow access
if current_user.level == 'admin':
return super(ResultsHandler,
self).validate_absolute_path(root, absolute_path)
# otherwise, we have to check if they have access to the requested
# resource
user_id = current_user.id
accessible_filepaths = check_access_to_analysis_result(
user_id, base_requested_fp)
# Turn these filepath IDs into absolute paths
db_files_base_dir = get_db_files_base_dir()
relpaths = filepath_ids_to_rel_paths(accessible_filepaths)
accessible_filepaths = {
join(db_files_base_dir, relpath)
for relpath in relpaths.values()
}
# check if the requested resource is a file (or is in a directory) that
# the user has access to
if join(root, base_requested_fp) in accessible_filepaths:
return super(ResultsHandler,
self).validate_absolute_path(root, absolute_path)
else:
raise QiitaPetAuthorizationError(user_id, absolute_path)