def revision_add_attachment(request, pk): """Add attachment, download if necessary """ revision = get_object_or_404(PackageRevision, pk=pk) if request.user.pk != revision.author.pk: log_msg = ("[security] Attempt to add attachment to package (%s) by " "non-owner (%s)" % (revision.package, request.user)) log.warning(log_msg) return HttpResponseForbidden( 'You are not the author of this %s' % escape( revision.package.get_type_name())) url = request.POST.get('url', None) filename = request.POST.get('filename', None) if not filename or filename == "": log.error('Trying to create an attachment without name') return HttpResponseBadRequest('Path not found.') content = '' if url: log.info(('[%s] Preparing to download %s as an attachment of ' 'PackageRevision %d') % (filename, url, revision.pk)) # validate url field = URLField(verify_exists=True) encoding = request.POST.get('force_contenttype', False) try: url = field.clean(url) except ValidationError, err: log.warning('[%s] Invalid url provided\n%s' % (url, '\n'.join(err.messages))) return HttpResponseBadRequest(("Loading attachment failed\n" "%s") % parse_validation_messages(err)) except Exception, err: log.warning('[%s] Exception raised\n%s' % (url, str(err))) return HttpResponseBadRequest(str(err))
def upload_attachments(request, id_number, type_id, revision_number=None, version_name=None): """ Upload new attachments to the PackageRevision """ revision = get_package_revision(None, id_number, type_id, revision_number, version_name) if request.user.pk != revision.author.pk: log_msg = ("[security] Attempt to upload attachment to package (%s) " "by non-owner (%s)" % (id_number, request.user)) log.warning(log_msg) return HttpResponseForbidden( 'You are not the author of this %s' % escape( revision.package.get_type_name())) content = request.raw_post_data filename = request.META.get('HTTP_X_FILE_NAME') if not filename: log_msg = 'Path not found: %s, package: %s.' % ( filename, id_number) log.error(log_msg) return HttpResponseServerError('Path not found.') try: attachment = revision.attachment_create_by_filename( request.user, filename, content) except ValidationError, e: return HttpResponseForbidden( 'Validation errors.\n%s' % parse_validation_messages(e))
def add_empty_attachment(request, id_number, type_id, revision_number=None, version_name=None): """ Add new empty attachment to the PackageRevision """ revision = get_package_revision(None, id_number, type_id, revision_number, version_name) if request.user.pk != revision.author.pk: log_msg = ("[security] Attempt to add attachment to package (%s) by " "non-owner (%s)" % (id_number, request.user)) log.warning(log_msg) return HttpResponseForbidden( 'You are not the author of this %s' % escape( revision.package.get_type_name())) filename = request.POST.get('filename', False) if not filename: log_msg = 'Path not found: %s, package: %s.' % ( filename, id_number) log.error(log_msg) return HttpResponseServerError('Path not found.') try: attachment = revision.attachment_create_by_filename(request.user, filename, '') except ValidationError, e: return HttpResponseForbidden( 'Validation errors.\n%s' % parse_validation_messages(e))
def add_empty_attachment(request, id_number, type_id, revision_number=None, version_name=None): """ Add new empty attachment to the PackageRevision """ revision = get_package_revision(None, id_number, type_id, revision_number, version_name) if request.user.pk != revision.author.pk: log_msg = ("[security] Attempt to add attachment to package (%s) by " "non-owner (%s)" % (id_number, request.user)) log.warning(log_msg) return HttpResponseForbidden('You are not the author of this %s' % escape(revision.package.get_type_name())) filename = request.POST.get('filename', False) if not filename: log_msg = 'Path not found: %s, package: %s.' % (filename, id_number) log.error(log_msg) return HttpResponseServerError('Path not found.') try: attachment = revision.attachment_create_by_filename( request.user, filename, '') except ValidationError, e: return HttpResponseForbidden('Validation errors.\n%s' % parse_validation_messages(e))
def upload_attachment(request, revision_id): """ Upload new attachment to the PackageRevision """ revision = get_object_with_related_or_404(PackageRevision, pk=revision_id) log.debug(revision) if request.user.pk != revision.author.pk: log_msg = ("[security] Attempt to upload attachment to package (%s) " "by non-owner (%s)" % (revision_id, request.user)) log.warning(log_msg) return HttpResponseForbidden( 'You are not the author of this %s' % escape( revision.package.get_type_name())) f = request.FILES.get('upload_attachment') filename = request.META.get('HTTP_X_FILE_NAME') if not f: log_msg = 'Path not found: %s, revision: %s.' % ( filename, revision_id) log.error(log_msg) return HttpResponseServerError('Path not found.') content = f.read() # try to force UTF-8 code, on error continue with original data try: content = unicode(content, 'utf-8') except: pass try: attachment = revision.attachment_create_by_filename( request.user, filename, content) except ValidationError, e: return HttpResponseForbidden( 'Validation errors.\n%s' % parse_validation_messages(e))
def upload_attachments(request, id_number, type_id, revision_number=None, version_name=None): """ Upload new attachments to the PackageRevision """ revision = get_package_revision(None, id_number, type_id, revision_number, version_name) if request.user.pk != revision.author.pk: log_msg = ("[security] Attempt to upload attachment to package (%s) " "by non-owner (%s)" % (id_number, request.user)) log.warning(log_msg) return HttpResponseForbidden('You are not the author of this %s' % escape(revision.package.get_type_name())) content = request.raw_post_data filename = request.META.get('HTTP_X_FILE_NAME') if not filename: log_msg = 'Path not found: %s, package: %s.' % (filename, id_number) log.error(log_msg) return HttpResponseServerError('Path not found.') try: attachment = revision.attachment_create_by_filename( request.user, filename, content) except ValidationError, e: return HttpResponseForbidden('Validation errors.\n%s' % parse_validation_messages(e))
def upload_attachment(request, revision_id): """ Upload new attachment to the PackageRevision """ revision = get_object_with_related_or_404(PackageRevision, pk=revision_id) log.debug(revision) if request.user.pk != revision.author.pk: log_msg = ("[security] Attempt to upload attachment to package (%s) " "by non-owner (%s)" % (revision_id, request.user)) log.warning(log_msg) return HttpResponseForbidden('You are not the author of this %s' % escape(revision.package.get_type_name())) f = request.FILES.get('upload_attachment') filename = request.META.get('HTTP_X_FILE_NAME') if not f: log_msg = 'Path not found: %s, revision: %s.' % (filename, revision_id) log.error(log_msg) return HttpResponseServerError('Path not found.') content = f.read() # try to force UTF-8 code, on error continue with original data try: content = unicode(content, 'utf-8') except: pass try: attachment = revision.attachment_create_by_filename( request.user, filename, content) except ValidationError, e: return HttpResponseForbidden('Validation errors.\n%s' % parse_validation_messages(e))
if encoding in unicode_contenttypes: content = unicode(content, encoding) if len(content) >= settings.ATTACHMENT_MAX_FILESIZE + 1: log.warning('[%s] Downloaded file is too big' % url) return HttpResponseBadRequest("Loading attachment failed\n" "File is too big") log.info('[%s] Downloaded %db, encoding: %s' % (url, len(content), encoding)) att.close() try: attachment = revision.attachment_create_by_filename( request.user, filename, content) except ValidationError, err: log.warning("[%s] Validation error.\n%s" % (filename, str(err))) return HttpResponseForbidden( 'Validation error.\n%s' % parse_validation_messages(err)) except Exception, err: log.warning("[%s] Exception raised\n%s" % (filename, str(err))) return HttpResponseForbidden(str(err)) return render_json(request, "json/attachment_added.json", {'revision': revision, 'attachment': attachment}) @require_POST @login_required @transaction.commit_on_success def rename_attachment(request, revision_id): """ Rename an attachment in a PackageRevision
if encoding not in unicode_contenttypes and ext in EDITABLE_EXTENSIONS: log.info('[%s] Forcing the "utf-8" encoding from ' '"%s"' % (url, encoding)) encoding = "utf-8" # convert to unicode if needed if encoding in unicode_contenttypes: content = unicode(content, encoding) if len(content) >= settings.ATTACHMENT_MAX_FILESIZE + 1: log.warning("[%s] Downloaded file is too big" % url) return HttpResponseBadRequest("Loading attachment failed\n" "File is too big") log.info("[%s] Downloaded %db, encoding: %s" % (url, len(content), encoding)) att.close() try: attachment = revision.attachment_create_by_filename(request.user, filename, content) except ValidationError, err: log.warning("[%s] Validation error.\n%s" % (filename, str(err))) return HttpResponseForbidden("Validation error.\n%s" % parse_validation_messages(err)) except Exception, err: log.warning("[%s] Exception raised\n%s" % (filename, str(err))) return HttpResponseForbidden(str(err)) return render_json(request, "json/attachment_added.json", {"revision": revision, "attachment": attachment}) @require_POST @login_required @transaction.commit_on_success def rename_attachment(request, revision_id): """ Rename an attachment in a PackageRevision """ revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
if encoding in unicode_contenttypes: content = unicode(content, encoding) if len(content) >= settings.ATTACHMENT_MAX_FILESIZE + 1: log.warning('[%s] Downloaded file is too big' % url) return HttpResponseBadRequest("Loading attachment failed\n" "File is too big") log.info('[%s] Downloaded %db, encoding: %s' % (url, len(content), encoding)) att.close() try: attachment = revision.attachment_create_by_filename( request.user, filename, content) except ValidationError, err: log.warning("[%s] Validation error.\n%s" % (filename, str(err))) return HttpResponseForbidden('Validation error.\n%s' % parse_validation_messages(err)) except Exception, err: log.warning("[%s] Exception raised\n%s" % (filename, str(err))) return HttpResponseForbidden(str(err)) return render_json(request, "json/attachment_added.json", { 'revision': revision, 'attachment': attachment }) @require_POST @login_required @transaction.commit_on_success def rename_attachment(request, revision_id): """