def popup_thumbbig(self, req): access = AccessData(req) if (not access.hasAccess(self, "data") and not dozoom(self)) or not access.hasAccess(self, "read"): req.write(t(req, "permission_denied")) return thumbbig = None for file in self.getFiles(): if file.getType() == "thumb2": thumbbig = file break if not thumbbig: self.popup_fullsize(req) else: im = PILImage.open(thumbbig.retrieveFile()) req.writeTAL( "contenttypes/image.html", { "filename": '/file/' + str(self.id) + '/' + thumbbig.getName(), "width": im.size[0], "height": im.size[1] }, macro="thumbbig")
def send_nodefile_tal(req): if "file" in req.params: return upload_for_html(req) id = req.params.get("id") node = tree.getNode(id) access = AccessData(req) if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write') and access.hasAccess(node, 'data') and node.type in ["directory", "collections", "collection"]): return "" def fit(imagefile, cn): # fits the image into a box with dimensions cn, returning new width and # height try: sz = PIL.Image.open(imagefile).size (x, y) = (sz[0], sz[1]) if x > cn[0]: y = (y * cn[0]) / x x = (x * cn[0]) / x if y > cn[1]: x = (x * cn[1]) / y y = (y * cn[1]) / y return (x, y) except: return cn # only pass images to the file browser files = [f for f in node.getFiles() if f.mimetype.startswith("image")] # this flag may switch the display of a "delete" button in the customs # file browser in web/edit/modules/startpages.html showdelbutton = True return req.getTAL("web/edit/modules/startpages.html", {"id": id, "node": node, "files": files, "fit": fit, "logoname": node.get("system.logo"), "delbutton": True}, macro="fckeditor_customs_filemanager")
def popup_fullsize(self, req): access = AccessData(req) if not access.hasAccess(self, "data") or not access.hasAccess(self, "read"): req.write(t(req, "permission_denied")) return for f in self.getFiles(): if f.getType() == "doc" or f.getType() == "document": req.sendFile(f.retrieveFile(), f.getMimeType()) return
def popup_fullsize(self, req): access = AccessData(req) if not access.hasAccess(self, "data") or not access.hasAccess( self, "read"): req.write(t(req, "permission_denied")) return for f in self.getFiles(): if f.getType() == "doc" or f.getType() == "document": req.sendFile(f.retrieveFile(), f.getMimeType()) return
def popup_fullsize(self, req): access = AccessData(req) if not access.hasAccess(self, "data") or not access.hasAccess(self, "read"): req.write(t(req, "permission_denied")) return f = "" for filenode in self.getFiles(): if filenode.getType() in ("original", "video"): f = "/file/" + str(self.id) + "/" + filenode.getName() break req.writeTAL("contenttypes/flash.html", {"path": f}, macro="fullsize")
def export(req): p = req.path[1:].split("/") access = AccessData(req) if len(p) != 2: req.error(404, "Object not found") return if p[0].isdigit(): try: node = tree.getNode(p[0]) except: return req.error(404, "Object not found") else: return req.error(404, "Object not found") if not access.hasAccess(node, "read"): req.write(t(req, "permission_denied")) return mask = getMetaType(node.getSchema()).getMask(p[1]) if mask: try: req.reply_headers['Content-Type'] = "text/plain; charset=utf-8" req.write(mask.getViewHTML([node], flags=8)) # flags =8 -> export type except tree.NoSuchNodeError: return req.error(404, "Object not found") else: req.error(404, "Object not found") return
def export(req): p = req.path[1:].split("/") access = AccessData(req) if len(p) != 2: req.error(404, "Object not found") return if p[0].isdigit(): try: node = tree.getNode(p[0]) except: return req.error(404, "Object not found") else: return req.error(404, "Object not found") if not access.hasAccess(node, "read"): req.write(t(req, "permission_denied")) return mask = getMetaType(node.getSchema()).getMask(p[1]) if mask: try: req.reply_headers['Content-Type'] = "text/plain; charset=utf-8" req.write(mask.getViewHTML([node], flags=8)) # flags =8 -> export type except tree.NoSuchNodeError: return req.error(404, "Object not found") else: req.error(404, "Object not found") return
def popup_fullsize(self, req): def videowidth(): return int(self.get('vid-width') or 0) + 64 def videoheight(): int(self.get('vid-height') or 0) + 53 access = AccessData(req) if not access.hasAccess(self, "data") or not access.hasAccess( self, "read"): req.write(t(req, "permission_denied")) return f = None for filenode in self.getFiles(): if filenode.getType() in [ "original", "video" ] and filenode.retrieveFile().endswith('flv'): f = "/file/%s/%s" % (self.id, filenode.getName()) break script = "" if f: script = '<p href="%s" style="display:block;width:%spx;height:%spx;" id="player"/p>' % ( f, videowidth(), videoheight()) # use jw player captions_info = getCaptionInfoDict(self) if captions_info: logger.info( "video: '%s' (%s): captions: dictionary 'captions_info': %s" % (self.name, self.id, captions_info)) context = { "file": f, "script": script, "node": self, "width": videowidth(), "height": videoheight(), "captions_info": json.dumps(captions_info), } req.writeTAL("contenttypes/video.html", context, macro="fullsize_flv_jwplayer")
def update_node(req, path, params, data, id): # get the user and verify the signature if params.get('user'): user = users.getUser(params.get('user')) userAccess = AccessData(user=user) if userAccess.user: valid = userAccess.verify_request_signature(req.fullpath, params) if not valid: userAccess = None else: userAccess = None else: user = users.getUser('Gast') userAccess = AccessData(user=user) node = tree.getNode(id) # check user access if userAccess and userAccess.hasAccess(node, "write"): pass else: s = "No Access" req.write(s) d = { 'status': 'fail', 'html_response_code': '403', 'errormessage': 'no access' } return d['html_response_code'], len(s), d node.name = params.get('name') metadata = json.loads(params.get('metadata')) # set provided metadata for key, value in metadata.iteritems(): node.set(u(key), u(value)) # service flags node.set("updateuser", user.getName()) node.set("updatetime", format_date()) node.setDirty() d = { 'status': 'OK', 'html_response_code': '200', 'build_response_end': time.time() } s = "OK" # we need to write in case of POST request, send as buffer wil not work req.write(s) req.reply_headers['updatetime'] = node.get('updatetime') return d['html_response_code'], len(s), d
def popup_thumbbig(self, req): access = AccessData(req) if (not access.hasAccess(self, "data") and not dozoom(self)) or not access.hasAccess(self, "read"): req.write(t(req, "permission_denied")) return thumbbig = None for file in self.getFiles(): if file.getType() == "thumb2": thumbbig = file break if not thumbbig: self.popup_fullsize(req) else: im = PILImage.open(thumbbig.retrieveFile()) req.writeTAL("contenttypes/image.html", {"filename": '/file/' + str(self.id) + '/' + thumbbig.getName(), "width": im.size[0], "height": im.size[1]}, macro="thumbbig")
def send_file(req, download=0): access = AccessData(req) id, filename = splitpath(req.path) if id.endswith("_transfer.zip"): id = id[:-13] try: n = tree.getNode(id) except tree.NoSuchNodeError: return 404 if not access.hasAccess(n, "data") and n.type not in ["directory", "collections", "collection"]: return 403 file = None if filename is None and n: # build zip-file and return it zipfilepath, files_written = build_transferzip(n) if files_written == 0: return 404 send_result = req.sendFile(zipfilepath, "application/zip") if os.sep == '/': # Unix? os.unlink(zipfilepath) # unlinking files while still reading them only works on Unix/Linux return send_result # try full filename for f in n.getFiles(): if f.getName() == filename: incUsage(n) file = f break # try only extension if not file and n.get("archive_type") == "": file_ext = os.path.splitext(filename)[1] for f in n.getFiles(): if os.path.splitext(f.getName())[1] == file_ext and f.getType() in ['doc', 'document', 'original', 'mp3']: incUsage(n) file = f break if existMetaField(n.getSchema(), 'nodename'): display_file_name = '{}.{}'.format(os.path.splitext(os.path.basename(n.name))[0], os.path.splitext(filename)[-1].strip('.')) else: display_file_name = filename # try file from archivemanager if not file and n.get("archive_type") != "": am = archivemanager.getManager(n.get("archive_type")) req.reply_headers["Content-Disposition"] = 'attachment; filename="{}"'.format(display_file_name) return req.sendFile(am.getArchivedFileStream(n.get("archive_path")), "application/x-download") if not file: return 404 req.reply_headers["Content-Disposition"] = 'attachment; filename="{}"'.format(display_file_name) return req.sendFile(file.retrieveFile(), f.getMimeType())
def send_nodefile_tal(req): if "file" in req.params: return upload_for_html(req) id = req.params.get("id") node = tree.getNode(id) access = AccessData(req) if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write') and access.hasAccess(node, 'data') and node.type in ["directory", "collections", "collection"]): return "" def fit(imagefile, cn): # fits the image into a box with dimensions cn, returning new width and # height try: sz = PIL.Image.open(imagefile).size (x, y) = (sz[0], sz[1]) if x > cn[0]: y = (y * cn[0]) / x x = (x * cn[0]) / x if y > cn[1]: x = (x * cn[1]) / y y = (y * cn[1]) / y return (x, y) except: return cn # only pass images to the file browser files = [f for f in node.getFiles() if f.mimetype.startswith("image")] # this flag may switch the display of a "delete" button in the customs # file browser in web/edit/modules/startpages.html showdelbutton = True return req.getTAL("web/edit/modules/startpages.html", { "id": id, "node": node, "files": files, "fit": fit, "logoname": node.get("system.logo"), "delbutton": True }, macro="fckeditor_customs_filemanager")
def getPrintChildren(req, node, ret): access = AccessData(req) for c in node.getChildren(): if access.hasAccess(c, "read"): ret.append(c) getPrintChildren(req, c, ret) return ret
def getPrintChildren(req, node, ret): access = AccessData(req) for c in node.getChildren(): if access.hasAccess(c, "read"): ret.append(c) getPrintChildren(req, c, ret) return ret
def update_node(req, path, params, data, id): # get the user and verify the signature if params.get('user'): user = users.getUser(params.get('user')) userAccess = AccessData(user=user) if userAccess.user: valid = userAccess.verify_request_signature(req.fullpath, params) if not valid: userAccess = None else: userAccess = None else: user = users.getUser('Gast') userAccess = AccessData(user=user) node = tree.getNode(id) # check user access if userAccess and userAccess.hasAccess(node, "write"): pass else: s = "No Access" req.write(s) d = { 'status': 'fail', 'html_response_code': '403', 'errormessage': 'no access'} return d['html_response_code'], len(s), d node.name = params.get('name') metadata = json.loads(params.get('metadata')) # set provided metadata for key, value in metadata.iteritems(): node.set(u(key), u(value)) # service flags node.set("updateuser", user.getName()) node.set("updatetime", format_date()) node.setDirty() d = { 'status': 'OK', 'html_response_code': '200', 'build_response_end': time.time()} s = "OK" # we need to write in case of POST request, send as buffer wil not work req.write(s) req.reply_headers['updatetime'] = node.get('updatetime') return d['html_response_code'], len(s), d
def show_attachmentbrowser(req): id = req.params.get("id") node = getNode(id) access = AccessData(req) if not access.hasAccess(node, "data"): req.write(t(req, "permission_denied")) return # if node.getContentType().startswith("document") or node.getContentType().startswith("dissertation"): # node.getAttachmentBrowser(req) from core.attachment import getAttachmentBrowser getAttachmentBrowser(node, req)
def show_attachmentbrowser(req): id = req.params.get("id") node = getNode(id) access = AccessData(req) if not access.hasAccess(node, "data"): req.write(t(req, "permission_denied")) return # if node.getContentType().startswith("document") or node.getContentType().startswith("dissertation"): # node.getAttachmentBrowser(req) from core.attachment import getAttachmentBrowser getAttachmentBrowser(node, req)
def getAccessRights(node): """ Get acccess rights for the public. The values returned descend from http://wiki.surffoundation.nl/display/standards/info-eu-repo/#info-eu-repo-AccessRights. This values are used by OpenAIRE portal. """ try: # if node.get('updatetime') is empty, the method parse_date would raise an exception l_date = parse_date(node.get('updatetime')) except: l_date = date.now() guestAccess = AccessData(user=users.getUser('Gast')) if date.now() < l_date: return "embargoedAccess" elif guestAccess.hasAccess(node, 'read'): if guestAccess.hasAccess(node, 'data'): return "openAccess" else: return "restrictedAccess" else: return "closedAccess"
def getAccessRights(node): """ Get acccess rights for the public. The values returned descend from http://wiki.surffoundation.nl/display/standards/info-eu-repo/#info-eu-repo-AccessRights. This values are used by OpenAIRE portal. """ try: # if node.get('updatetime') is empty, the method parse_date would raise an exception l_date = parse_date(node.get('updatetime')) except: l_date = date.now() guestAccess = AccessData(user=users.getUser('Gast')) if date.now() < l_date: return "embargoedAccess" elif guestAccess.hasAccess(node, 'read'): if guestAccess.hasAccess(node, 'data'): return "openAccess" else: return "restrictedAccess" else: return "closedAccess"
def send_rawimage(req): access = AccessData(req) try: n = tree.getNode(splitpath(req.path)[0]) except tree.NoSuchNodeError: return 404 if not access.hasAccess(n, "data") and n.type != "directory": return 403 for f in n.getFiles(): if f.getType() == "original": return req.sendFile(f.retrieveFile(), f.getMimeType()) return 404
def popup_fullsize(self, req): access = AccessData(req) d = {} svg = 0 if (not access.hasAccess(self, "data") and not dozoom(self)) or not access.hasAccess(self, "read"): req.write(t(req, "permission_denied")) return zoom_exists = 0 for file in self.getFiles(): if file.getType() == "zoom": zoom_exists = 1 if file.getName().lower().endswith('svg') and file.type == "original": svg = 1 d["svg"] = svg d["width"] = self.get("origwidth") d["height"] = self.get("origheight") d["key"] = req.params.get("id", "") # we assume that width==origwidth, height==origheight d['flash'] = dozoom(self) and zoom_exists d['tileurl'] = "/tile/" + self.id + "/" req.writeTAL("contenttypes/image.html", d, macro="imageviewer")
def send_doc(req): access = AccessData(req) try: n = tree.getNode(splitpath(req.path)[0]) except tree.NoSuchNodeError: return 404 if not access.hasAccess(n, "data") and n.type != "directory": return 403 for f in n.getFiles(): if f.getType() in ["doc", "document"]: incUsage(n) return req.sendFile(f.retrieveFile(), f.getMimeType()) return 404
def send_rawimage(req): access = AccessData(req) try: n = tree.getNode(splitpath(req.path)[0]) except tree.NoSuchNodeError: return 404 if not access.hasAccess(n, "data") and n.type != "directory": return 403 for f in n.getFiles(): if f.getType() == "original": incUsage(n) return req.sendFile(f.retrieveFile(), f.getMimeType()) return 404
def popup_fullsize(self, req): def videowidth(): return int(self.get('vid-width') or 0) + 64 def videoheight(): int(self.get('vid-height') or 0) + 53 access = AccessData(req) if not access.hasAccess(self, "data") or not access.hasAccess(self, "read"): req.write(t(req, "permission_denied")) return f = None for filenode in self.getFiles(): if filenode.getType() in ["original", "video"] and filenode.retrieveFile().endswith('flv'): f = "/file/%s/%s" % (self.id, filenode.getName()) break script = "" if f: script = '<p href="%s" style="display:block;width:%spx;height:%spx;" id="player"/p>' % (f, videowidth(), videoheight()) # use jw player captions_info = getCaptionInfoDict(self) if captions_info: logger.info("video: '%s' (%s): captions: dictionary 'captions_info': %s" % (self.name, self.id, captions_info)) context = { "file": f, "script": script, "node": self, "width": videowidth(), "height": videoheight(), "captions_info": json.dumps(captions_info), } req.writeTAL("contenttypes/video.html", context, macro="fullsize_flv_jwplayer")
def send_attachment(req): access = AccessData(req) id, filename = splitpath(req.path) try: node = tree.getNode(id) except tree.NoSuchNodeError: return 404 if not access.hasAccess(node, "data") and n.type != "directory": return 403 # filename is attachment.zip for file in node.getFiles(): if file.getType() == "attachment": sendZipFile(req, file.retrieveFile()) break
def send_attachment(req): access = AccessData(req) id, filename = splitpath(req.path) try: node = tree.getNode(id) except tree.NoSuchNodeError: return 404 if not access.hasAccess(node, "data") and n.type != "directory": return 403 # filename is attachment.zip for file in node.getFiles(): if file.getType() == "attachment": sendZipFile(req, file.retrieveFile()) break
def popup_fullsize(self, req): access = AccessData(req) d = {} svg = 0 if (not access.hasAccess(self, "data") and not dozoom(self)) or not access.hasAccess(self, "read"): req.write(t(req, "permission_denied")) return zoom_exists = 0 for file in self.getFiles(): if file.getType() == "zoom": zoom_exists = 1 if file.getName().lower().endswith( 'svg') and file.type == "original": svg = 1 d["svg"] = svg d["width"] = self.get("origwidth") d["height"] = self.get("origheight") d["key"] = req.params.get("id", "") # we assume that width==origwidth, height==origheight d['flash'] = dozoom(self) and zoom_exists d['tileurl'] = "/tile/" + self.id + "/" req.writeTAL("contenttypes/image.html", d, macro="imageviewer")
def send_rawfile(req, n=None): access = AccessData(req) if not n: id, filename = splitpath(req.path) n = None try: n = tree.getNode(id) except tree.NoSuchNodeError: return 404 if not access.hasAccess(n, "data") and n.getContentType() not in ["directory", "collections", "collection"]: return 403 for f in n.getFiles(): if f.getType() == "original": return req.sendFile(f.retrieveFile(n), f.getMimeType(n)) return 404
def send_attfile(req): access = AccessData(req) f = req.path[9:].split('/') try: node = getNode(f[0]) except tree.NoSuchNodeError: return 404 if not access.hasAccess(node, "data") and node.type != "directory": return 403 if len([file for file in node.getFiles() if file._path in ["/".join(f[1:]), "/".join(f[1:-1])]]) == 0: # check filepath return 403 filename = clean_path("/".join(f[1:])) path = join_paths(config.get("paths.datadir"), filename) mime, type = getMimeType(filename) if(get_filesize(filename) > 16 * 1048576): req.reply_headers["Content-Disposition"] = 'attachment; filename="{}"'.format(filename) return req.sendFile(path, mime)
def send_rawfile(req, n=None): access = AccessData(req) if not n: id, filename = splitpath(req.path) n = None try: n = tree.getNode(id) except tree.NoSuchNodeError: return 404 if not access.hasAccess(n, "data") and n.getContentType() not in [ "directory", "collections", "collection" ]: return 403 for f in n.getFiles(): if f.getType() == "original": incUsage(n) return req.sendFile(f.retrieveFile(n), f.getMimeType(n)) return 404
def send_attfile(req): access = AccessData(req) f = req.path[9:].split('/') try: node = getNode(f[0]) except tree.NoSuchNodeError: return 404 if not access.hasAccess(node, "data") and node.type != "directory": return 403 if len([ file for file in node.getFiles() if file._path in ["/".join(f[1:]), "/".join(f[1:-1])] ]) == 0: # check filepath return 403 filename = clean_path("/".join(f[1:])) path = join_paths(config.get("paths.datadir"), filename) mime, type = getMimeType(filename) if (get_filesize(filename) > 16 * 1048576): req.reply_headers[ "Content-Disposition"] = 'attachment; filename="{}"'.format( filename) return req.sendFile(path, mime)
def upload_for_html(req): user = users.getUserFromRequest(req) datatype = req.params.get("datatype", "image") id = req.params.get("id") node = tree.getNode(id) access = AccessData(req) if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write') and access.hasAccess(node, 'data')): return 403 for key in req.params.keys(): if key.startswith("delete_"): filename = key[7:-2] for file in n.getFiles(): if file.getName() == filename: n.removeFile(file) if "file" in req.params.keys(): # file # file upload via (possibly disabled) upload form in custom image # browser file = req.params["file"] del req.params["file"] if hasattr(file, "filesize") and file.filesize > 0: try: logger.info(user.name + " upload " + file.filename + " (" + file.tempname + ")") nodefile = importFile(file.filename, file.tempname) node.addFile(nodefile) req.request["Location"] = req.makeLink( "nodefile_browser/%s/" % id, {}) except EncryptionException: req.request["Location"] = req.makeLink( "content", { "id": id, "tab": "tab_editor", "error": "EncryptionError_" + datatype[:datatype.find("/")] }) except: logException("error during upload") req.request["Location"] = req.makeLink( "content", { "id": id, "tab": "tab_editor", "error": "PostprocessingError_" + datatype[:datatype.find("/")] }) return send_nodefile_tal(req) if "upload" in req.params.keys(): # NewFile # file upload via CKeditor Image Properties / Upload tab file = req.params["upload"] del req.params["upload"] if hasattr(file, "filesize") and file.filesize > 0: try: logger.info(user.name + " upload via ckeditor " + file.filename + " (" + file.tempname + ")") nodefile = importFile(file.filename, file.tempname) node.addFile(nodefile) except EncryptionException: req.request["Location"] = req.makeLink( "content", { "id": id, "tab": "tab_editor", "error": "EncryptionError_" + datatype[:datatype.find("/")] }) except: logException("error during upload") req.request["Location"] = req.makeLink( "content", { "id": id, "tab": "tab_editor", "error": "PostprocessingError_" + datatype[:datatype.find("/")] }) url = '/file/' + id + '/' + file.tempname.split('/')[-1] res = """<script type="text/javascript"> // Helper function to get parameters from the query string. function getUrlParam(paramName) { var reParam = new RegExp('(?:[\?&]|&)' + paramName + '=([^&]+)', 'i') ; var match = window.location.search.match(reParam) ; return (match && match.length > 1) ? match[1] : '' ; } funcNum = getUrlParam('CKEditorFuncNum'); window.parent.CKEDITOR.tools.callFunction(funcNum, "%(fileUrl)s","%(customMsg)s"); </script>;""" % { 'fileUrl': url.replace('"', '\\"'), 'customMsg': (t(lang(req), "edit_fckeditor_cfm_uploadsuccess")), } return res return send_nodefile_tal(req)
def show_printview(req): """ create a pdf preview of given node (id in path e.g. /print/[id]/[area])""" p = req.path[1:].split("/") try: nodeid = int(p[1]) except ValueError: raise ValueError("Invalid Printview URL: " + req.path) if len(p) == 3: if p[2] == "edit": req.reply_headers['Content-Type'] = "application/pdf" editprint = printmethod(req) if editprint: req.write(editprint) else: req.write("") return # use objects from session if str(nodeid) == "0": children = [] if "contentarea" in req.session: try: nodes = req.session["contentarea"].content.files except: c = req.session["contentarea"].content nodes = c.resultlist[c.active].files for n in nodes: c_mtype = getMetaType(n.getSchema()) c_mask = c_mtype.getMask("printlist") if not c_mask: c_mask = c_mtype.getMask("nodesmall") _c = c_mask.getViewHTML([n], VIEW_DATA_ONLY + VIEW_HIDE_EMPTY) if len(_c) > 0: children.append(_c) req.reply_headers['Content-Type'] = "application/pdf" req.write( printview.getPrintView(lang(req), None, [["", "", t(lang(req), "")]], [], 3, children)) else: node = getNode(nodeid) if node.get("system.print") == "0": return 404 access = AccessData(req) if not access.hasAccess(node, "read"): req.write(t(req, "permission_denied")) return style = int(req.params.get("style", 2)) # nodetype mtype = getMetaType(node.getSchema()) mask = None metadata = None if mtype: for m in mtype.getMasks(): if m.getMasktype() == "fullview": mask = m if m.getMasktype() == "printview": mask = m break if not mask: mask = mtype.getMask("nodebig") if mask: metadata = mask.getViewHTML([node], VIEW_DATA_ONLY + VIEW_HIDE_EMPTY) if not metadata: metadata = [['nodename', node.getName(), 'Name', 'text']] files = node.getFiles() imagepath = None for file in files: if file.getType().startswith("presentati"): imagepath = file.retrieveFile() # children children = [] if node.isContainer(): ret = [] getPrintChildren(req, node, ret) for c in ret: if not c.isContainer(): # items c_mtype = getMetaType(c.getSchema()) c_mask = c_mtype.getMask("printlist") if not c_mask: c_mask = c_mtype.getMask("nodesmall") _c = c_mask.getViewHTML([c], VIEW_DATA_ONLY) if len(_c) > 0: children.append(_c) else: # header items = getPaths(c, AccessData(req)) p = [] for item in items[0]: p.append(u(item.getName())) p.append(u(c.getName())) children.append([(c.id, " > ".join(p[1:]), u(c.getName()), "header")]) if len(children) > 1: col = [] order = [] try: sort = getCollection(node).get("sortfield") except: sort = "" for i in range(0, 2): col.append((0, "")) order.append(1) if req.params.get("sortfield" + str(i)) != "": sort = req.params.get("sortfield" + str(i), sort) if sort != "": if sort.startswith("-"): sort = sort[1:] order[i] = -1 _i = 0 for c in children[0]: if c[0] == sort: col[i] = (_i, sort) _i += 1 if col[i][1] == "": col[i] = (0, children[0][0][0]) # sort method for items def myCmp(x, y, col, order): cx = "" cy = "" for item in x: if item[0] == col[0][1]: cx = item[1] break for item in y: if item[0] == col[0][1]: cy = item[1] break if cx.lower() > cy.lower(): return 1 * order[0] return -1 * order[0] sorted_children = [] tmp = [] for item in children: if item[0][3] == "header": if len(tmp) > 0: tmp.sort(lambda x, y: myCmp(x, y, col, order)) sorted_children.extend(tmp) tmp = [] sorted_children.append(item) else: tmp.append(item) tmp.sort(lambda x, y: myCmp(x, y, col, order)) sorted_children.extend(tmp) children = sorted_children req.reply_headers['Content-Type'] = "application/pdf" req.write( printview.getPrintView(lang(req), imagepath, metadata, getPaths(node, AccessData(req)), style, children, getCollection(node)))
def upload_new_node(req, path, params, data): try: uploadfile = params['data'] del params['data'] except KeyError: uploadfile = None # get the user and verify the signature if params.get('user'): # user=users.getUser(params.get('user')) #userAccess = AccessData(user=user) _user = users.getUser(params.get('user')) if not _user: # user of dynamic class dummyuser: # dummy user class # return all groups with given dynamic user def getGroups(self): return [g.name for g in tree.getRoot('usergroups').getChildren() if g.get( 'allow_dynamic') == '1' and params.get('user') in g.get('dynamic_users')] def getName(self): return params.get('user') def getDirID(self): # unique identifier return params.get('user') def isAdmin(self): return 0 _user = dummyuser() userAccess = AccessData(user=_user) if userAccess.user: user = userAccess.user if not userAccess.verify_request_signature( req.fullpath + '?', params): userAccess = None else: userAccess = None else: user = users.getUser(config.get('user.guestuser')) userAccess = AccessData(user=user) parent = tree.getNode(params.get('parent')) # check user access if userAccess and userAccess.hasAccess(parent, "write"): pass else: s = "No Access" req.write(s) d = { 'status': 'fail', 'html_response_code': '403', 'errormessage': 'no access'} logger.error("user has no edit permission for node %s" % parent) return d['html_response_code'], len(s), d datatype = params.get('type') uploaddir = users.getUploadDir(user) n = tree.Node(name=params.get('name'), type=datatype) if isinstance(uploadfile, types.InstanceType): # file object used nfile = importFile(uploadfile.filename, uploadfile.tempname) else: # string used nfile = importFileFromData( 'uploadTest.jpg', base64.b64decode(uploadfile)) if nfile: n.addFile(nfile) else: logger.error("error in file uploadservice") try: # test metadata metadata = json.loads(params.get('metadata')) except ValueError: metadata = dict() # set provided metadata for key, value in metadata.iteritems(): n.set(u(key), u(value)) # service flags n.set("creator", user.getName()) n.set("creationtime", format_date()) parent.addChild(n) # process the file, we've added to the new node if hasattr(n, "event_files_changed"): try: n.event_files_changed() except OperationException as e: for file in n.getFiles(): if os.path.exists(file.retrieveFile()): os.remove(file.retrieveFile()) raise OperationException(e.value) # make sure the new node is visible immediately from the web service and # the search index gets updated n.setDirty() tree.remove_from_nodecaches(parent) d = { 'status': 'Created', 'html_response_code': '201', 'build_response_end': time.time()} s = "Created" # provide the uploader with the new node ID req.reply_headers['NodeID'] = n.id # we need to write in case of POST request, send as buffer will not work req.write(s) return d['html_response_code'], len(s), d
def validate(req, op): path = req.path[1:].split("/") if len(path) == 3 and path[2] == "overview": return showFieldOverview(req) if len(path) == 4 and path[3] == "editor": res = showEditor(req) # mask may have been edited: flush masks cache flush_maskcache(req=req) return res if len(path) == 5 and path[3] == "editor" and path[4] == "show_testnodes": template = req.params.get('template', '') testnodes_list = req.params.get('testnodes', '') width = req.params.get('width', '400') item_id = req.params.get('item_id', None) mdt_name = path[1] mask_name = path[2] mdt = tree.getRoot('metadatatypes').getChild(mdt_name) mask = mdt.getChild(mask_name) access = AccessData(req) sectionlist = [] for nid in [x.strip() for x in testnodes_list.split(',') if x.strip()]: section_descr = {} section_descr['nid'] = nid section_descr['error_flag'] = '' # in case of no error try: node = tree.getNode(nid) section_descr['node'] = node if access.hasAccess(node, "data"): try: node_html = mask.getViewHTML([node], VIEW_DEFAULT, template_from_caller=[template, mdt, mask, item_id], mask=mask) section_descr['node_html'] = node_html except: error_text = str(sys.exc_info()[1]) template_line = 'for node id ' + str(nid) + ': ' + error_text try: m = re.match(r".*line (?P<line>\d*), column (?P<column>\d*)", error_text) if m: mdict = m.groupdict() line = int(mdict.get('line', 0)) column = int(mdict.get('column', 0)) error_text = error_text.replace('line %d' % line, 'template line %d' % (line - 1)) template_line = 'for node id ' + str(nid) + '<br/>' + error_text + '<br/><code>' + esc(template.split( "\n")[line - 2][0:column - 1]) + '<span style="color:red">' + esc(template.split("\n")[line - 2][column - 1:]) + '</span></code>' except: pass section_descr['error_flag'] = 'Error while evaluating template:' section_descr['node_html'] = template_line else: section_descr['error_flag'] = 'no access' section_descr['node_html'] = '' except tree.NoSuchNodeError: section_descr['node'] = None section_descr['error_flag'] = 'NoSuchNodeError' section_descr['node_html'] = 'for node id ' + str(nid) sectionlist.append(section_descr) # remark: error messages will be served untranslated in English # because messages from the python interpreter (in English) will be added return req.getTAL("web/admin/modules/metatype.html", {'sectionlist': sectionlist}, macro="view_testnodes") if len(path) == 2 and path[1] == "info": return showInfo(req) if "file" in req.params and hasattr(req.params["file"], "filesize") and req.params["file"].filesize > 0: # import scheme from xml-file importfile = req.params.get("file") if importfile.tempname != "": xmlimport(req, importfile.tempname) if req.params.get("acttype", "schema") == "schema": # section for schema for key in req.params.keys(): # create new metadatatype if key.startswith("new"): return MetatypeDetail(req, "") # edit metadatatype elif key.startswith("edit_"): return MetatypeDetail(req, str(key[5:-2])) # delete metadata elif key.startswith("delete_"): deleteMetaType(key[7:-2]) break # show details for given metadatatype elif key.startswith("detaillist_"): return showDetailList(req, str(key[11:-2])) # show masklist for given metadatatype elif key.startswith("masks_"): return showMaskList(req, str(key[6:-2])) # reindex search index for current schema elif key.startswith("indexupdate_") and "cancel" not in req.params.keys(): schema = tree.getNode(key[12:]) searcher.reindex(schema.getAllItems()) break # save schema if "form_op" in req.params.keys(): if req.params.get("form_op", "") == "cancel": return view(req) if req.params.get("mname", "") == "" or req.params.get("mlongname", "") == "" or req.params.get("mdatatypes", "") == "": return MetatypeDetail(req, req.params.get("mname_orig", ""), 1) # no name was given elif not checkString(req.params.get("mname", "")): return MetatypeDetail(req, req.params.get("mname_orig", ""), 4) # if the name contains wrong characters elif req.params.get("mname_orig", "") != req.params.get("mname", "") and existMetaType(req.params.get("mname")): return MetatypeDetail(req, req.params.get("mname_orig", ""), 2) # metadata still existing _active = 0 if req.params.get("mactive", "") != "": _active = 1 updateMetaType(req.params.get("mname", ""), description=req.params.get("description", ""), longname=req.params.get("mlongname", ""), active=_active, datatypes=req.params.get("mdatatypes", "").replace(";", ", "), bibtexmapping=req.params.get("mbibtex", ""), citeprocmapping=req.params.get("mciteproc", ""), orig_name=req.params.get("mname_orig", "")) mtype = getMetaType(req.params.get("mname")) if mtype: mtype.setAccess("read", "") for key in req.params.keys(): if key.startswith("left"): mtype.setAccess(key[4:], req.params.get(key).replace(";", ",")) break elif req.params.get("acttype") == "field": # section for fields for key in req.params.keys(): # create new meta field if key.startswith("newdetail_"): return FieldDetail(req, req.params.get("parent"), "") # edit meta field elif key.startswith("editdetail_"): return FieldDetail(req, req.params.get("parent"), key[11:-2]) # delete metafield: key[13:-2] = pid | n elif key.startswith("deletedetail_"): deleteMetaField(req.params.get("parent"), key[13:-2]) return showDetailList(req, req.params.get("parent")) # change field order up if key.startswith("updetail_"): moveMetaField(req.params.get("parent"), key[9:-2], -1) return showDetailList(req, req.params.get("parent")) # change field order down elif key.startswith("downdetail_"): moveMetaField(req.params.get("parent"), key[11:-2], 1) return showDetailList(req, req.params.get("parent")) if "form_op" in req.params.keys(): if req.params.get("form_op", "") == "cancel": return showDetailList(req, req.params.get("parent")) if existMetaField(req.params.get("parent"), req.params.get("mname")) and req.params.get("form_op", "") == "save_newdetail": return FieldDetail(req, req.params.get("parent"), req.params.get("orig_name", ""), 3) # field still existing elif req.params.get("mname", "") == "" or req.params.get("mlabel", "") == "": return FieldDetail(req, req.params.get("parent"), req.params.get("orig_name", ""), 1) elif not checkString(req.params.get("mname", "")): # if the name contains wrong characters return FieldDetail(req, req.params.get("parent"), req.params.get("orig_name", ""), 4) _option = "" for o in req.params.keys(): if o.startswith("option_"): _option += o[7] _fieldvalue = "" if req.params.get("mtype", "") + "_value" in req.params.keys(): _fieldvalue = str(req.params.get(req.params.get("mtype") + "_value")) _filenode = None if "valuesfile" in req.params.keys(): valuesfile = req.params.pop("valuesfile") _filenode = importFileToRealname(valuesfile.filename, valuesfile.tempname) _attr_dict = {} if req.params.get("mtype", "") + "_handle_attrs" in req.params.keys(): attr_names = [s.strip() for s in req.params.get(req.params.get("mtype", "") + "_handle_attrs").split(",")] key_prefix = req.params.get("mtype", "") + "_attr_" for attr_name in attr_names: attr_value = req.params.get(key_prefix + attr_name, "") _attr_dict[attr_name] = attr_value updateMetaField(req.params.get("parent", ""), req.params.get("mname", ""), req.params.get("mlabel", ""), req.params.get("orderpos", ""), req.params.get("mtype", ""), _option, req.params.get("mdescription", ""), _fieldvalue, fieldid=req.params.get("fieldid", ""), filenode=_filenode, attr_dict=_attr_dict) return showDetailList(req, req.params.get("parent")) elif req.params.get("acttype") == "mask": # mask may have been edited: flush masks cache flush_maskcache(req=req) # section for masks for key in req.params.keys(): # new mask if key.startswith("newmask_"): return MaskDetails(req, req.params.get("parent"), "") # edit metatype masks elif key.startswith("editmask_"): return MaskDetails(req, req.params.get("parent"), key[9:-2], err=0) # delete mask elif key.startswith("deletemask_"): mtype = getMetaType(req.params.get("parent")) mtype.removeChild(tree.getNode(key[11:-2])) return showMaskList(req, req.params.get("parent")) # create autmatic mask with all fields elif key.startswith("automask_"): generateMask(getMetaType(req.params.get("parent"))) return showMaskList(req, req.params.get("parent")) # cope selected mask if key.startswith("copymask_"): mtype = getMetaType(req.params.get("parent")) mask = mtype.getMask(key[9:-2]) cloneMask(mask, "copy_" + mask.getName()) return showMaskList(req, req.params.get("parent")) if "form_op" in req.params.keys(): if req.params.get("form_op", "") == "cancel": return showMaskList(req, req.params.get("parent")) if req.params.get("mname", "") == "": return MaskDetails(req, req.params.get("parent", ""), req.params.get("morig_name", ""), err=1) elif not checkString(req.params.get("mname", "")): # if the name contains wrong characters return MaskDetails(req, req.params.get("parent", ""), req.params.get("morig_name", ""), err=4) mtype = getMetaType(req.params.get("parent", "")) if req.params.get("form_op") == "save_editmask": mask = mtype.getMask(req.params.get("maskid", "")) elif req.params.get("form_op") == "save_newmask": mask = tree.Node(req.params.get("mname", ""), type="mask") mtype.addChild(mask) mask.setName(req.params.get("mname")) mask.setDescription(req.params.get("mdescription")) mask.setMasktype(req.params.get("mtype")) mask.setSeparator(req.params.get("mseparator")) if req.params.get("mtype") == "export": mask.setExportMapping(req.params.get("exportmapping") or "") mask.setExportHeader(req.params.get("exportheader")) mask.setExportFooter(req.params.get("exportfooter")) _opt = "" if "types" in req.params.keys(): _opt += "t" if "notlast" in req.params.keys(): _opt += "l" mask.setExportOptions(_opt) mask.setLanguage(req.params.get("mlanguage", "")) mask.setDefaultMask("mdefault" in req.params.keys()) mask.setAccess("read", "") for key in req.params.keys(): if key.startswith("left"): mask.setAccess(key[4:], req.params.get(key).replace(";", ",")) break return showMaskList(req, str(req.params.get("parent", ""))) return view(req)
def export_shoppingbag_zip(req): from web.frontend.streams import sendZipFile from utils.utils import join_paths import core.config as config import random import os access = AccessData(req) items = [] for key in req.params.keys(): if key.startswith("select_"): _nid = key[7:] _n = tree.getNode(_nid) if access.hasAccess(_n, 'read'): items.append(_nid) dest = join_paths(config.get("paths.tempdir"), str(random.random())) + "/" # images if req.params.get("type") == "image": if req.params.get("metadata") in ["no", "yes"]: format_type = req.params.get("format_type") processtype = "" processvalue = "" if format_type == "perc": processtype = "percentage" _perc = req.params.get("img_perc", ";").split(";") if _perc[0] != "": processvalue = _perc[0] else: processvalue = int(_perc[1]) elif format_type == "pix": processtype = "pixels" _pix = req.params.get("img_pix", ";;").split(";") if _pix[0] != "": processvalue = _pix[0] else: processvalue = int(_pix[1]) elif format_type == "std": processtype = "standard" processvalue = req.params.get("img_pix", ";;").split(";")[2] for item in items: node = tree.getNode(item) if not access.hasAccess(node, 'data'): continue if node.processImage(processtype, processvalue, dest) == 0: print "image not found" # documenttypes if req.params.get("type") == "document": if req.params.get("metadata") in ["no", "yes"]: if not os.path.isdir(dest): os.mkdir(dest) for item in items: node = tree.getNode(item) if not access.hasAccess(node, 'data'): continue if node.processDocument(dest) == 0: print "document not found" # documenttypes if req.params.get("type") == "media": if req.params.get("metadata") in ["no", "yes"]: if not os.path.isdir(dest): os.mkdir(dest) for item in items: node = tree.getNode(item) if not access.hasAccess(node, 'data'): continue if node.processMediaFile(dest) == 0: print "file not found" # metadata def flatten(arr): return sum( map(lambda a: flatten(a) if (a and isinstance(a[0], list) and a != "") else [a], [a for a in arr if a not in['', []]]), []) if req.params.get("metadata") in ["yes", "meta"]: for item in items: node = tree.getNode(item) if not access.hasAccess(node, 'read'): continue if not os.path.isdir(dest): os.mkdir(dest) content = {"header": [], "content": []} for c in flatten(node.getFullView(lang(req)).getViewHTML([node], VIEW_DATA_ONLY)): content["header"].append(c[0]) content["content"].append(c[1]) f = open(dest + item + ".txt", "w") f.write("\t".join(content["header"]) + "\n") f.write("\t".join(content["content"]) + "\n") f.close() if len(items) > 0: sendZipFile(req, dest) for root, dirs, files in os.walk(dest, topdown=False): for name in files: os.remove(os.path.join(root, name)) for name in dirs: os.rmdir(os.path.join(root, name)) if os.path.isdir(dest): os.rmdir(dest)
def upload_for_html(req): user = users.getUserFromRequest(req) datatype = req.params.get("datatype", "image") id = req.params.get("id") node = tree.getNode(id) access = AccessData(req) if not (access.hasAccess(node, 'read') and access.hasAccess(node, 'write') and access.hasAccess(node, 'data')): return 403 for key in req.params.keys(): if key.startswith("delete_"): filename = key[7:-2] for file in n.getFiles(): if file.getName() == filename: n.removeFile(file) if "file" in req.params.keys(): # file # file upload via (possibly disabled) upload form in custom image # browser file = req.params["file"] del req.params["file"] if hasattr(file, "filesize") and file.filesize > 0: try: logger.info( user.name + " upload " + file.filename + " (" + file.tempname + ")") nodefile = importFile(file.filename, file.tempname) node.addFile(nodefile) req.request["Location"] = req.makeLink( "nodefile_browser/%s/" % id, {}) except EncryptionException: req.request["Location"] = req.makeLink("content", { "id": id, "tab": "tab_editor", "error": "EncryptionError_" + datatype[:datatype.find("/")]}) except: logException("error during upload") req.request["Location"] = req.makeLink("content", { "id": id, "tab": "tab_editor", "error": "PostprocessingError_" + datatype[:datatype.find("/")]}) return send_nodefile_tal(req) if "upload" in req.params.keys(): # NewFile # file upload via CKeditor Image Properties / Upload tab file = req.params["upload"] del req.params["upload"] if hasattr(file, "filesize") and file.filesize > 0: try: logger.info( user.name + " upload via ckeditor " + file.filename + " (" + file.tempname + ")") nodefile = importFile(file.filename, file.tempname) node.addFile(nodefile) except EncryptionException: req.request["Location"] = req.makeLink("content", { "id": id, "tab": "tab_editor", "error": "EncryptionError_" + datatype[:datatype.find("/")]}) except: logException("error during upload") req.request["Location"] = req.makeLink("content", { "id": id, "tab": "tab_editor", "error": "PostprocessingError_" + datatype[:datatype.find("/")]}) url = '/file/' + id + '/' + file.tempname.split('/')[-1] res = """<script type="text/javascript"> // Helper function to get parameters from the query string. function getUrlParam(paramName) { var reParam = new RegExp('(?:[\?&]|&)' + paramName + '=([^&]+)', 'i') ; var match = window.location.search.match(reParam) ; return (match && match.length > 1) ? match[1] : '' ; } funcNum = getUrlParam('CKEditorFuncNum'); window.parent.CKEDITOR.tools.callFunction(funcNum, "%(fileUrl)s","%(customMsg)s"); </script>;""" % { 'fileUrl': url.replace('"', '\\"'), 'customMsg': (t(lang(req), "edit_fckeditor_cfm_uploadsuccess")), } return res return send_nodefile_tal(req)
def send_file(req, download=0): access = AccessData(req) id, filename = splitpath(req.path) if id.endswith("_transfer.zip"): id = id[:-13] try: n = tree.getNode(id) except tree.NoSuchNodeError: return 404 if not access.hasAccess(n, "data") and n.type not in [ "directory", "collections", "collection" ]: return 403 file = None if filename is None and n: # build zip-file and return it zipfilepath, files_written = build_transferzip(n) if files_written == 0: return 404 send_result = req.sendFile(zipfilepath, "application/zip") if os.sep == '/': # Unix? os.unlink( zipfilepath ) # unlinking files while still reading them only works on Unix/Linux return send_result # try full filename for f in n.getFiles(): if f.getName() == filename: incUsage(n) file = f break # try only extension if not file and n.get("archive_type") == "": file_ext = os.path.splitext(filename)[1] for f in n.getFiles(): if os.path.splitext( f.getName())[1] == file_ext and f.getType() in [ 'doc', 'document', 'original', 'mp3' ]: incUsage(n) file = f break if existMetaField(n.getSchema(), 'nodename'): display_file_name = '{}.{}'.format( os.path.splitext(os.path.basename(n.name))[0], os.path.splitext(filename)[-1].strip('.')) else: display_file_name = filename # try file from archivemanager if not file and n.get("archive_type") != "": am = archivemanager.getManager(n.get("archive_type")) req.reply_headers[ "Content-Disposition"] = 'attachment; filename="{}"'.format( display_file_name) return req.sendFile(am.getArchivedFileStream(n.get("archive_path")), "application/x-download") if not file: return 404 req.reply_headers[ "Content-Disposition"] = 'attachment; filename="{}"'.format( display_file_name) return req.sendFile(file.retrieveFile(), f.getMimeType())
def handle_request(req): user = users.getUserFromRequest(req) access = AccessData(req) errors = [] if "cmd" in req.params: cmd = req.params["cmd"] if cmd == "list_files": targetnodeid = req.params.get("targetnodeid", "") m_upload_field_name = req.params.get("m_upload_field_name", "") n = tree.getNode(targetnodeid) s = {'response': 'response for cmd="%s"' % cmd} filelist, filelist2 = getFilelist(n, m_upload_field_name) filelist = [_t[0:-1] for _t in filelist] s['filelist'] = filelist html_filelist = mkfilelist(n, filelist2, deletebutton=1, language=None, request=req) html_filelist = html_filelist.replace("____FIELDNAME____", "%s" % m_upload_field_name) s['html_filelist'] = html_filelist req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4)) return 200 elif cmd == 'delete_file': s = {'response': 'response for cmd="%s"' % cmd} f_name = req.params.get('prefixed_filename', '') f_name = f_name[len('delete_'):] targetnodeid = req.params.get("targetnodeid", "") m_upload_field_name = req.params.get("m_upload_field_name", "") n = tree.getNode(targetnodeid) fs = n.getFiles() if not access.hasAccess(n, 'data'): msg = "m_upload: no access for user '%s' to node %s ('%s', '%s') from '%s'" % ( user.name, str(n.id), n.name, n.type, str(req.ip)) logging.getLogger("backend").info(msg) errors.append(msg) s['errors'] = errors req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4)) return 403 for f in fs: if f.getName() == f_name: msg = "metadata m_upload: going to remove file '%s' from node '%s' (%s) for request from user '%s' (%s)" % ( f_name, n.name, str(n.id), user.name, str(req.ip)) logging.getLogger("backend").info(msg) n.removeFile(f) try: os.remove(f.retrieveFile()) except: pass break filecount = len(getFilelist(n, m_upload_field_name)[0]) n.set(m_upload_field_name, filecount) s['errors'] = errors req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4)) return 200 else: s = {'response': 'response for cmd="%s" not completely implemented feature' % cmd} req.write(req.params.get("jsoncallback") + "(%s)" % json.dumps(s, indent=4)) return 200 filename = None filesize = 0 s = {} if "submitter" in req.params.keys(): submitter = req.params.get("submitter", "").split(';')[0] targetnodeid = req.params.get("targetnodeid_FOR_" + submitter, None) targetnode = None if targetnodeid: try: targetnode = tree.getNode(targetnodeid) except: msg = "metadata m_upload: targetnodeid='%s' for non-existant node for upload from '%s'" % (str(targetnodeid), str(req.ip)) errors.append(msg) logging.getLogger("backend").error(msg) else: msg = "metadata m_upload could not find 'targetnodeid' for upload from '%s'" % str(req.ip) errors.append(msg) logging.getLogger("backend").error(msg) if not access.hasAccess(targetnode, 'data'): msg = "m_upload: no access for user '%s' to node %s ('%s', '%s') from '%s'" % ( user.name, str(targetnode.id), targetnode.name, targetnode.type, str(req.ip)) logging.getLogger("backend").info(msg) errors.append(msg) s['errors'] = errors req.write("%s" % json.dumps(s, indent=4)) return filename = None file_key = "m_upload_file_FOR_" + submitter if file_key in req.params: file = req.params[file_key] del req.params[file_key] filename = file.filename filesize = file.filesize filetempname = file.tempname else: msg = t(lang(req), "no file for this field submitted") errors.append(msg) if filename: diskname = normalizeFilename(filename) nodeFile = importFileToRealname(diskname, filetempname, prefix='m_upload_%s_' % (submitter, ), typeprefix="u_") if nodeFile: imported_filename = nodeFile.getName() imported_filesize = nodeFile.getSize() imported_filepath = nodeFile.retrieveFile() imported_filemimetype = nodeFile.getMimeType() else: msg = "metadata m_upload: could not create file node for request from '%s'" % (str(req.ip)) errors.append(msg) logging.getLogger("backend").error(msg) if targetnode and filename: targetnode.addFile(nodeFile) filecount = len(getFilelist(targetnode, submitter)[0]) targetnode.set(submitter, filecount) copy_report = t(lang(req), "uploaded file: %s; size: %d bytes") % (filename, filesize) else: copy_report = "" else: msg = "metadata m_upload: could not find submitter for request from '%s'" % (str(req.ip)) errors.append(msg) logging.getLogger("backend").error(msg) s = { 'errors': errors, 'copy_report': copy_report, } req.write("%s" % json.dumps(s, indent=4)) return 200
def upload_new_node(req, path, params, data): try: uploadfile = params['data'] del params['data'] except KeyError: uploadfile = None # get the user and verify the signature if params.get('user'): # user=users.getUser(params.get('user')) #userAccess = AccessData(user=user) _user = users.getUser(params.get('user')) if not _user: # user of dynamic class dummyuser: # dummy user class # return all groups with given dynamic user def getGroups(self): return [ g.name for g in tree.getRoot('usergroups').getChildren() if g.get('allow_dynamic') == '1' and params.get('user') in g.get('dynamic_users') ] def getName(self): return params.get('user') def getDirID(self): # unique identifier return params.get('user') def isAdmin(self): return 0 _user = dummyuser() userAccess = AccessData(user=_user) if userAccess.user: user = userAccess.user if not userAccess.verify_request_signature(req.fullpath + '?', params): userAccess = None else: userAccess = None else: user = users.getUser(config.get('user.guestuser')) userAccess = AccessData(user=user) parent = tree.getNode(params.get('parent')) # check user access if userAccess and userAccess.hasAccess(parent, "write"): pass else: s = "No Access" req.write(s) d = { 'status': 'fail', 'html_response_code': '403', 'errormessage': 'no access' } logger.error("user has no edit permission for node %s" % parent) return d['html_response_code'], len(s), d datatype = params.get('type') uploaddir = users.getUploadDir(user) n = tree.Node(name=params.get('name'), type=datatype) if isinstance(uploadfile, types.InstanceType): # file object used nfile = importFile(uploadfile.filename, uploadfile.tempname) else: # string used nfile = importFileFromData('uploadTest.jpg', base64.b64decode(uploadfile)) if nfile: n.addFile(nfile) else: logger.error("error in file uploadservice") try: # test metadata metadata = json.loads(params.get('metadata')) except ValueError: metadata = dict() # set provided metadata for key, value in metadata.iteritems(): n.set(u(key), u(value)) # service flags n.set("creator", user.getName()) n.set("creationtime", format_date()) parent.addChild(n) # process the file, we've added to the new node if hasattr(n, "event_files_changed"): try: n.event_files_changed() except OperationException as e: for file in n.getFiles(): if os.path.exists(file.retrieveFile()): os.remove(file.retrieveFile()) raise OperationException(e.value) # make sure the new node is visible immediately from the web service and # the search index gets updated n.setDirty() tree.remove_from_nodecaches(parent) d = { 'status': 'Created', 'html_response_code': '201', 'build_response_end': time.time() } s = "Created" # provide the uploader with the new node ID req.reply_headers['NodeID'] = n.id # we need to write in case of POST request, send as buffer will not work req.write(s) return d['html_response_code'], len(s), d
def show_printview(req): """ create a pdf preview of given node (id in path e.g. /print/[id]/[area])""" p = req.path[1:].split("/") try: nodeid = int(p[1]) except ValueError: raise ValueError("Invalid Printview URL: " + req.path) if len(p) == 3: if p[2] == "edit": req.reply_headers['Content-Type'] = "application/pdf" editprint = printmethod(req) if editprint: req.write(editprint) else: req.write("") return # use objects from session if str(nodeid) == "0": children = [] if "contentarea" in req.session: try: nodes = req.session["contentarea"].content.files except: c = req.session["contentarea"].content nodes = c.resultlist[c.active].files for n in nodes: c_mtype = getMetaType(n.getSchema()) c_mask = c_mtype.getMask("printlist") if not c_mask: c_mask = c_mtype.getMask("nodesmall") _c = c_mask.getViewHTML([n], VIEW_DATA_ONLY + VIEW_HIDE_EMPTY) if len(_c) > 0: children.append(_c) req.reply_headers['Content-Type'] = "application/pdf" req.write(printview.getPrintView(lang(req), None, [["", "", t(lang(req), "")]], [], 3, children)) else: node = getNode(nodeid) if node.get("system.print") == "0": return 404 access = AccessData(req) if not access.hasAccess(node, "read"): req.write(t(req, "permission_denied")) return style = int(req.params.get("style", 2)) # nodetype mtype = getMetaType(node.getSchema()) mask = None metadata = None if mtype: for m in mtype.getMasks(): if m.getMasktype() == "fullview": mask = m if m.getMasktype() == "printview": mask = m break if not mask: mask = mtype.getMask("nodebig") if mask: metadata = mask.getViewHTML([node], VIEW_DATA_ONLY + VIEW_HIDE_EMPTY) if not metadata: metadata = [['nodename', node.getName(), 'Name', 'text']] files = node.getFiles() imagepath = None for file in files: if file.getType().startswith("presentati"): imagepath = file.retrieveFile() # children children = [] if node.isContainer(): ret = [] getPrintChildren(req, node, ret) for c in ret: if not c.isContainer(): # items c_mtype = getMetaType(c.getSchema()) c_mask = c_mtype.getMask("printlist") if not c_mask: c_mask = c_mtype.getMask("nodesmall") _c = c_mask.getViewHTML([c], VIEW_DATA_ONLY) if len(_c) > 0: children.append(_c) else: # header items = getPaths(c, AccessData(req)) p = [] for item in items[0]: p.append(u(item.getName())) p.append(u(c.getName())) children.append([(c.id, " > ".join(p[1:]), u(c.getName()), "header")]) if len(children) > 1: col = [] order = [] try: sort = getCollection(node).get("sortfield") except: sort = "" for i in range(0, 2): col.append((0, "")) order.append(1) if req.params.get("sortfield" + str(i)) != "": sort = req.params.get("sortfield" + str(i), sort) if sort != "": if sort.startswith("-"): sort = sort[1:] order[i] = -1 _i = 0 for c in children[0]: if c[0] == sort: col[i] = (_i, sort) _i += 1 if col[i][1] == "": col[i] = (0, children[0][0][0]) # sort method for items def myCmp(x, y, col, order): cx = "" cy = "" for item in x: if item[0] == col[0][1]: cx = item[1] break for item in y: if item[0] == col[0][1]: cy = item[1] break if cx.lower() > cy.lower(): return 1 * order[0] return -1 * order[0] sorted_children = [] tmp = [] for item in children: if item[0][3] == "header": if len(tmp) > 0: tmp.sort(lambda x, y: myCmp(x, y, col, order)) sorted_children.extend(tmp) tmp = [] sorted_children.append(item) else: tmp.append(item) tmp.sort(lambda x, y: myCmp(x, y, col, order)) sorted_children.extend(tmp) children = sorted_children req.reply_headers['Content-Type'] = "application/pdf" req.write(printview.getPrintView(lang(req), imagepath, metadata, getPaths( node, AccessData(req)), style, children, getCollection(node)))