def test_regular_user_access_module(self):
# Regular user can access module by slug
self.assertFalse(
util.user_has_access(self.nuser, self.doc2, 'somthing-else',
False))
self.assertFalse(
util.user_has_access(self.nuser, self.doc2, 'somthing-else', True))
self.assertTrue(
util.user_has_access(self.nuser, self.doc2, 'svg', False))
self.assertTrue(
util.user_has_access(self.nuser, self.doc2, 'svg', True))
def test_regular_user_access(self):
# Regular user can access only mp3 and pdf of collection 1
self.assertTrue(
util.user_has_access(self.nuser, self.doc1, self.file_type.slug,
False))
self.assertTrue(
util.user_has_access(self.nuser, self.doc1, self.file_type.slug,
True))
self.assertTrue(
util.user_has_access(self.nuser, self.doc4, self.file_type2.slug,
False))
self.assertTrue(
util.user_has_access(self.nuser, self.doc4, self.file_type2.slug,
True))
self.assertTrue(
util.user_has_access(self.nuser, self.doc1, self.file_type2.slug,
False))
self.assertFalse(
util.user_has_access(self.nuser, self.doc2, self.file_type.slug,
False))
self.assertFalse(
util.user_has_access(self.nuser, self.doc2, self.file_type2.slug,
False))
self.assertFalse(
util.user_has_access(self.nuser, self.doc3, self.file_type2.slug,
False))
def test_regular_user_access_from_dunya(self):
# Regular user can access only pdf of collection 1 but can also access mp3 and pdf from dunya
self.assertTrue(
util.user_has_access(self.nuser, self.doc4, self.file_type2.slug,
True))
self.assertTrue(
util.user_has_access(self.nuser, self.doc2, self.file_type.slug,
True))
self.assertTrue(
util.user_has_access(self.nuser, self.doc2, self.file_type2.slug,
True))
self.assertTrue(
util.user_has_access(self.nuser, self.doc1, self.file_type.slug,
True))
def download_external(request, uuid, ftype):
# Test authentication. We support a rest-framework token
# or a logged-in user
user = request.user
try:
t = auther.authenticate(request)
if t:
user = t[0]
except exceptions.AuthenticationFailed:
pass
try:
doc = models.Document.objects.get(external_identifier=uuid)
except models.Document.DoesNotExist:
return HttpResponseNotFound("Cannot find a document with id %s" % uuid)
# if ftype is a sourcetype and it has streamable set, and
# referrer is dunya, then has_access is true (but we rate-limit)
referrer = request.META.get("HTTP_REFERER")
good_referrer = False
if referrer:
if "dunya.compmusic.upf.edu" in referrer or "dunya.upf.edu" in referrer:
good_referrer = True
has_access = util.user_has_access(user, doc, ftype, good_referrer)
if not has_access:
return HttpResponse("Not logged in", status=401)
try:
version = request.GET.get("v")
subtype = request.GET.get("subtype")
part = request.GET.get("part")
# This could be a SourceFile, or DerivedFile
result = doc.get_file(ftype, subtype, part, version)
if isinstance(result, models.SourceFile):
fname = result.fullpath
else:
if part is None:
part = 1
fname = result.full_path_for_part(part)
mimetype = result.mimetype
ratelimit = "off"
if util.has_rate_limit(user, doc, ftype):
# 200k
ratelimit = 200 * 1024
# TODO: We should ratelimit mp3 requests, but not any others,
# so we need a different path for nginx for these ones
response = sendfile(request, fname, mimetype=mimetype)
response['X-Accel-Limit-Rate'] = ratelimit
return response
except docserver.exceptions.TooManyFilesException as e:
return HttpResponseBadRequest(e)
except docserver.exceptions.NoFileException as e:
return HttpResponseNotFound(e)
def test_regular_user_access(self):
# Regular user can access only mp3 and pdf of collection 1
self.assertTrue(util.user_has_access(self.nuser, self.doc1, self.file_type.slug, False))
self.assertTrue(util.user_has_access(self.nuser, self.doc1, self.file_type.slug, True))
self.assertTrue(util.user_has_access(self.nuser, self.doc4, self.file_type2.slug, False))
self.assertTrue(util.user_has_access(self.nuser, self.doc4, self.file_type2.slug, True))
self.assertTrue(util.user_has_access(self.nuser, self.doc1, self.file_type2.slug, False))
self.assertFalse(util.user_has_access(self.nuser, self.doc2, self.file_type.slug, False))
self.assertFalse(util.user_has_access(self.nuser, self.doc2, self.file_type2.slug, False))
self.assertFalse(util.user_has_access(self.nuser, self.doc3, self.file_type2.slug, False))
def download_external(request, uuid, ftype):
# Test authentication. We support a rest-framework token
# or a logged-in user
user = request.user
try:
t = auther.authenticate(request)
if t:
user = t[0]
except exceptions.AuthenticationFailed:
pass
try:
doc = models.Document.objects.get(external_identifier=uuid)
except models.Document.DoesNotExist:
return HttpResponseNotFound("Cannot find a document with id %s" % uuid)
# if ftype is a sourcetype and it has streamable set, and
# referrer is dunya, then has_access is true (but we rate-limit)
referrer = request.META.get("HTTP_REFERER")
good_referrer = False
if referrer and "dunya.compmusic.upf.edu" in referrer:
good_referrer = True
has_access = util.user_has_access(user, doc, ftype, good_referrer)
if not has_access:
return HttpResponse("Not logged in", status=401)
try:
version = request.GET.get("v")
subtype = request.GET.get("subtype")
part = request.GET.get("part")
# This could be a SourceFile, or DerivedFile
result = doc.get_file(ftype, subtype, part, version)
if isinstance(result, models.SourceFile):
fname = result.fullpath
else:
if part is None:
part = 1
fname = result.full_path_for_part(part)
mimetype = result.mimetype
ratelimit = "off"
if util.has_rate_limit(user, doc, ftype):
# 200k
ratelimit = 200 * 1024
# TODO: We should ratelimit mp3 requests, but not any others,
# so we need a different path for nginx for these ones
response = sendfile(request, fname, mimetype=mimetype)
response['X-Accel-Limit-Rate'] = ratelimit
return response
except docserver.exceptions.TooManyFilesException as e:
return HttpResponseBadRequest(e)
except docserver.exceptions.NoFileException as e:
return HttpResponseNotFound(e)
def test_restricted_user_access(self):
# Restricted users can access only to mp3 of collection 2 and mp3 and pdf of collection 1
self.assertTrue(util.user_has_access(self.ruser, self.doc2, self.file_type.slug, False))
self.assertTrue(util.user_has_access(self.ruser, self.doc1, self.file_type.slug, False))
self.assertTrue(util.user_has_access(self.ruser, self.doc4, self.file_type2.slug, False))
self.assertTrue(util.user_has_access(self.ruser, self.doc1, self.file_type2.slug, False))
self.assertFalse(util.user_has_access(self.ruser, self.doc2, self.file_type2.slug, False))
self.assertFalse(util.user_has_access(self.ruser, self.doc3, self.file_type.slug, False))
self.assertFalse(util.user_has_access(self.ruser, self.doc3, self.file_type2.slug, False))
def test_staff_user_access(self):
# Staff users access to mp3 of collection 3 and collection 2 and mp3 and pdf of collection 1,
# even if theres in no Permission created they have access too
self.assertTrue(util.user_has_access(self.suser, self.doc2, self.file_type.slug, False))
self.assertTrue(util.user_has_access(self.suser, self.doc3, self.file_type.slug, False))
self.assertTrue(util.user_has_access(self.suser, self.doc1, self.file_type.slug, False))
self.assertTrue(util.user_has_access(self.suser, self.doc3, self.file_type2.slug, False))
self.assertTrue(util.user_has_access(self.suser, self.doc4, self.file_type2.slug, False))
self.assertTrue(util.user_has_access(self.suser, self.doc1, self.file_type2.slug, False))
def test_restricted_user_access(self):
# Restricted users can access only to mp3 of collection 2 and mp3 and pdf of collection 1
self.assertTrue(
util.user_has_access(self.ruser, self.doc2, self.file_type.slug,
False))
self.assertTrue(
util.user_has_access(self.ruser, self.doc1, self.file_type.slug,
False))
self.assertTrue(
util.user_has_access(self.ruser, self.doc4, self.file_type2.slug,
False))
self.assertTrue(
util.user_has_access(self.ruser, self.doc1, self.file_type2.slug,
False))
self.assertFalse(
util.user_has_access(self.ruser, self.doc2, self.file_type2.slug,
False))
self.assertFalse(
util.user_has_access(self.ruser, self.doc3, self.file_type.slug,
False))
self.assertFalse(
util.user_has_access(self.ruser, self.doc3, self.file_type2.slug,
False))
def test_staff_user_access(self):
# Staff users access to mp3 of collection 3 and collection 2 and mp3 and pdf of collection 1,
# even if theres in no Permission created they have access too
self.assertTrue(
util.user_has_access(self.suser, self.doc2, self.file_type.slug,
False))
self.assertTrue(
util.user_has_access(self.suser, self.doc3, self.file_type.slug,
False))
self.assertTrue(
util.user_has_access(self.suser, self.doc1, self.file_type.slug,
False))
self.assertTrue(
util.user_has_access(self.suser, self.doc3, self.file_type2.slug,
False))
self.assertTrue(
util.user_has_access(self.suser, self.doc4, self.file_type2.slug,
False))
self.assertTrue(
util.user_has_access(self.suser, self.doc1, self.file_type2.slug,
False))
def test_regular_user_access_from_dunya(self):
# Regular user can access only pdf of collection 1 but can also access mp3 and pdf from dunya
self.assertTrue(util.user_has_access(self.nuser, self.doc4, self.file_type2.slug, True))
self.assertTrue(util.user_has_access(self.nuser, self.doc2, self.file_type.slug, True))
self.assertTrue(util.user_has_access(self.nuser, self.doc2, self.file_type2.slug, True))
self.assertTrue(util.user_has_access(self.nuser, self.doc1, self.file_type.slug, True))
def test_regular_user_access_module(self):
# Regular user can access module by slug
self.assertFalse(util.user_has_access(self.nuser, self.doc2, 'somthing-else', False))
self.assertFalse(util.user_has_access(self.nuser, self.doc2, 'somthing-else', True))
self.assertTrue(util.user_has_access(self.nuser, self.doc2, 'svg', False))
self.assertTrue(util.user_has_access(self.nuser, self.doc2, 'svg', True))
