def handle_protected_file(obj, event):
if obj.getIsProtected():
api.portal.show_message(
message=translate(
_(
u'message_protected_file',
default=u'You are not allowed to delete the file "${file_title}".',
mapping={
'file_title': safe_unicode(obj.Title()),
},
),
context=obj.REQUEST,
),
request=obj.REQUEST,
type='error'
)
raise ValueError('Unable to delete a protected file.')
def __call__(self):
self.file = self.request.get("file")
if not self.file:
raise BadRequest("No content provided.")
self.filename = self.file.filename
self.context.update(file=self.file, originFilename=self.filename)
portal = api.portal.get()
repository_tool = getToolByName(portal, "portal_repository")
if repository_tool.isVersionable(self.context):
# TODO: This creates another entry in the history resulting
# in two consecutive history entries.
repository_tool.save(
self.context, comment=translate(_("File replaced with Drag & Drop."), context=self.request)
)
notify(ObjectEditedEvent(self.context))
return json.dumps({"success": True})
from Products.validation import V_REQUIRED
from Products.validation.config import validation
from Products.validation.validators import RegexValidator
from urllib import quote
from ZODB.POSException import ConflictError
from zope.interface import implements
import logging
origin_filename_validator = RegexValidator(
'isSafeOriginFilename',
r'^[^\/]*$',
title='',
description='',
errmsg=_(
u'origin_filename_validator_error',
default=u'The filename must not contain "/".'
)
)
validation.register(origin_filename_validator)
FileSchema = ATContentTypeSchema.copy() + atapi.Schema((
FileField(
'file',
required=True,
primary=True,
searchable=True,
languageIndependent=True,
index_method='getIndexValue',
storage=atapi.AnnotationStorage(migrate=True),
def upload(self):
"""Adds uploaded file.
Required params: uploadfile, uploadtitle, uploaddescription
"""
context = aq_inner(self.context)
self.request = context.REQUEST
if not IFolderish.providedBy(context):
context = aq_parent(context)
request = context.REQUEST
utility = getToolByName(context, "portal_tinymce")
id_ = request["uploadfile"].filename
content_type = request["uploadfile"].headers["Content-Type"]
# check if container is ready to store images
if self.is_temporary(context):
return self.errorMessage(
translate(_("Please save the object first" " to enable image upload."), context=self.request)
)
# check mime type to make sure an image is uploaded
if not is_image(content_type):
return self.errorMessage(translate(_("Only image upload allowed."), context=self.request))
# Permission checks based on code by Danny Bloemendaal
# 1) check if the current user has permissions to add stuff
if not context.portal_membership.checkPermission("Add portal content", context):
return self.errorMessage("You do not have permission to upload files in this folder")
# 2) check image types uploadable in folder.
# priority is to content_type_registry image type
allowed_types = [t.id for t in context.getAllowedTypes()]
tiny_image_types = utility.imageobjects.split("\n")
uploadable_types = []
for typename in tiny_image_types:
if typename in allowed_types:
uploadable_types.append(typename)
# Get an unused filename without path
id_ = self.cleanupFilename(id_)
for metatype in uploadable_types:
try:
newid = context.invokeFactory(type_name=metatype, id=id_)
if newid is None or newid == "":
newid = id_
break
except ValueError:
continue
except BadRequest:
return self.errorMessage(translate(_("Bad filename, please rename."), context=self.request))
else:
return self.errorMessage(
translate(_("Not allowed to upload a file of this type to this folder"), context=self.request)
)
obj = getattr(context, newid, None)
# Set title + description.
# Attempt to use Archetypes mutator if there is one, in case it uses
# a custom storage
title = request["uploadtitle"]
description = request["uploaddescription"]
if description:
try:
obj.setDescription(description)
except AttributeError:
obj.description = description
if HAS_DEXTERITY and IDexterityContent.providedBy(obj):
if not self.setDexterityImage(obj):
return self.errorMessage(
translate(_("The content-type '%s' has no image-field!" % metatype), context=self.request)
)
else:
# set primary field
pf = obj.getPrimaryField()
pf.set(obj, request["uploadfile"])
if not obj:
return self.errorMessage("Could not upload the file")
if title and title is not "":
obj.setTitle(title)
else:
obj.setTitle(obj.getFilename())
obj.reindexObject()
folder = obj.aq_parent.absolute_url()
if utility.link_using_uids:
path = "resolveuid/%s" % (uuidFor(obj))
else:
path = obj.absolute_url()
return self.okMessage(path, folder)
