def refresh_thumbnail(): def refresh_thumbnail_helper(dir_model): dir_children = [d for d in Directory.query.filter(Directory.parent == dir_model.id).all()] file_children = [f for f in File.query.filter(File.parent == dir_model.id).all()] for file in file_children: if file.thumbnail_uuid != DEFAULT_THUMBNAIL_NAME: return file.thumbnail_uuid for d in dir_children: if d.thumbnail_uuid != DEFAULT_THUMBNAIL_NAME: return d.thumbnail_uuid # WE HAVE TO GO DEEPER (inception noise) for d in dir_children: return refresh_thumbnail_helper(d) # No thumbnail found return DEFAULT_THUMBNAIL_NAME missing_thumbnails = File.query.filter(File.thumbnail_uuid == DEFAULT_THUMBNAIL_NAME).all() for file_model in missing_thumbnails: dir_path = get_full_dir_path(file_model.parent) file_path = os.path.join(dir_path, file_model.name) mime = file_model.mimetype file_model.thumbnail_uuid = generate_image_thumbnail(file_path, dir_path, mime) db.session.flush() db.session.commit() db.session.refresh(file_model) missing_thumbnails = Directory.query.filter(Directory.thumbnail_uuid == DEFAULT_THUMBNAIL_NAME).all() for dir_model in missing_thumbnails: dir_model.thumbnail_uuid = refresh_thumbnail_helper(dir_model) db.session.flush() db.session.commit() db.session.refresh(dir_model)
def delete_dir(dir_id, auth_dict=None): dir_id = int(dir_id) dir_model = Directory.query.filter(Directory.id == dir_id).first() if dir_model is None: return "dir not found", 404 if dir_model.id <= ROOT_DIR_ID: return "Permission denied", 403 if not (auth_dict['is_eboard'] or auth_dict['is_rtp'] or auth_dict['uuid'] == dir_model.author): return "Permission denied", 403 dirs = [d for d in Directory.query.filter(Directory.parent == dir_id).all()] files = [f for f in File.query.filter(File.parent == dir_id).all()] for child_dir in dirs: delete_dir(child_dir.id) for child_file in files: delete_file(child_file.id) if len(dir_model.thumbnail_uuid.split('.')) > 1: dir_path = get_full_dir_path(dir_model.id) os.rmdir(dir_path) db.session.delete(dir_model) db.session.flush() db.session.commit() return "ok", 200
def api_mkdir(internal=False, parent_id=None, dir_name=None, owner=None, auth_dict=None): owner = auth_dict['uuid'] # hardcoding is bad parent_id = request.form.get('parent_id') path = get_full_dir_path(parent_id) # at this point path is something like # gallery-data/root file_path = os.path.join(path, request.form.get('dir_name')) _, count = re.subn(r'[^a-zA-Z0-9 \/\-\_]', '', file_path) if not file_path.startswith("/gallery-data/root") or count != 0: return "invalid path" + file_path, 400 # mkdir -p that shit if not os.path.exists(file_path): os.makedirs(file_path) # strip out new dir names now filtered by regex! if file_path.startswith(path): file_path = file_path[(len(path)):] upload_status = {} upload_status['error'] = [] upload_status['success'] = [] # Sometimes we want to put things in their place if file_path != "" and file_path != "/": path = file_path.split('/') path.pop(0) # remove blank # now put these dirs in the db for directory in path: # ignore dir//dir patterns if directory == "": continue parent_id = add_directory(parent_id, directory, "", owner) if parent_id is None: upload_status['error'].append(directory) else: upload_status['success'].append({ "name": directory, "id": parent_id }) # Create return object upload_status['redirect'] = "/view/dir/" + str(parent_id) return jsonify(upload_status)
def display_file(file_id): file_id = int(file_id) path_stack = [] file_model = File.query.filter(File.id == file_id).first() if file_model is None: return "file not found", 404 dir_model = Directory.query.filter(Directory.id == file_model.parent).first() path = get_full_dir_path(dir_model.id) return send_from_directory(path, file_model.name, mimetype=file_model.mimetype)
def refresh_default_thumbnails(): missing_thumbnails = File.query.filter(File.thumbnail_uuid == DEFAULT_THUMBNAIL_NAME).all() for file_model in missing_thumbnails: dir_path = get_full_dir_path(file_model.parent) file_path = os.path.join(dir_path, file_model.name) mime = file_model.mimetype file_model.thumbnail_uuid = generate_image_thumbnail(file_path, dir_path, mime) db.session.flush() db.session.commit() db.session.refresh(file_model) missing_thumbnails = Directory.query.filter(Directory.thumbnail_uuid == DEFAULT_THUMBNAIL_NAME).all() for dir_model in missing_thumbnails: dir_model.thumbnail_uuid = refresh_directory_thumbnail(dir_model) db.session.flush() db.session.commit() db.session.refresh(dir_model)
def delete_file(file_id, auth_dict=None): file_id = int(file_id) file_model = File.query.filter(File.id == file_id).first() if file_model is None: return "file not found", 404 if not (auth_dict['is_eboard'] or auth_dict['is_rtp'] or auth_dict['uuid'] == file_model.author): return "Permission denied", 403 file_path = os.path.join(get_full_dir_path(file_model.parent), file_model.name) db.session.delete(file_model) os.remove(file_path) db.session.flush() db.session.commit() return "ok", 200
def upload_file(auth_dict=None): # Dropzone multi file is broke with .getlist() uploaded_files = [t[1] for t in request.files.items()] files = [] owner = auth_dict['uuid'] # hardcoding is bad parent = request.form.get('parent_id') # Create return object upload_status = {} upload_status['error'] = [] upload_status['success'] = [] upload_status['redirect'] = "/view/dir/" + str(parent) dir_path = get_full_dir_path(parent) for upload in uploaded_files: filename = secure_filename(upload.filename) file_model = File.query.filter(File.parent == parent) \ .filter(File.name == filename).first() if file_model is None: filepath = os.path.join(dir_path, filename) upload.save(filepath) file_model = add_file(filename, dir_path, parent, "", owner) if file_model is None: upload_status['error'].append(filename) continue upload_status['success'].append( { "name": file_model.name, "id": file_model.id }) else: upload_status['error'].append(filename) refresh_thumbnail() # actually redirect to URL # change from FORM post to AJAX maybe? return jsonify(upload_status)