def post(self, resource_id):
"""Upload a file."""
d = Deposition.get(resource_id, user=current_user)
# Bail-out early if not permitted (add_file will also check, but then
# we already uploaded the file)
if not d.authorize('add_file'):
raise ForbiddenAction('add_file', d)
uploaded_file = request.files['file']
filename = secure_filename(
request.form.get('filename') or uploaded_file.filename
)
df = DepositionFile(backend=DepositionStorage(d.id))
if df.save(uploaded_file, filename=filename):
try:
d.add_file(df)
d.save()
except FilenameAlreadyExists as e:
df.delete()
raise e
return d.type.marshal_file(df), 201
def post(self):
"""Create a new deposition."""
if not can_access_deposit_type(request.json.get('type', None)):
raise ForbiddenAction('deposit_create_with_type')
# Create deposition (uses default deposition type unless type is given)
d = Deposition.create(current_user, request.json.get('type', None))
# Validate input data according to schema
self.validate_input(d)
# Process input data
self.process_input(d)
# Save if all went fine
d.save()
return d.marshal(), 201
def put(self, resource_id, file_id):
"""Update a deposition file - i.e. rename it."""
v = APIValidator()
if not v.validate(request.json, file_schema):
abort(
400,
message="Bad request",
status=400,
errors=map(lambda x: dict(
message=x,
code=error_codes["validation_error"]
), v.errors),
)
d = Deposition.get(resource_id, user=current_user)
df = d.get_file(file_id)
if not d.type.authorize_file(d, df, 'update_metadata'):
raise ForbiddenAction('update_metadata', df)
new_name = secure_filename(request.json['filename'])
if new_name != request.json['filename']:
abort(
400,
message="Bad request",
status=400,
errors=[dict(
message="Not a valid filename",
code=error_codes["validation_error"]
)],
)
df.name = new_name
d.save()
return d.type.marshal_file(df)