def doc_download_private(request, path, doc): """Download view that requires user to login, then checks authorization.""" if userHasUserPermission(request.user, doc.project): return serve(request, path, document_root=settings.PROJECTS_ROOT) else: return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
def secure_data_download(request, path, project): # TODO: generalize authorization by looking up regular expressions matching path if userHasUserPermission(request.user, project): return serve(request, path, document_root=settings.DATA_ROOT) else: return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
def userCanView(user, post): # private pages can be viewed only by group members if post.is_private: return userHasUserPermission(user, post.project) # public pages are viewable by everybody else: return True
def search(request, project_short_name): """ Entry point for all search requests (GET/POST). Loads project-specific configuration. """ # store this URL at session scope so other pages can reload the last search request.session[LAST_SEARCH_URL] = request.get_full_path( ) # relative search page URL + optional query string fromRedirectFlag = False if request.session.get(SEARCH_REDIRECT, None): fromRedirectFlag = True # remove POST redirect flag from session del request.session[SEARCH_REDIRECT] # retrieve project from database project = get_object_or_404(Project, short_name__iexact=project_short_name) # check permission if project.private: if request.user.is_anonymous(): return HttpResponseRedirect( reverse('login') + "?next=%s" % request.path) else: if not userHasUserPermission(request.user, project): return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE) config = _getSearchConfig(request, project) if config: # config.printme() # pass on project as extra argument to search # also include possible custom template return search_config(request, config, extra={ 'project': project, 'title2': '%s Data Search' % project.short_name, 'template': getQueryDict(request).get(TEMPLATE, None) }, fromRedirectFlag=fromRedirectFlag) # search is not configured for this project else: messages = [ 'Searching is not enabled for this project.', 'Please contact the project administrators for further assistance.' ] return render(request, 'cog/common/message.html', { 'project': project, 'messages': messages, 'title2': 'Data Search' })
def doc_list(request, project_short_name): project = get_object_or_404(Project, short_name__iexact=project_short_name) # query by project qset = Q(project=project) #list_title = 'All Documents' # do not list private documents unless user is a project member if request.user.is_anonymous() or not userHasUserPermission( request.user, project): qset = qset & Q(is_private=False) # optional query parameters query = request.GET.get('query', '') if query: qset = qset & (Q(title__icontains=query) | Q( description__icontains=query) | Q(path__icontains=query)) #list_title = "Search Results for '%s'" % query # document type filter_by = request.GET.get('filter_by', DOCUMENT_TYPE_ALL) # validate 'filter_by' value if filter_by.lower() not in VALID_FILTER_BY_VALUES: raise Exception("Invalid 'filter_by' value") if filter_by != DOCUMENT_TYPE_ALL: types = DOCUMENT_TYPES[filter_by] _qset = Q(path__iendswith=types[0]) for type in types[1:]: _qset = _qset | Q(path__iendswith=type) #list_title += ", type: %s, " % filter_by qset = qset & _qset order_by = request.GET.get('order_by', 'title') # validate 'order_by' value if order_by.lower() not in VALID_ORDER_BY_VALUES: raise Exception("Invalid 'order_by' value") #list_title += ", order by %s" % order_by # execute query, order by descending update date results = Doc.objects.filter(qset).distinct().order_by(order_by) list_title = "Total Number of Matching Documents: %d" % len(results) return render( request, 'cog/doc/doc_list.html', { "object_list": paginate(results, request, max_counts_per_page=100), 'project': project, 'title': '%s Files' % project.short_name, "query": query, "order_by": order_by, "filter_by": filter_by, "list_title": list_title })
def doc_list(request, project_short_name): project = get_object_or_404(Project, short_name__iexact=project_short_name) # query by project qset = Q(project=project) #list_title = 'All Documents' # do not list private documents unless user is a project member if request.user.is_anonymous() or not userHasUserPermission(request.user, project): qset = qset & Q(is_private=False) # optional query parameters query = request.GET.get('query', '') if query: qset = qset & ( Q(title__icontains=query) | Q(description__icontains=query) | Q(path__icontains=query) ) #list_title = "Search Results for '%s'" % query # document type filter_by = request.GET.get('filter_by', DOCUMENT_TYPE_ALL) # validate 'filter_by' value if filter_by.lower() not in VALID_FILTER_BY_VALUES: raise Exception("Invalid 'filter_by' value") if filter_by != DOCUMENT_TYPE_ALL: types = DOCUMENT_TYPES[filter_by] _qset = Q(path__iendswith=types[0]) for type in types[1:]: _qset = _qset | Q(path__iendswith=type) #list_title += ", type: %s, " % filter_by qset = qset & _qset order_by = request.GET.get('order_by', 'title') # validate 'order_by' value if order_by.lower() not in VALID_ORDER_BY_VALUES: raise Exception("Invalid 'order_by' value") #list_title += ", order by %s" % order_by # execute query, order by descending update date results = Doc.objects.filter(qset).distinct().order_by(order_by) list_title = "Total Number of Matching Documents: %d" % len(results) return render(request, 'cog/doc/doc_list.html', {"object_list": paginate(results, request, max_counts_per_page=100), 'project': project, 'title': '%s Files' % project.short_name, "query": query, "order_by": order_by, "filter_by": filter_by, "list_title":list_title})
def isVisible(self, user): if self.active == False: return False elif self.private == False: return True elif userHasUserPermission(user, self): return True elif userHasContributorPermission(user, self): return True elif userHasAdminPermission(user, self): return True else: return False
def search(request, project_short_name): """ Entry point for all search requests (GET/POST). Loads project-specific configuration. """ # store this URL at session scope so other pages can reload the last search request.session[LAST_SEARCH_URL] = request.get_full_path() # relative search page URL + optional query string fromRedirectFlag = False if request.session.get(SEARCH_REDIRECT, None): fromRedirectFlag = True # remove POST redirect flag from session del request.session[SEARCH_REDIRECT] # retrieve project from database project = get_object_or_404(Project, short_name__iexact=project_short_name) # check permission if project.private: if request.user.is_anonymous(): return HttpResponseRedirect(reverse('login')+"?next=%s" % request.path) else: if not userHasUserPermission(request.user, project): return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE) config = _getSearchConfig(request, project) if config: # config.printme() # pass on project as extra argument to search # also include possible custom template return search_config(request, config, extra={'project': project, 'title2': '%s Data Search'% project.short_name, 'template':getQueryDict(request).get(TEMPLATE,None) }, fromRedirectFlag=fromRedirectFlag) # search is not configured for this project else: messages = ['Searching is not enabled for this project.', 'Please contact the project administrators for further assistance.'] return render(request, 'cog/common/message.html', {'project': project, 'messages': messages, 'title2': 'Data Search'})
def hasUserPermission(user, project): return userHasUserPermission(user, project)