def publication_attached_file(request, publication_id): if(not request.user.is_authenticated()): logger.warn('access to restricted: user: %r, publication: %r', request.user,publication_id) return HttpResponse('Log in required.', status=401) try: publication = Publication.objects.get(publication_id=publication_id) if (not hasattr(publication, 'attachedfile') or publication.attachedfile is None): msg = 'publication found, but has no attached_file for id: %r' % publication_id logger.exception(msg) raise Http404(msg) authorization = ScreenAuthorization() authorized = authorization._is_resource_authorized( 'screen',request.user,'read') if not authorized: userprofile = request.user.userprofile screensaver_user = None if hasattr(userprofile,'screensaveruser'): screensaver_user = userprofile.screensaveruser if ( screensaver_user is not None and hasattr(publication,'screen') and publication.screen is not None): authorized = authorization._is_screen_authorized( publication.screen, screensaver_user, 'read') if not authorized: msg = ('%s permission needed for user: %s' % ('screen/read',request.user)) logger.warn(msg) return HttpResponse(msg, status=403) else: logger.info( 'User allowed to file %s', request.user) return _download_file(request,publication.attachedfile) except ObjectDoesNotExist,e: msg = 'could not find publication object for id: %r' % publication_id logger.exception(msg) return HttpResponse(status=404)
def publication_attached_file(request, publication_id): if (not request.user.is_authenticated()): logger.warn('access to restricted: user: %r, publication: %r', request.user, publication_id) return HttpResponse('Log in required.', status=401) try: publication = Publication.objects.get(publication_id=publication_id) if (not hasattr(publication, 'attachedfile') or publication.attachedfile is None): msg = 'publication found, but has no attached_file for id: %r' % publication_id logger.exception(msg) raise Http404(msg) authorization = ScreenAuthorization() authorized = authorization._is_resource_authorized( 'screen', request.user, 'read') if not authorized: userprofile = request.user.userprofile screensaver_user = None if hasattr(userprofile, 'screensaveruser'): screensaver_user = userprofile.screensaveruser if (screensaver_user is not None and hasattr(publication, 'screen') and publication.screen is not None): authorized = authorization._is_screen_authorized( publication.screen, screensaver_user, 'read') if not authorized: msg = ('%s permission needed for user: %s' % ('screen/read', request.user)) logger.warn(msg) return HttpResponse(msg, status=403) else: logger.info('User allowed to file %s', request.user) return _download_file(request, publication.attachedfile) except ObjectDoesNotExist, e: msg = 'could not find publication object for id: %r' % publication_id logger.exception(msg) return HttpResponse(status=404)
def attached_file(request, attached_file_id): if(not request.user.is_authenticated()): logger.warn('access to restricted: user: %r, file: %r', request.user,attached_file) return HttpResponse('Log in required.', status=401) af = None try: af = AttachedFile.objects.get(attached_file_id=attached_file_id) authorization = ScreenAuthorization() authorized = authorization._is_resource_authorized( 'screen',request.user,'read') if not authorized: userprofile = request.user.userprofile screensaver_user = None if hasattr(userprofile,'screensaveruser'): screensaver_user = userprofile.screensaveruser if ( hasattr(attached_file,'screensaver_user') and attached_file.screensaver_user is not None): if attached_file.screensaver_user.user == userprofile: authorized = True if ( screensaver_user is not None and hasattr(publication,'screen') and publication.screen is not None): authorized = authorization._is_screen_authorized( publication.screen, screensaver_user, 'read') if not authorized: msg = ('%s permission needed for user: %s' % ('attachedfiles/read',request.user)) logger.warn(msg) return HttpResponse(msg, status=403) else: logger.info( 'User allowed attached file access to own files %s', request.user) return _download_file(request,af) except ObjectDoesNotExist,e: msg = 'could not find attached file object for id: %r' % attached_file_id logger.exception(msg) return HttpResponse(status=404)
def attached_file(request, attached_file_id): if (not request.user.is_authenticated()): logger.warn('access to restricted: user: %r, file: %r', request.user, attached_file) return HttpResponse('Log in required.', status=401) af = None try: af = AttachedFile.objects.get(attached_file_id=attached_file_id) authorization = ScreenAuthorization() authorized = authorization._is_resource_authorized( 'screen', request.user, 'read') if not authorized: userprofile = request.user.userprofile screensaver_user = None if hasattr(userprofile, 'screensaveruser'): screensaver_user = userprofile.screensaveruser if (hasattr(attached_file, 'screensaver_user') and attached_file.screensaver_user is not None): if attached_file.screensaver_user.user == userprofile: authorized = True if (screensaver_user is not None and hasattr(publication, 'screen') and publication.screen is not None): authorized = authorization._is_screen_authorized( publication.screen, screensaver_user, 'read') if not authorized: msg = ('%s permission needed for user: %s' % ('attachedfiles/read', request.user)) logger.warn(msg) return HttpResponse(msg, status=403) else: logger.info('User allowed attached file access to own files %s', request.user) return _download_file(request, af) except ObjectDoesNotExist, e: msg = 'could not find attached file object for id: %r' % attached_file_id logger.exception(msg) return HttpResponse(status=404)