def admin_edit_user(request, user_id): """Edit user.""" # Security check. if not request.user.is_superuser: return render_to_response("error.html", {"error": "You must be superuser"}, context_instance=RequestContext(request)) user = get_object_or_404(Profile, pk=user_id) if request.method == "POST": form = forms.ProfileForm(request.POST, instance=user) if form.is_valid(): user = form.save() # Auditing. log_activity("A", "Edited user {0}".format(user.username), request) return HttpResponseRedirect(reverse("users.views.admin_show_user", args=(user.id,))) else: form = forms.ProfileForm(instance=user) return render_to_response("admin/edit_user.html", {"form": form, "user": user}, context_instance=RequestContext(request))
def delete_tag(request, id): """Un-Tag image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not (request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response( "error.html", {"error": "You are not authorized to tag this."}, context_instance=RequestContext(request)) # Validation check. if not request.POST.get("tagName"): return HttpResponse("Tag empty.") try: tag = Tag.objects.get(owner=request.user, text=request.POST.get("tagName")) except ObjectDoesNotExist: return HttpResponse(False) analysis.tag_set.remove(tag) # Auditing. log_activity("I", "Tag on image removed: %s" % analysis.file_name, request) return HttpResponse(True)
def new_hashes(request): """New hash list.""" if request.method == "POST": form = forms.ListForm(request.POST, request.FILES) if form.is_valid(): list = form.save(commit=False) list.owner = request.user list.save() # Read file. with open(request.FILES["hash_list"].temporary_file_path(), "r") as file: for row in file.readlines(): Hash.objects.get_or_create(value=row.strip(), list=list) # Auditing. log_activity("H", "Created new hash list {0}".format(list.name), request) return HttpResponseRedirect(reverse("hashes.views.show_hashes", args=(list.id,))) else: form = forms.ListForm() return render_to_response("hashes/new.html", {"form": form}, context_instance=RequestContext(request))
def admin_edit_user(request, user_id): """Edit user.""" # Security check. if not request.user.is_superuser: return render_to_response("error.html", {"error": "You must be superuser"}, context_instance=RequestContext(request)) user = get_object_or_404(Profile, pk=user_id) if request.method == "POST": form = forms.ProfileForm(request.POST, instance=user) if form.is_valid(): user = form.save() # Auditing. log_activity("A", "Edited user %s" % user.username, request) return HttpResponseRedirect( reverse("users.views.admin_show_user", args=(user.id, ))) else: form = forms.ProfileForm(instance=user) return render_to_response("admin/edit_user.html", { "form": form, "user": user }, context_instance=RequestContext(request))
def new_image(request, case_id): """Upload a new image.""" case = get_object_or_404(Case, pk=case_id) # Security check. if not request.user.is_superuser and not request.user in case.users.all(): return render_to_response("error.html", {"error": "You are not authorized to add image to this."}, context_instance=RequestContext(request)) if case.state == "C": return render_to_response("error.html", {"error": "You cannot add an image to a closed case."}, context_instance=RequestContext(request)) if request.method == "POST": form = forms.UploadImageForm(request.POST, request.FILES) if form.is_valid(): content_type = get_content_type_from_file(request.FILES["image"].temporary_file_path()) task = Analysis.add_task(request.FILES["image"].temporary_file_path(), case=case, user=request.user, content_type=content_type, image_id=save_file(file_path=request.FILES["image"].temporary_file_path(), content_type=content_type), thumb_id=create_thumb(request.FILES["image"].temporary_file_path()), file_name=request.FILES["image"].name) # Auditing. log_activity("I", "Created new analysis %s" % task.file_name, request) # Response designed for Plupload component. response = HttpResponse('{"jsonrpc": "2.0", "result": null, "id": "id"}', content_type="application/json") # Never cache AJAX response. response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT" response["Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0" response["Pragma"] = "no-cache" return response else: # Deal with a validation error. We are using Plupload which basically is an AJAX component # so we have to deal with custom validation errors passing in JSON. # Plupload needs a status code 200/OK to get additional data passed from the web server. response = HttpResponse(json.dumps({"jsonrpc" : "2.0", "error" : {"code": 88, "message": " ".join([(" ".join([force_text(i) for i in v])) for k, v in form.errors.items()])}, "id" : "id"}), content_type="application/json") # Never cache AJAX response. response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT" response["Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0" response["Pragma"] = "no-cache" return response else: # Request is not a POST. form = forms.UploadImageForm() return render_to_response("analyses/images/new_image.html", {"form": form, "case": case}, context_instance=RequestContext(request))
def new_image(request): """Upload a new image.""" user = api_authenticate(request.POST.get("api_key")) if request.POST.get("case_id"): case = get_object_or_404(Case, pk=request.POST.get("case_id")) # Security check. if not case.can_write(user): return HttpResponse("You are not authorized to add image to this", status=400) if case.state == "C": return HttpResponse("You cannot add an image to a closed case", status=400) else: case = None task = Analysis.add_task(request.FILES["image"].temporary_file_path(), file_name=request.FILES["image"].name, case=case, user=user, content_type=request.FILES["image"].content_type, image_id=save_file(file_path=request.FILES["image"].temporary_file_path(), content_type=request.FILES["image"].content_type), thumb_id=create_thumb(request.FILES["image"].temporary_file_path())) # Auditing. log_activity("I", "Created new analysis via API %s" % task.file_name, request, user=user) response_data = {"id": task.id} return HttpResponse(json.dumps(response_data), content_type="application/json")
def new_hashes(request): """New hash list.""" if request.method == "POST": form = forms.ListForm(request.POST, request.FILES) if form.is_valid(): list = form.save(commit=False) list.owner = request.user list.save() # Read file. with open(request.FILES["hash_list"].temporary_file_path(), "r") as file: for row in file.readlines(): Hash.objects.get_or_create(value=row.strip(), list=list) # Auditing. log_activity("H", "Created new hash list %s" % list.name, request) return HttpResponseRedirect(reverse("hashes.views.show_hashes", args=(list.id,))) else: form = forms.ListForm() return render_to_response("hashes/new.html", {"form": form}, context_instance=RequestContext(request))
def add_comment(request, id): """Comment image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not(request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response("error.html", {"error": "You are not authorized to add this."}, context_instance=RequestContext(request)) form = forms.CommentForm(request.POST) if form.is_valid(): comment = form.save(commit=False) comment.owner = request.user comment.save() form.save_m2m() # Auditing. log_activity("I", "Comment on image added: {0}".format(analysis.file_name), request) return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(analysis.id,))) else: return render_to_response("error.html", {"error": "Error adding comment: %s" % form.errors}, context_instance=RequestContext(request))
def add_comment(request, id): """Comment image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not (request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response( "error.html", {"error": "You are not authorized to add this."}, context_instance=RequestContext(request)) form = forms.CommentForm(request.POST) if form.is_valid(): comment = form.save(commit=False) comment.owner = request.user comment.analysis = analysis comment.save() form.save_m2m() # Auditing. log_activity("I", "Comment on image added: %s" % analysis.file_name, request) return HttpResponseRedirect( reverse("analyses.views.show_analysis", args=(analysis.id, ))) else: return render_to_response( "error.html", {"error": "Error adding comment: %s" % form.errors.as_text()}, context_instance=RequestContext(request))
def delete_tag(request, id): """Un-Tag image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not(request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response("error.html", {"error": "You are not authorized to tag this."}, context_instance=RequestContext(request)) # Validation check. if not request.POST.get("tagName"): return HttpResponse("Tag empty.") try: tag = Tag.objects.get(owner=request.user, text=request.POST.get("tagName")) except ObjectDoesNotExist: return HttpResponse(False) analysis.tag_set.remove(tag) # Auditing. log_activity("I", "Tag on image removed: {0}".format(analysis.file_name), request) return HttpResponse(True)
def new_folder(request, case_id): """Load files from a local directory.""" case = get_object_or_404(Case, pk=case_id) # Security check. if not(request.user.is_superuser or request.user in case.users.all()): return render_to_response("error.html", {"error": "You are not authorized to add image to this."}, context_instance=RequestContext(request)) if case.state == "C": return render_to_response("error.html", {"error": "You cannot add an image to a closed case."}, context_instance=RequestContext(request)) if request.method == "POST": form = forms.ImageFolderForm(request.POST) if form.is_valid(): # Check. if not os.path.exists(request.POST.get("path")): return render_to_response("error.html", {"error": "Folder does not exist."}, context_instance=RequestContext(request)) elif not os.path.isdir(request.POST.get("path")): return render_to_response("error.html", {"error": "Folder is not a directory."}, context_instance=RequestContext(request)) # Add all files in directory. mime = magic.Magic(mime=True) for file in os.listdir(request.POST.get("path")): content_type = mime.from_file(os.path.join(request.POST.get("path"), file)) # Check if content type is allowed. if not check_allowed_content(content_type): # TODO: add some kind of feedback. pass task = Analysis() task.owner = request.user task.case = case task.file_name = file task.image_id = save_file(file_path=os.path.join(request.POST.get("path"), file), content_type=content_type) task.thumb_id = create_thumb(os.path.join(request.POST.get("path"), file)) task.save() # Auditing. log_activity("I", "Created new analysis {0}".format(task.file_name), request) return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list"))) else: form = forms.ImageFolderForm() return render_to_response("analyses/images/new_folder.html", {"form": form, "case": case}, context_instance=RequestContext(request))
def delete_hashes(request, list_id): hash_list = get_object_or_404(List, pk=list_id) # Security check. if request.user != hash_list.owner: return render_to_response( "error.html", {"error": "You are not authorized to delete this."}, context_instance=RequestContext(request)) hash_list.delete() # Auditing. log_activity("H", "Deleted hash list {0}".format(hash_list.name), request) return HttpResponseRedirect(reverse("hashes.views.list_hashes"))
def new_case(request): """Creates a new case.""" user = api_authenticate(request.POST.get("api_key")) if request.POST.get("name"): case = Case(name=request.POST.get("name"), description=request.POST.get("description"), owner=user) case.save() # Auditing. log_activity("C", "Created new case via API %s" % case.name, request, user) response_data = {"id": case.id} return HttpResponse(json.dumps(response_data), content_type="application/json") else: return HttpResponse("Request not valid", status=400)
def delete_hashes(request, list_id): hash_list = get_object_or_404(List, pk=list_id) # Security check. if request.user != hash_list.owner: return render_to_response("error.html", {"error": "You are not authorized to delete this."}, context_instance=RequestContext(request)) hash_list.delete() # Auditing. log_activity("H", "Deleted hash list {0}".format(hash_list.name), request) return HttpResponseRedirect(reverse("hashes.views.list_hashes"))
def delete_case(request, case_id): """Delete a case.""" case = get_object_or_404(Case, pk=case_id) # Security check. if request.user != case.owner and not request.user.is_superuser: return render_to_response("error.html", {"error": "You are not authorized to delete this."}, context_instance=RequestContext(request)) Case.objects.get(pk=case_id).delete() # Auditing. log_activity("C", "Case {0} deleted".format(case.name), request) return HttpResponseRedirect(reverse("analyses.views.list_cases"))
def delete_comment(request, id): """Delete a comment.""" comment = get_object_or_404(Comment, pk=id) # Security check. if request.user != comment.analysis.owner and not request.user.is_superuser: return render_to_response("error.html", {"error": "You are not authorized to delete this."}, context_instance=RequestContext(request)) comment.delete() # Auditing. log_activity("I", "Comment on image deleted: {0}".format(comment.analysis.file_name), request) return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(comment.analysis.id,)))
def delete_comment(request, id): """Delete a comment.""" comment = get_object_or_404(Comment, pk=id) # Security check. if request.user != comment.analysis.owner and not request.user.is_superuser: return render_to_response( "error.html", {"error": "You are not authorized to delete this."}, context_instance=RequestContext(request)) comment.delete() # Auditing. log_activity("I", "Comment on image deleted: %s" % comment.analysis.file_name, request) return HttpResponseRedirect( reverse("analyses.views.show_analysis", args=(comment.analysis.id, )))
def edit_case(request, case_id): """Edit a case.""" case = get_object_or_404(Case, pk=case_id) # Security check. if request.user != case.owner and not request.user.is_superuser: return render_to_response("error.html", {"error": "You are not authorized to edit this."}, context_instance=RequestContext(request)) if case.state == "C": return render_to_response("error.html", {"error": "You cannot edit a closed case."}, context_instance=RequestContext(request)) if request.method == "POST": form = forms.CaseForm(request.POST, instance=case) if form.is_valid(): case = form.save(commit=False) case.owner = request.user case.updated_at = now() case.save() form.save_m2m() # Always add owner. case.users.add(request.user) # Auditing. log_activity("C", "Edited case {0}".format(case.name), request) return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list"))) else: form = forms.CaseForm(instance=case) # Redirects to case index if requested. if request.GET.get("page", None): return HttpResponseRedirect(reverse("analyses.views.list_cases")) else: return render_to_response("analyses/cases/edit.html", {"form": form, "case": case}, context_instance=RequestContext(request))
def new_case(request): """Creates a new case.""" if request.method == "POST": form = forms.CaseForm(request.POST) if form.is_valid(): case = form.save(commit=False) case.owner = request.user case.save() form.save_m2m() # Always add owner. case.users.add(request.user) # Auditing. log_activity("C", "Created new case {0}".format(case.name), request) return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list"))) else: form = forms.CaseForm() return render_to_response("analyses/cases/new.html", {"form": form}, context_instance=RequestContext(request))
def favorite(request, id): """Favorite image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not(request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response("error.html", {"error": "You are not authorized to view this."}, context_instance=RequestContext(request)) if Favorite.objects.filter(analysis=analysis).filter(owner=request.user).exists(): Favorite.objects.filter(analysis=analysis).filter(owner=request.user).delete() return HttpResponse("false") else: Favorite(analysis=analysis, owner=request.user).save() # Auditing. log_activity("A", "Favorite image added: {0}".format(analysis.file_name), request) #return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(analysis.id,))) return HttpResponse("true")
def admin_new_user(request): """Create new users.""" # Security check. if not request.user.is_superuser: return render_to_response("error.html", {"error": "You must be superuser"}, context_instance=RequestContext(request)) if request.method == "POST": form = forms.ProfileCreationForm(request.POST) if form.is_valid(): user = form.save() # Auditing. log_activity("A", "Created new user %s" % user.username, request) return HttpResponseRedirect( reverse("users.views.admin_show_user", args=(user.id, ))) else: form = forms.ProfileCreationForm() return render_to_response("admin/new_user.html", {"form": form}, context_instance=RequestContext(request))
def admin_disable_user(request, user_id): """Disable user.""" # Security check. if not request.user.is_superuser: return render_to_response("error.html", {"error": "You must be superuser"}, context_instance=RequestContext(request)) user = get_object_or_404(Profile, pk=user_id) if request.user == user: return render_to_response("error.html", {"error": "You can not disable yourself"}, context_instance=RequestContext(request)) user.is_active = False user.save() # Auditing. log_activity("A", "Disabled user %s" % user.username, request) return HttpResponseRedirect(reverse("users.views.admin_list_users"))
def add_tag(request, id): """Tag image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not (request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response( "error.html", {"error": "You are not authorized to tag this."}, context_instance=RequestContext(request)) # Validation check. if not request.POST.get("tagName"): return HttpResponse("Tag empty.") tag = Tag(owner=request.user, text=request.POST.get("tagName")) tag.save() analysis.tag_set.add(tag) # Auditing. log_activity("I", "Tag on image added: %s" % analysis.file_name, request) return HttpResponse(tag.id)
def close_case(request, case_id): """Close a case.""" case = get_object_or_404(Case, pk=case_id) # Security check. if request.user != case.owner and not request.user.is_superuser: return render_to_response("error.html", {"error": "You are not authorized to close this."}, context_instance=RequestContext(request)) if case.state == "C": return render_to_response("error.html", {"error": "You cannot edit an already closed case."}, context_instance=RequestContext(request)) case.state = "C" case.updated_at = now() case.save() # Auditing. log_activity("C", "Closed case {0}".format(case.name), request) return HttpResponseRedirect(reverse("analyses.views.list_cases"))
def favorite(request, id): """Favorite image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not (request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response( "error.html", {"error": "You are not authorized to view this."}, context_instance=RequestContext(request)) if Favorite.objects.filter(analysis=analysis).filter( owner=request.user).exists(): Favorite.objects.filter(analysis=analysis).filter( owner=request.user).delete() return HttpResponse("false") else: Favorite(analysis=analysis, owner=request.user).save() # Auditing. log_activity("A", "Favorite image added: %s" % analysis.file_name, request) #return HttpResponseRedirect(reverse("analyses.views.show_analysis", args=(analysis.id,))) return HttpResponse("true")
def new_image(request, case_id): """Upload a new image.""" case = get_object_or_404(Case, pk=case_id) # Security check. if not request.user.is_superuser and not request.user in case.users.all(): return render_to_response("error.html", {"error": "You are not authorized to add image to this."}, context_instance=RequestContext(request)) if case.state == "C": return render_to_response("error.html", {"error": "You cannot add an image to a closed case."}, context_instance=RequestContext(request)) if request.method == "POST": form = forms.UploadImageForm(request.POST, request.FILES) if form.is_valid(): task = form.save(commit=False) task.owner = request.user task.case = case task.file_name = request.FILES["image"].name task.image_id = save_file(file_path=request.FILES["image"].temporary_file_path(), content_type=request.FILES["image"].content_type) task.thumb_id = create_thumb(request.FILES["image"].temporary_file_path()) task.save() # Auditing. log_activity("I", "Created new analysis {0}".format(task.file_name), request) return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list"))) else: form = forms.UploadImageForm() return render_to_response("analyses/images/new_image.html", {"form": form, "case": case}, context_instance=RequestContext(request))
def add_tag(request, id): """Tag image.""" analysis = get_object_or_404(Analysis, pk=id) # Security check. if not(request.user.is_superuser or request.user in analysis.case.users.all()): return render_to_response("error.html", {"error": "You are not authorized to tag this."}, context_instance=RequestContext(request)) # Validation check. if not request.POST.get("tagName"): return HttpResponse("Tag empty.") tag = Tag(owner=request.user, text=request.POST.get("tagName")) tag.save() analysis.tag_set.add(tag) # Auditing. log_activity("I", "Tag on image added: {0}".format(analysis.file_name), request) return HttpResponse(tag.id)
def admin_new_user(request): """Create new users.""" # Security check. if not request.user.is_superuser: return render_to_response("error.html", {"error": "You must be superuser"}, context_instance=RequestContext(request)) if request.method == "POST": form = forms.ProfileCreationForm(request.POST) if form.is_valid(): user = form.save() # Auditing. log_activity("A", "Created new user {0}".format(user.username), request) return HttpResponseRedirect(reverse("users.views.admin_show_user", args=(user.id,))) else: form = forms.ProfileCreationForm() return render_to_response("admin/new_user.html", {"form": form}, context_instance=RequestContext(request))
def admin_disable_user(request, user_id): """Disable user.""" # Security check. if not request.user.is_superuser: return render_to_response("error.html", {"error": "You must be superuser"}, context_instance=RequestContext(request)) user = get_object_or_404(Profile, pk=user_id) if request.user == user: return render_to_response("error.html", {"error": "You can not disable yourself"}, context_instance=RequestContext(request)) user.is_active = False user.save() # Auditing. log_activity("A", "Disabled user {0}".format(user.username), request) return HttpResponseRedirect(reverse("users.views.admin_list_users"))
if request.method == "POST": form = forms.UploadImageForm(request.POST, request.FILES) if form.is_valid(): task = form.save(commit=False) task.owner = request.user task.case = case task.file_name = request.FILES["image"].name task.image_id = save_file( file_path=request.FILES["image"].temporary_file_path(), content_type=request.FILES["image"].content_type) task.thumb_id = create_thumb( request.FILES["image"].temporary_file_path()) task.save() # Auditing. log_activity("I", "Created new analysis {0}".format(task.file_name), request) return HttpResponseRedirect( reverse("analyses.views.show_case", args=(case.id, "list"))) else: form = forms.UploadImageForm() return render_to_response("analyses/images/new_image.html", { "form": form, "case": case }, context_instance=RequestContext(request)) @login_required def new_folder(request, case_id):
form = forms.UploadImageForm(request.POST, request.FILES) if form.is_valid(): task = form.save(commit=False) task.owner = request.user task.case = case task.file_name = request.FILES["image"].name task.image_id = save_file( file_path=request.FILES["image"].temporary_file_path(), content_type=request.FILES["image"].content_type) task.thumb_id = create_thumb( request.FILES["image"].temporary_file_path()) task.save() # Auditing. log_activity("I", "Created new analysis {0}".format(task.file_name), request) # Response designed for Plupload component. response = HttpResponse( '{"jsonrpc": "2.0", "result": null, "id": "id"}', content_type="application/json") # Never cache AJAX response. response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT" response[ "Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0" response["Pragma"] = "no-cache" return response else: # Deal with a validation error. We are using Plupload which basically is an AJAX component # so we have to deal with custom validation errors passing in JSON. # Plupload needs a status code 200/OK to get additional data passed from the web server.
case = None task = Analysis.add_task( request.FILES["image"].temporary_file_path(), file_name=request.FILES["image"].name, case=case, user=user, content_type=request.FILES["image"].content_type, image_id=save_file( file_path=request.FILES["image"].temporary_file_path(), content_type=request.FILES["image"].content_type), thumb_id=create_thumb(request.FILES["image"].temporary_file_path())) # Auditing. log_activity("I", "Created new analysis via API %s" % task.file_name, request, user=user) response_data = {"id": task.id} return HttpResponse(json.dumps(response_data), content_type="application/json") @require_POST @csrf_exempt def get_report(request): """Returns a report.""" user = api_authenticate(request.POST.get("api_key")) if request.POST.get("task_id"): task = get_object_or_404(Analysis, pk=request.POST.get("task_id"))
def new_url(request, case_id): """Upload a new image via URL.""" case = get_object_or_404(Case, pk=case_id) # Security check. if not request.user.is_superuser and not request.user in case.users.all(): return render_to_response("error.html", {"error": "You are not authorized to add image to this."}, context_instance=RequestContext(request)) if case.state == "C": return render_to_response("error.html", {"error": "You cannot add an image to a closed case."}, context_instance=RequestContext(request)) if request.method == "POST": form = forms.UrlForm(request.POST) if form.is_valid(): # Download file. try: url = urllib2.urlopen(request.POST.get("url"), timeout=5) except urllib2.URLError as e: if hasattr(e, "reason"): return render_to_response("error.html", {"error": "We failed to reach a server, reason: %s" % e.reason}, context_instance=RequestContext(request)) elif hasattr(e, "code"): return render_to_response("error.html", {"error": "The remote server couldn't fulfill the request, HTTP error code %s" % e.code}, context_instance=RequestContext(request)) # Store temp file. url_temp = NamedTemporaryFile(delete=True) url_temp.write(url.read()) url_temp.flush() # Convert to File object. url_file = File(url_temp).name # Check content type. mime = magic.Magic(mime=True) content_type = mime.from_file(url_file) if not check_allowed_content(content_type): return render_to_response("error.html", {"error": "File type not supported"}, context_instance=RequestContext(request)) # Create analysis task. task = Analysis() task.owner = request.user task.case = case task.file_name = os.path.basename(urlparse.urlparse(request.POST.get("url")).path) task.image_id = save_file(file_path=url_file, content_type=content_type) task.thumb_id = create_thumb(url_file) task.save() # Auditing. log_activity("I", "Created new analysis {0} from URL {1}".format(task.file_name, request.POST.get("url")), request) return HttpResponseRedirect(reverse("analyses.views.show_case", args=(case.id, "list"))) else: # Request is not a POST. form = forms.UrlForm() return render_to_response("analyses/images/new_url.html", {"form": form, "case": case}, context_instance=RequestContext(request))
if request.method == "POST": form = forms.UploadImageForm(request.POST, request.FILES) if form.is_valid(): task = form.save(commit=False) task.owner = request.user task.case = case task.file_name = request.FILES["image"].name task.image_id = save_file( file_path=request.FILES["image"].temporary_file_path(), content_type=request.FILES["image"].content_type) task.thumb_id = create_thumb( request.FILES["image"].temporary_file_path()) task.save() # Auditing. log_activity("I", "Created new analysis %s" % task.file_name, request) # Response designed for Plupload component. response = HttpResponse( '{"jsonrpc": "2.0", "result": null, "id": "id"}', content_type="application/json") # Never cache AJAX response. response["Expires"] = "Mon, 1 Jan 2000 01:00:00 GMT" response[ "Cache-Control"] = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0" response["Pragma"] = "no-cache" return response else: # Deal with a validation error. We are using Plupload which basically is an AJAX component # so we have to deal with custom validation errors passing in JSON. # Plupload needs a status code 200/OK to get additional data passed from the web server. response = HttpResponse(json.dumps({