def fsDownloadView(fsPathString=''):
"""Download-file view."""
user = g.user
lsPath = splitPathString(fsPathString)
boxPath, fileName = lsPath[:-1], lsPath[-1]
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
parentBox = getBoxFromPath(db, boxPath, user)
request._onErrorUrl = url_for(
'lsView',
lsPathString='/'.join(boxPath[1:]),
)
if parentBox is not None:
file = getFileFromParent(db, parentBox, fileName, user)
if file is not None:
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
file.file_id,
fileStorageDirectory=fileStorageDirectory,
)
return send_from_directory(
filePhysicalPath,
filePhysicalName,
attachment_filename=file.name,
as_attachment=True,
mimetype=file.mime_type,
)
else:
return abort(404, 'Content unavailable')
else:
return abort(404, 'Content unavailable')
def ticketGalleryFsView(ticketId, securityCode, fileName):
"""
View-file-within-a-ticket-generated-gallery-view route.
Helper endpoint to return viewable (only viewables,
there's no 'download') files in a ticket-gallery view.
Must take care of punching the ticket.
"""
user = g.user
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
#
richTicket = dbGetEnrichAndCheckTicket(
db,
'g',
ticketId,
securityCode,
request.url_root,
)
if richTicket is not None:
issuer = dbGetUser(db, richTicket['ticket'].username)
if richTicket['redeemable']:
# valid ticket. Further checks are on the way.
if (not g.settings['behaviour']['behaviour_tickets']
['protect_banned_user_tickets']['value']
or issuer.banned == 0):
#
boxPath = richTicket['metadata']['box_path']
request._onErrorUrl = url_for(
'lsView',
lsPathString='/'.join(boxPath[1:]),
)
parentBox = getBoxFromPath(db, boxPath[1:], issuer)
if parentBox is not None:
# we retrieve the file and serve it
file = getFileFromParent(db, parentBox, fileName, issuer)
if file is not None:
dbPunchRichTicket(db, richTicket)
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
file.file_id,
fileStorageDirectory=fileStorageDirectory,
)
return send_from_directory(
filePhysicalPath,
filePhysicalName,
attachment_filename=file.name,
as_attachment=True,
mimetype=file.mime_type,
)
else:
return abort(404, 'Content unavailable')
else:
return abort(404, 'Content unavailable')
else:
return abort(404, 'Content unavailable')
else:
return abort(404, 'Content unavailable')
else:
return abort(404, 'Content unavailable')
def fileThumbnailView(dummyId, fsPathString):
"""Route for access to thumbnail image files based on file path."""
user = g.user
lsPath = splitPathString(fsPathString)
boxPath, fileName = lsPath[:-1], lsPath[-1]
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
parentBox = getBoxFromPath(db, boxPath, user)
request._onErrorUrl = url_for(
'lsView',
lsPathString='/'.join(boxPath[1:]),
)
file = getFileFromParent(db, parentBox, fileName, user)
if (file is not None and file.icon_file_id is not None
and file.icon_file_id != ''):
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
file.icon_file_id,
fileStorageDirectory=fileStorageDirectory,
)
return send_from_directory(
filePhysicalPath,
filePhysicalName,
mimetype=file.icon_mime_type,
)
else:
return redirect(pickFileThumbnail(file.mime_type))
def settingThumbnailView(dummyId, settingGroupId, settingId):
""" Route for access to setting (of type image) thumbnail
with live resolution of id-vs-default.
"""
user = g.user
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
setting = g.settings['image'][settingGroupId][settingId]['setting']
if setting.klass != 'image':
raise RuntimeError('unexpected setting of non-image klass')
else:
if setting.value != '':
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
setting.value,
fileStorageDirectory=fileStorageDirectory,
)
mimeType = setting.icon_mime_type
else:
filePhysicalPath = defaultAppImageDirectory
filePhysicalName = setting.default_value
mimeType = setting.default_icon_mime_type
#
return send_from_directory(
filePhysicalPath,
filePhysicalName,
mimetype=mimeType,
)
def boxThumbnailView(dummyId, boxPathString=''):
"""Route for access to thumbnail image files based on box path."""
user = g.user
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
if boxPathString == '':
# root case
return redirect(makeSettingImageUrl(g, 'app_images', 'root_box'))
else:
db = dbGetDatabase()
boxPath = splitPathString(boxPathString)
request._onErrorUrl = url_for(
'lsView',
lsPathString='/'.join(boxPath[1:]),
)
box = getBoxFromPath(db, boxPath, user)
if (box is not None and box.icon_file_id is not None
and box.icon_file_id != ''):
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
box.icon_file_id,
fileStorageDirectory=fileStorageDirectory,
)
return send_from_directory(
filePhysicalPath,
filePhysicalName,
mimetype=box.icon_mime_type,
)
else:
return redirect(
makeSettingImageUrl(
g,
'app_images',
'standard_box',
))
def linkThumbnailView(dummyId, fsPathString=''):
"""Route for access to thumbnail image files based on link path."""
user = g.user
lsPath = splitPathString(fsPathString)
boxPath, linkName = lsPath[:-1], lsPath[-1]
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
parentBox = getBoxFromPath(db, boxPath, user)
request._onErrorUrl = url_for(
'lsView',
lsPathString='/'.join(boxPath[1:]),
)
link = getLinkFromParent(db, parentBox, linkName, user)
if (link is not None and link.icon_file_id is not None
and link.icon_file_id != ''):
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
link.icon_file_id,
fileStorageDirectory=fileStorageDirectory,
)
return send_from_directory(
filePhysicalPath,
filePhysicalName,
mimetype=link.icon_mime_type,
)
else:
return redirect(makeSettingImageUrl(g, 'app_images', 'external_link'))
def ticketFsDownloadView(ticketId, securityCode):
""" Give-the-file-contents-based-on-ticket route.
Helper endpoint to load-and-return a file upon a ticket;
access to files based on a ticket.
Used by both the direct-file-download or the view-file
file-ticket modes.
Note: punching occurs here.
"""
user = g.user
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
#
richTicket = dbGetEnrichAndCheckTicket(
db,
'f',
ticketId,
securityCode,
request.url_root,
)
issuer = (dbGetUser(db, richTicket['ticket'].username)
if richTicket is not None else None)
noBandUsrTickets = g.settings['behaviour']['behaviour_tickets'][
'protect_banned_user_tickets']['value']
if (issuer is not None and (not noBandUsrTickets or issuer.banned == 0)):
boxPath, fileName = (
richTicket['metadata']['path'][:-1],
richTicket['metadata']['path'][-1],
)
parentBox = getBoxFromPath(db, boxPath, issuer)
#
if parentBox is not None:
file = getFileFromParent(db, parentBox, fileName, issuer)
if file is not None:
# return it and contextually punch the ticket
dbPunchRichTicket(db, richTicket)
# then we return the file as a download
# (this flow assumes download is desired as opposed to view)
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
file.file_id,
fileStorageDirectory=fileStorageDirectory,
)
return send_from_directory(
filePhysicalPath,
filePhysicalName,
attachment_filename=file.name,
as_attachment=True,
mimetype=file.mime_type,
)
else:
return abort(404, 'Content unavailable')
else:
return abort(404, 'Content unavailable')
else:
return abort(404, 'Content unavailable')
def userThumbnailView(dummyId, username):
"""Route for access to thumbnail image files based on user name."""
user = g.user
db = dbGetDatabase()
fileStorageDirectory = g.settings['system']['system_directories'][
'fs_directory']['value']
if user.username == username or userIsAdmin(db, user):
targetUser = (user if user.username == username else dbGetUser(
db, username))
if targetUser.icon_file_id != '':
filePhysicalPath, filePhysicalName = fileIdToSplitPath(
targetUser.icon_file_id,
fileStorageDirectory=fileStorageDirectory,
)
return send_from_directory(
filePhysicalPath,
filePhysicalName,
mimetype=targetUser.icon_mime_type,
)
else:
return redirect(makeSettingImageUrl(g, 'user_images', 'user_icon'))
else:
return abort(400, 'User has no permission to access this resource.')