def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile(request, file.guarded_file_path, content_type='application/x-xpinstall') log.info(u'download file {file_id}: addon/file disabled or user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404() if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)): log.info(u'download file {file_id}: addon is unlisted but user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def download_file(request, file_id, type=None): file = get_object_or_404(File, pk=file_id) webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership( request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() # We treat blocked files like public files so users get the update. if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]: path = webapp.sign_if_packaged(file.version_id) else: # This is someone asking for an unsigned packaged app. if not acl.check_addon_ownership(request, webapp, dev=True): raise http.Http404() path = file.file_path log.info('Downloading package: %s from %s' % (webapp.id, path)) return HttpResponseSendFile(request, path, content_type='application/zip', etag=file.hash.split(':')[-1])
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) # General case: addon is listed. if addon.is_listed: if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership( request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile( request, file.guarded_file_path, content_type='application/xp-install') else: raise http.Http404() else: if not owner_or_unlisted_reviewer(request, addon): raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def retrieve(self, request, *args, **kwargs): obj = self.get_object() if not obj.has_image: raise Http404 return HttpResponseSendFile(request, obj.image_path(), content_type='image/png')
def get_signed_packaged(request, addon, version_id): get_object_or_404(addon.versions, pk=version_id) path = addon.sign_if_packaged(version_id, reviewer=True) if not path: raise http.Http404 log.info('Returning signed package addon: %s, version: %s, path: %s' % (addon.pk, version_id, path)) return HttpResponseSendFile(request, path, content_type='application/zip')
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) if (version.source and (acl.check_addon_ownership( request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): return HttpResponseSendFile(request, version.source.path) raise http.Http404()
def get_signed_packaged(request, addon, version_id): version = get_object_or_404(addon.versions, pk=version_id) file = version.all_files[0] path = addon.sign_if_packaged(version.pk, reviewer=True) if not path: raise http.Http404 log.info('Returning signed package addon: %s, version: %s, path: %s' % (addon.pk, version_id, path)) return HttpResponseSendFile(request, path, content_type='application/zip', etag=file.hash.split(':')[-1])
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) webapp = get_object_or_404(Addon.objects, pk=file.version.addon_id, type=amo.ADDON_WEBAPP) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() log.info('Downloading: %s from %s' % (webapp.id, file.file_path)) return HttpResponseSendFile(request, file.file_path)
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) if (version.source and (acl.check_addon_ownership(request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): res = HttpResponseSendFile(request, version.source.path) name = os.path.basename(version.source.path.replace('"', '')) res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name) return res raise http.Http404()
def get(self, request, note_id, pk, *args, **kwargs): attach = get_object_or_404(CommAttachment, pk=pk) self.check_object_permissions(request, attach) full_path = os.path.join(settings.REVIEWER_ATTACHMENTS_PATH, attach.filepath) content_type = 'application/force-download' if attach.is_image(): content_type = 'image' return HttpResponseSendFile( request, full_path, content_type=content_type)
def serve(request, viewer, key): """ This is to serve files off of st.a.m.o, not standard a.m.o. For this we use token based authentication. """ files = viewer.get_files() obj = files.get(key) if not obj: log.error(u'Couldn\'t find %s in %s (%d entries) for file %s' % (key, files.keys()[:10], len(files.keys()), viewer.file.id)) raise http.Http404 return HttpResponseSendFile(request, obj['full'], content_type=obj['mimetype'])
def download_file(request, file_id, type=None): file = get_object_or_404(File, pk=file_id) webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() log.info('Downloading package: %s from %s' % (webapp.id, file.file_path)) path = webapp.sign_if_packaged(file.version_id) return HttpResponseSendFile(request, path, content_type='application/zip')
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.objects, pk=file.version.addon_id) if addon.is_disabled or file.status == amo.STATUS_DISABLED: if acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): return HttpResponseSendFile(request, file.guarded_file_path, content_type='application/xp-install') else: raise http.Http404() attachment = (type == 'attachment' or not request.APP.browser) loc = file.get_mirror(addon, attachment=attachment) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) # General case: addon is listed. if version.addon.is_listed: if not (version.source and (acl.check_addon_ownership( request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): raise http.Http404() else: if not owner_or_unlisted_reviewer(request, version.addon): raise http.Http404 # Not listed, not owner or admin. res = HttpResponseSendFile(request, version.source.path) name = os.path.basename(version.source.path.replace('"', '')) res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name) return res
def download_watermarked(request, file_id): if not waffle.switch_is_active('marketplace'): raise http.Http404() file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.objects, pk=file.version.addon_id) author = request.check_ownership(addon, require_owner=False) user = request.amo_user if not author: if (not addon.is_premium() or addon.is_disabled or file.status == amo.STATUS_DISABLED): raise http.Http404() if request.user.is_anonymous(): log.debug('Anonymous user, checking hash: %s' % file_id) email = request.GET.get(amo.WATERMARK_KEY, None) hsh = request.GET.get(amo.WATERMARK_KEY_HASH, None) user = addon.get_user_from_hash(email, hsh) if not user: log.debug('Watermarking denied, no user: %s, %s, %s' % (file_id, email, hsh)) raise PermissionDenied if not addon.has_purchased(user): log.debug('Watermarking denied, not purchased: %s, %s' % (file_id, user.id)) raise PermissionDenied dest = file.watermark(user) if not dest: # TODO(andym): the watermarking is already in progress and we've # got multiple requests from the same users for the same file # perhaps this should go into a loop. log.debug('Watermarking in progress: %s, %s' % (file_id, user.id)) raise http.Http404() log.debug('Serving watermarked file: %s, %s' % (file_id, user.id)) return HttpResponseSendFile(request, dest, content_type='application/xp-install')
def download_file(request, uuid): upload = get_object_or_404(FileUpload, uuid=uuid) return HttpResponseSendFile(request, upload.path, content_type='application/octet-stream')
def retrieve(self, request, *args, **kwargs): obj = self.get_object() if not getattr(obj, 'image_hash', None): raise Http404 return HttpResponseSendFile(request, obj.image_path(self.image_suffix), content_type='image/png')
def retrieve(self, request, pk=None): obj = self.get_object() return HttpResponseSendFile(request, obj.image_path(), content_type='image/png')