def test_protect_path(aaa):
"""I want to get a clean safe path inside one of the configured
authorized paths"""
t.root_dir = "/tmp/test/files"
aaa.current_user.username = "******"
val = t.protect_path("some/rel/path")
assert (val == path.join(t.root_dir, "usertest", "files", "some/rel/path"), "We should get ...")
val = t.protect_path("some/rel/path", "config")
assert val == path.join(t.root_dir, "usertest", "config", "some/rel/path")
try:
val = t.protect_path("/some/rel/path", "config")
assert (False, "We shouldn't be allowed to acces an" "absolute path outside of permitted scope")
except:
pass
def _delete_shared_path(path='.'):
"""
We delete .../user/shares/<uid>
and .../user/config/<path>/<uid>
"""
uid = basename(path)
folder = dirname(path)
abs_folder_path = protect_path(folder)
config_folder_path = protect_path(path, 'config')
config_uid_path = protect_path(uid, 'config')
try:
delete_path(config_folder_path)
delete_path(config_uid_path)
return relist_parent_folder(abs_folder_path)
except OSError:
abort(404)
def api_delete_path(path='.'):
"""Return a list of files in a path if permitted
"""
real_path = protect_path(path)
try:
delete_path(real_path)
return relist_parent_folder(real_path)
except OSError:
abort(404)
def list_path(path='.'):
"""Return a list of files in a path if permitted
"""
try:
real_path = protect_path(path)
except IOError:
abort(403, PATH_ERROR)
if request.GET.get('format', 'raw').strip() == 'zip':
print('got zip')
archive = archive_path(real_path)
return list_dir(archive)
return list_dir(real_path)
def create(path='.'):
"""Create a folder or a file"""
real_path = protect_path(path)
file_type = post_get('type')
overwrite = post_get('overwrite') or False
uploads = request.files
# if not validate_path(path):
# abort(403, "You cannot create a sub-folder or a file with "
# "the same name as it's parent's 'sharing' name"
# "{}".format(basename(path)))
create_path(real_path)
if file_type == "file":
for f in uploads:
uploads.get(f).save(
real_path, overwrite=overwrite)
elif file_type == 'dir':
pass
return {'status': 'ok'}
def share(path="."):
"""Share a file or a folder"""
reuse = post_get('reuse') or None
# print(reuse)
public = post_get('public')
users = post_get('users')
# .../user/config
path_config = permitted_config_path()
# .../user/shares
uidshares_config = permitted_shares_path()
# /.../user/files/....
real_path = protect_path(path)
try:
# /.../user/files
# get relative path, to use in configuration path
rel_shared_path = relpath(real_path, permitted_files_path())
except IOError:
abort(403, PATH_ERROR)
if reuse is not None:
try:
shared_path = get_config(reuse, 'path', 'shares')
except IOError:
abort(400, "This sharing ID is invalid")
if shared_path != rel_shared_path:
abort(400, "This sharing ID is invalid")
else:
uid, uid_path = create_random_folder()
# create .../user/config/rel/path/UID
print('uid {} Uid_path {}'.format(reuse or uid, uid_path))
print('*' * 80)
print((uidshares_config, rel_shared_path, reuse or uid, rel_shared_path))
print('*' * 80)
configure(
path_config,
rel_shared_path,
reuse or uid,
rel_shared_path)
# configure .../user/shares/UID/
configure(uidshares_config, uid_path, 'path', real_path)
configure(uidshares_config, uid_path, 'public', public)
configure(uidshares_config, uid_path, 'users', users)
return relist_parent_folder(real_path)
