def post(self, tip_id): """ Errors: ModelNotFound, ForbiddenOperation """ uploaded_file = self.get_file_upload() if uploaded_file is None: return yield self.can_perform_action(tip_id, uploaded_file['name']) rtip = yield get_rtip(self.current_user.user_id, tip_id, self.request.language) # First: dump the file in the filesystem filename = string.split(os.path.basename(uploaded_file['path']), '.aes')[0] + '.plain' dst = os.path.join(GLSettings.submission_path, filename) directory_traversal_check(GLSettings.submission_path, dst) uploaded_file = yield threads.deferToThread(write_upload_plaintext_to_disk, uploaded_file, dst) uploaded_file['creation_date'] = datetime_now() uploaded_file['submission'] = False yield register_wbfile_on_db(rtip['id'], uploaded_file) log.debug("Recorded new WhistleblowerFile %s", uploaded_file['name'])
def post(self, tip_id): """ Errors: TipIdNotFound, ForbiddenOperation """ err = yield self.can_perform_action(tip_id) if err is not None: raise err rtip = yield get_rtip(self.current_user.user_id, tip_id, self.request.language) uploaded_file = self.get_file_upload() if uploaded_file is None: return try: # First: dump the file in the filesystem filename = string.split(os.path.basename(uploaded_file['path']), '.aes')[0] + '.plain' dst = os.path.join(GLSettings.submission_path, filename) directory_traversal_check(GLSettings.submission_path, dst) uploaded_file = yield threads.deferToThread(write_upload_plaintext_to_disk, uploaded_file, dst) except Exception as excep: log.err("Unable to save a file in filesystem: %s" % excep) raise errors.InternalServerError("Unable to accept new files") uploaded_file['creation_date'] = datetime_now() uploaded_file['submission'] = False try: # Second: register the file in the database yield register_wbfile_on_db(uploaded_file, rtip['id']) except Exception as excep: raise errors.InternalServerError("Unable to accept new files: %s" % excep)
def get(self, rfile_id): rfile = yield self.download_rfile(self.current_user.user_id, rfile_id) filelocation = os.path.join(GLSettings.submission_path, rfile['path']) directory_traversal_check(GLSettings.submission_path, filelocation) self.force_file_download(rfile['name'], filelocation)
def post(self, tip_id): """ Errors: TipIdNotFound, ForbiddenOperation """ err = yield self.can_perform_action(tip_id) if err is not None: raise err rtip = yield get_rtip(self.current_user.user_id, tip_id, self.request.language) uploaded_file = self.get_file_upload() if uploaded_file is None: return try: # First: dump the file in the filesystem filename = string.split(os.path.basename(uploaded_file['path']), '.aes')[0] + '.plain' dst = os.path.join(GLSettings.submission_path, filename) directory_traversal_check(GLSettings.submission_path, dst) uploaded_file = yield threads.deferToThread(write_upload_plaintext_to_disk, uploaded_file, dst) except Exception as excep: log.err("Unable to save a file in filesystem: %s" % excep) raise errors.InternalServerError("Unable to accept new files") uploaded_file['creation_date'] = datetime_now() uploaded_file['submission'] = False try: # Second: register the file in the database yield register_wbfile_on_db(uploaded_file, rtip['id']) except Exception as excep: raise errors.InternalServerError("Unable to accept new files") self.set_status(201) # Created