def clone(self, new_event, options): if 'attachments' not in options: return folder_mapping = {} attrs = get_simple_column_attrs(AttachmentFolder) for old_folder in self.find_folders(): new_folder = AttachmentFolder(event_id=new_event.id, **{attr: getattr(old_folder, attr) for attr in attrs}) if new_folder.linked_object is None: continue new_folder.acl = old_folder.acl db.session.add(new_folder) folder_mapping[old_folder] = new_folder attrs = get_simple_column_attrs(Attachment) - {'modified_dt'} for old_attachment in self.find_attachments(): folder = folder_mapping.get(old_attachment.folder) if not folder: continue new_attachment = Attachment(folder=folder, user_id=old_attachment.user_id, acl=old_attachment.acl, **{attr: getattr(old_attachment, attr) for attr in attrs}) if new_attachment.type == AttachmentType.file: old_file = old_attachment.file new_attachment.file = AttachmentFile( attachment=new_attachment, user_id=old_file.user_id, filename=old_file.filename, content_type=old_file.content_type ) with old_file.open() as fd: new_attachment.file.save(fd) db.session.add(new_attachment) db.session.flush()
def _clone_attachment_folder(self, old_folder, new_object): folder_attrs = get_simple_column_attrs(AttachmentFolder) attachment_attrs = (get_simple_column_attrs(Attachment) | {'user'}) - {'modified_dt'} folder = AttachmentFolder(object=new_object) folder.populate_from_attrs(old_folder, folder_attrs) folder.acl_entries = clone_principals(AttachmentFolderPrincipal, old_folder.acl_entries, self._event_role_map, self._regform_map) for old_attachment in old_folder.attachments: self._attachment_map[old_attachment] = attachment = Attachment( folder=folder) attachment.populate_from_attrs(old_attachment, attachment_attrs) attachment.acl_entries = clone_principals( AttachmentPrincipal, old_attachment.acl_entries, self._event_role_map, self._regform_map) if attachment.type == AttachmentType.file: old_file = old_attachment.file attachment.file = AttachmentFile( attachment=attachment, user=old_file.user, filename=old_file.filename, content_type=old_file.content_type) with old_file.open() as fd: attachment.file.save(fd) return folder
def clone(self, new_event, options): if 'attachments' not in options: return folder_mapping = {} attrs = get_simple_column_attrs(AttachmentFolder) for old_folder in self.find_folders(): new_folder = AttachmentFolder(event_id=new_event.id, **{attr: getattr(old_folder, attr) for attr in attrs}) if new_folder.linked_object is None: continue new_folder.acl = old_folder.acl db.session.add(new_folder) folder_mapping[old_folder] = new_folder attrs = get_simple_column_attrs(Attachment) - {'modified_dt'} for old_attachment in self.find_attachments(): folder = folder_mapping.get(old_attachment.folder) if not folder: continue new_attachment = Attachment(folder=folder, user_id=old_attachment.user_id, acl=old_attachment.acl, **{attr: getattr(old_attachment, attr) for attr in attrs}) if new_attachment.type == AttachmentType.file: old_file = old_attachment.file new_attachment.file = AttachmentFile( attachment=new_attachment, user_id=old_file.user_id, filename=old_file.filename, content_type=old_file.content_type ) with old_file.open() as fd: new_attachment.file.save(fd) db.session.add(new_attachment) db.session.flush()
def _clone_attachment_folder(self, old_folder, new_object): folder_attrs = get_simple_column_attrs(AttachmentFolder) | {'acl'} attachment_attrs = (get_simple_column_attrs(Attachment) | {'user', 'acl'}) - {'modified_dt'} folder = AttachmentFolder(object=new_object) folder.populate_from_attrs(old_folder, folder_attrs) for old_attachment in old_folder.attachments: attachment = Attachment(folder=folder) attachment.populate_from_attrs(old_attachment, attachment_attrs) if attachment.type == AttachmentType.file: old_file = old_attachment.file attachment.file = AttachmentFile(attachment=attachment, user=old_file.user, filename=old_file.filename, content_type=old_file.content_type) with old_file.open() as fd: attachment.file.save(fd)
def _process(self): form = AttachmentFolderForm(obj=FormDefaults(is_always_visible=True), linked_object=self.object) if form.validate_on_submit(): folder = AttachmentFolder(object=self.object) form.populate_obj(folder, skip={'acl'}) if folder.is_self_protected: folder.acl = form.acl.data db.session.add(folder) logger.info('Folder %s created by %s', folder, session.user) signals.attachments.folder_created.send(folder, user=session.user) flash(_("Folder \"{name}\" created").format(name=folder.title), 'success') return jsonify_data(attachment_list=_render_attachment_list(self.object)) return jsonify_template('attachments/create_folder.html', form=form, protection_message=_render_protection_message(self.object))
def _clone_attachment_folder(self, old_folder, new_object): folder_attrs = get_simple_column_attrs(AttachmentFolder) | {'acl'} attachment_attrs = (get_simple_column_attrs(Attachment) | {'user', 'acl'}) - {'modified_dt'} folder = AttachmentFolder(object=new_object) folder.populate_from_attrs(old_folder, folder_attrs) for old_attachment in old_folder.attachments: attachment = Attachment(folder=folder) attachment.populate_from_attrs(old_attachment, attachment_attrs) if attachment.type == AttachmentType.file: old_file = old_attachment.file attachment.file = AttachmentFile(attachment=attachment, user=old_file.user, filename=old_file.filename, content_type=old_file.content_type) with old_file.open() as fd: attachment.file.save(fd)
def clone(self, new_event, options): if 'attachments' not in options: return folder_mapping = {} for old_folder in self.find_folders(): new_folder = AttachmentFolder( title=old_folder.title, description=old_folder.description, is_default=old_folder.is_default, is_always_visible=old_folder.is_always_visible, protection_mode=old_folder.protection_mode, link_type=old_folder.link_type, event_id=new_event.id, session_id=old_folder.session_id, contribution_id=old_folder.contribution_id, subcontribution_id=old_folder.subcontribution_id ) if new_folder.linked_object is None: continue new_folder.acl = old_folder.acl db.session.add(new_folder) folder_mapping[old_folder] = new_folder for old_attachment in self.find_attachments(): folder = folder_mapping.get(old_attachment.folder) if not folder: continue new_attachment = Attachment( folder=folder, user_id=old_attachment.user_id, title=old_attachment.title, description=old_attachment.description, type=old_attachment.type, link_url=old_attachment.link_url, protection_mode=old_attachment.protection_mode, acl=old_attachment.acl ) if new_attachment.type == AttachmentType.file: old_file = old_attachment.file new_attachment.file = AttachmentFile( attachment=new_attachment, user_id=old_file.user_id, filename=old_file.filename, content_type=old_file.content_type ) with old_file.open() as fd: new_attachment.file.save(fd) db.session.add(new_attachment) db.session.flush()
def _process(self): defaults = FormDefaults(self.attachment, protected=self.attachment.is_self_protected, skip_attrs={'file'}) if self.attachment.type == AttachmentType.file: form = EditAttachmentFileForm(linked_object=self.object, obj=defaults, file=self.attachment) else: form = EditAttachmentLinkForm(linked_object=self.object, obj=defaults) if form.validate_on_submit(): folder = form.folder.data or AttachmentFolder.get_or_create_default(linked_object=self.object) logger.info('Attachment %s edited by %s', self.attachment, session.user) form.populate_obj(self.attachment, skip={'acl', 'file'}) self.attachment.folder = folder if self.attachment.is_self_protected: # can't use `=` because of https://bitbucket.org/zzzeek/sqlalchemy/issues/3583 self.attachment.acl |= form.acl.data self.attachment.acl &= form.acl.data # files need special handling; links are already updated in `populate_obj` if self.attachment.type == AttachmentType.file: file = form.file.data['added'] if file: self.attachment.file = AttachmentFile(user=session.user, content_type=file.mimetype, filename=secure_filename(file.filename, 'attachment')) self.attachment.file.save(file.stream) signals.attachments.attachment_updated.send(self.attachment, user=session.user) flash(_("The attachment \"{name}\" has been updated").format(name=self.attachment.title), 'success') return jsonify_data(attachment_list=_render_attachment_list(self.object)) template = ('attachments/upload.html' if self.attachment.type == AttachmentType.file else 'attachments/add_link.html') return jsonify_template(template, form=form, existing_attachment=self.attachment, action=url_for('.modify_attachment', self.attachment), protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object))
def _process(self): defaults = FormDefaults(self.attachment, protected=self.attachment.is_self_protected, skip_attrs={'file'}) if self.attachment.type == AttachmentType.file: form = EditAttachmentFileForm(linked_object=self.object, obj=defaults, file=self.attachment) else: form = EditAttachmentLinkForm(linked_object=self.object, obj=defaults) if form.validate_on_submit(): folder = form.folder.data or AttachmentFolder.get_or_create_default(linked_object=self.object) logger.info('Attachment %s edited by %s', self.attachment, session.user) form.populate_obj(self.attachment, skip={'acl', 'file'}) self.attachment.folder = folder if self.attachment.is_self_protected: # can't use `=` because of https://bitbucket.org/zzzeek/sqlalchemy/issues/3583 self.attachment.acl |= form.acl.data self.attachment.acl &= form.acl.data # files need special handling; links are already updated in `populate_obj` if self.attachment.type == AttachmentType.file: file = form.file.data['added'] if file: self.attachment.file = AttachmentFile(user=session.user, content_type=file.mimetype, filename=secure_filename(file.filename, 'attachment')) self.attachment.file.save(file.stream) signals.attachments.attachment_updated.send(self.attachment, user=session.user) flash(_("The attachment \"{name}\" has been updated").format(name=self.attachment.title), 'success') return jsonify_data(attachment_list=_render_attachment_list(self.object)) template = ('attachments/upload.html' if self.attachment.type == AttachmentType.file else 'attachments/add_link.html') return jsonify_template(template, form=form, existing_attachment=self.attachment, action=url_for('.modify_attachment', self.attachment), protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object))
def get_attached_folders(linked_object, include_empty=True, include_hidden=True, preload_event=False): """ Return a list of all the folders linked to an object. :param linked_object: The object whose attachments are to be returned :param include_empty: Whether to return empty folders as well. :param include_hidden: Include folders that the user can't see :param preload_event: in the process, preload all objects tied to the corresponding event and keep them in cache """ from indico.modules.attachments.models.folders import AttachmentFolder folders = AttachmentFolder.get_for_linked_object( linked_object, preload_event=preload_event) if not include_hidden: folders = [f for f in folders if f.can_view(session.user)] if not include_empty: folders = [f for f in folders if f.attachments] return folders
def create_link(indico_id, cds_id, user): from indico_audiovisual.plugin import AVRequestsPlugin obj = parse_indico_id(indico_id) if obj is None: return False url = AVRequestsPlugin.settings.get('recording_cds_url') if not url: return False url = url.format(cds_id=cds_id) if cds_link_exists(obj, url): return True folder = AttachmentFolder.get_or_create_default(obj) attachment = Attachment(folder=folder, user=user, title='Recording', type=AttachmentType.link, link_url=url) db.session.add(attachment) db.session.flush() signals.attachments.attachment_created.send(attachment, user=user) return True
def _addMaterialFrom(self, target, categoryPath): for folder in AttachmentFolder.get_for_linked_object(target, preload_event=True): for attachment in folder.attachments: if attachment.type == AttachmentType.file: dst_path = posixpath.join(self._mainPath, "files", categoryPath, "{}-{}".format(attachment.id, attachment.file.filename)) with attachment.file.get_local_path() as file_path: self._addFileFromSrc(dst_path, file_path)
def _addMaterialFrom(self, target, categoryPath): for folder in AttachmentFolder.get_for_linked_object(target, preload_event=True): for attachment in folder.attachments: if attachment.type == AttachmentType.file: dst_path = posixpath.join(self._mainPath, "files", categoryPath, "{}-{}".format(attachment.id, attachment.file.filename)) with attachment.file.get_local_path() as file_path: self._addFileFromSrc(dst_path, file_path)
def __init__(self, *args, **kwargs): linked_object = kwargs.pop('linked_object') self.event = getattr(linked_object, 'event', None) # not present in categories super().__init__(*args, **kwargs) self.folder.query = (AttachmentFolder.find( object=linked_object, is_default=False, is_deleted=False).order_by(db.func.lower(AttachmentFolder.title)))
def test_acls(dummy_event, dummy_contribution, dummy_user, create_user, obj_type): from .schemas import ACLSchema class TestSchema(ACLSchema, mm.Schema): pass if obj_type == 'event': obj = dummy_event elif obj_type == 'contrib': obj = dummy_contribution elif obj_type == 'subcontrib': obj = SubContribution(contribution=dummy_contribution, title='Test', duration=timedelta(minutes=10)) elif obj_type == 'attachment': folder = AttachmentFolder(title='Dummy Folder', description='a dummy folder') obj = Attachment(folder=folder, user=dummy_user, title='Dummy Attachment', type=AttachmentType.link, link_url='https://example.com') obj.folder.object = dummy_event elif obj_type == 'note': obj = EventNote(object=dummy_event) obj.create_revision(RenderMode.html, 'this is a dummy note', dummy_user) def assert_acl(expected_read_acl): __tracebackhide__ = True data = schema.dump(obj) read_acl = data['_access'].pop('read', None) assert data == { '_access': { 'delete': ['IndicoAdmin'], 'owner': ['IndicoAdmin'], 'update': ['IndicoAdmin'] } } if read_acl is not None: read_acl = set(read_acl) assert read_acl == expected_read_acl schema = TestSchema() user = create_user(1, email='*****@*****.**') # everything is public assert_acl(None) # event is protected and the acl is empty (nobody has regular access) dummy_event.protection_mode = ProtectionMode.protected assert_acl({'IndicoAdmin'}) # user on the acl has access dummy_event.update_principal(user, read_access=True) assert_acl({'IndicoAdmin', 'User:1'})
def _add_material(self, target, type_): for folder in AttachmentFolder.get_for_linked_object(target, preload_event=True): for attachment in folder.attachments: if not attachment.can_access(None): continue if attachment.type == AttachmentType.file: dst_path = posixpath.join(self._content_dir, "material", type_, f"{attachment.id}-{attachment.file.filename}") with attachment.file.get_local_path() as file_path: self._copy_file(dst_path, file_path)
def _add_material(self, target, type_): for folder in AttachmentFolder.get_for_linked_object(target, preload_event=True): for attachment in folder.attachments: if not attachment.can_access(None): continue if attachment.type == AttachmentType.file: dst_path = posixpath.join(self._content_dir, "material", type_, "{}-{}".format(attachment.id, attachment.file.filename)) with attachment.file.get_local_path() as file_path: self._copy_file(dst_path, file_path)
def dummy_attachment(dummy_user): folder = AttachmentFolder(title='dummy_folder', description='a dummy folder') file_ = AttachmentFile(user=dummy_user, filename='dummy_file.txt', content_type='text/plain') return Attachment(folder=folder, user=dummy_user, title='dummy_attachment', type=AttachmentType.file, file=file_)
def create_contribution_from_abstract(abstract, contrib_session=None): from indico.modules.events.abstracts.settings import abstracts_settings event = abstract.event contrib_person_links = set() author_submission_rights = ( event.cfa.contribution_submitters == SubmissionRightsType.all) person_link_attrs = { '_title', 'address', 'affiliation', 'first_name', 'last_name', 'phone', 'author_type', 'is_speaker', 'display_order' } for abstract_person_link in abstract.person_links: link = ContributionPersonLink(person=abstract_person_link.person) link.populate_from_attrs(abstract_person_link, person_link_attrs) contrib_person_links.add(link) if contrib_session: duration = contrib_session.default_contribution_duration else: duration = contribution_settings.get(event, 'default_duration') custom_fields_data = { f'custom_{field_value.contribution_field.id}': field_value.data for field_value in abstract.field_values } contrib = create_contribution(event, { 'friendly_id': abstract.friendly_id, 'title': abstract.title, 'duration': duration, 'description': abstract.description, 'type': abstract.accepted_contrib_type, 'track': abstract.accepted_track, 'session': contrib_session, 'person_link_data': { link: (author_submission_rights or link.is_speaker) for link in contrib_person_links } }, custom_fields_data=custom_fields_data) if abstracts_settings.get(event, 'copy_attachments') and abstract.files: folder = AttachmentFolder.get_or_create_default(contrib) for abstract_file in abstract.files: attachment = Attachment(user=abstract.submitter, type=AttachmentType.file, folder=folder, title=abstract_file.filename) attachment.file = AttachmentFile( user=abstract.submitter, filename=abstract_file.filename, content_type=abstract_file.content_type) with abstract_file.open() as fd: attachment.file.save(fd) db.session.flush() return contrib
def _create_material(self, logs): folder = AttachmentFolder.find_first(object=self.event, is_default=False, title='Chat Logs', is_deleted=False) if folder is None: folder = AttachmentFolder(protection_mode=ProtectionMode.protected, linked_object=self.event, title='Chat Logs', description='Chat logs for this event') db.session.add(folder) filename = '{}.html'.format(secure_filename(self.material_name, 'logs')) attachment = Attachment( folder=folder, user=session.user, title=self.material_name, type=AttachmentType.file, description="Chat logs for the chat room '{}'".format( self.chatroom.name)) attachment.file = AttachmentFile(user=session.user, filename=filename, content_type='text/html') attachment.file.save(logs.encode('utf-8')) db.session.flush() signals.attachments.attachment_created.send(attachment, user=session.user) log_data = [ ('Range', 'Everything' if not self.date_filter else '{} - {}'.format( format_date(self.start_date), format_date(self.end_date))), ] self.event.log(EventLogRealm.management, EventLogKind.positive, 'Chat', 'Created material: {}'.format(filename), session.user, data=log_data)
def add_attachment_link(data, linked_object): """Add a link attachment to linked_object""" folder = data.pop('folder', None) if not folder: folder = AttachmentFolder.get_or_create_default(linked_object=linked_object) assert folder.object == linked_object link = Attachment(user=session.user, type=AttachmentType.link, folder=folder) link.populate_from_dict(data, skip={'acl', 'protected'}) if link.is_self_protected: link.acl = data['acl'] db.session.flush() logger.info('Attachment %s added by %s', link, session.user) signals.attachments.attachment_created.send(link, user=session.user)
def add_attachment_link(data, linked_object): """Add a link attachment to linked_object.""" folder = data.pop('folder', None) if not folder: folder = AttachmentFolder.get_or_create_default(linked_object=linked_object) assert folder.object == linked_object link = Attachment(user=session.user, type=AttachmentType.link, folder=folder) link.populate_from_dict(data, skip={'acl', 'protected'}) if link.is_self_protected: link.acl = data['acl'] db.session.flush() logger.info('Attachment %s added by %s', link, session.user) signals.attachments.attachment_created.send(link, user=session.user)
def _folder_from_material(self, material, linked_object): folder_obj = AttachmentFolder(id=self._get_id(AttachmentFolder), title=convert_to_unicode(material.title).strip() or 'Material', description=convert_to_unicode(material.description), linked_object=linked_object, is_always_visible=not getattr(material._Material__ac, '_hideFromUnauthorizedUsers', False)) folder = _sa_to_dict(folder_obj) self.todo[AttachmentFolder].append(folder) tmp = ProtectionTarget() protection_from_ac(tmp, material._Material__ac) self.todo[AttachmentFolderPrincipal] += tmp.make_principal_rows(folder_id=folder['id']) folder['protection_mode'] = tmp.protection_mode return folder
def _make_attachment(user, obj): folder = AttachmentFolder(title='dummy_folder', description='a dummy folder') file = AttachmentFile(user=user, filename='dummy_file.txt', content_type='text/plain') attachment = Attachment(folder=folder, user=user, title='dummy_attachment', type=AttachmentType.file, file=file) attachment.folder.object = obj attachment.file.save(BytesIO(b'hello world')) return attachment
def _process(self): params = self._getRequestParams() if params["title"] == "": params["title"] = "No Title" # change number of dates (lecture) if self._confirm == True: if self._event_type != "simple_event": c = self._createEvent(self._params) self.alertCreation([c]) # lectures else: lectures = [] for i in range(1, int(self._params["nbDates"]) + 1): self._params["sDay"] = self._params.get("sDay_%s" % i, "") self._params["sMonth"] = self._params.get( "sMonth_%s" % i, "") self._params["sYear"] = self._params.get( "sYear_%s" % i, "") self._params["sHour"] = self._params.get( "sHour_%s" % i, "") self._params["sMinute"] = self._params.get( "sMinute_%s" % i, "") self._params["duration"] = int( self._params.get("dur_%s" % i, 60)) lectures.append(self._createEvent(self._params)) self.alertCreation(lectures) lectures.sort(sortByStartDate) # create links for i, source in enumerate(lectures, 1): if len(lectures) > 1: source.setTitle("{} ({}/{})".format( source.getTitle(), i, len(lectures))) for j, target in enumerate(lectures, 1): if j != i: folder = AttachmentFolder(linked_object=source, title="part{}".format(j)) link = Attachment(user=session.user, type=AttachmentType.link, folder=folder, title="Part {}".format(j), link_url=target.getURL()) db.session.add(link) c = lectures[0] self._redirect(urlHandlers.UHConferenceModification.getURL(c)) else: url = urlHandlers.UHCategoryDisplay.getURL(self._target) self._redirect(url)
def _process(self): form = AddAttachmentLinkForm(linked_object=self.object) if form.validate_on_submit(): folder = form.folder.data or AttachmentFolder.get_or_create_default(linked_object=self.object) link = Attachment(user=session.user, type=AttachmentType.link) form.populate_obj(link, skip={'acl'}) if link.is_protected: link.acl = form.acl.data link.folder = folder db.session.flush() logger.info('Attachment {} added by {}'.format(link, session.user)) signals.attachments.attachment_created.send(link, user=session.user) flash(_("The link has been added"), 'success') return jsonify_data(attachment_list=_render_attachment_list(self.object)) return jsonify_template('attachments/add_link.html', form=form, protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object))
def _process(self): defaults = FormDefaults(self.attachment, protected=self.attachment.is_protected, skip_attrs={'file'}) if self.attachment.type == AttachmentType.file: file_ = self.attachment.file # file_attrs has to be manually "serialized", since it's going to be converted to JSON file_attrs = { 'url': url_for('attachments.download', self.attachment, filename=self.attachment.file.filename, from_preview='1'), 'filename': file_.filename, 'size': file_.size, 'content_type': file_.content_type } form = EditAttachmentFileForm(linked_object=self.object, obj=defaults, file=file_attrs) else: form = EditAttachmentLinkForm(linked_object=self.object, obj=defaults) if form.validate_on_submit(): folder = form.folder.data or AttachmentFolder.get_or_create_default(linked_object=self.object) logger.info('Attachment {} edited by {}'.format(self.attachment, session.user)) form.populate_obj(self.attachment, skip={'acl', 'file'}) self.attachment.folder = folder if self.attachment.is_protected: # can't use `=` because of https://bitbucket.org/zzzeek/sqlalchemy/issues/3583 self.attachment.acl |= form.acl.data self.attachment.acl &= form.acl.data # files need special handling; links are already updated in `populate_obj` if self.attachment.type == AttachmentType.file: file = request.files['file'] if request.files else None if file: self.attachment.file = AttachmentFile(user=session.user, content_type=file.mimetype, filename=secure_filename(file.filename, 'attachment')) self.attachment.file.save(file.file) signals.attachments.attachment_updated.send(self.attachment, user=session.user) flash(_("The attachment \"{name}\" has been updated").format(name=self.attachment.title), 'success') return jsonify_data(attachment_list=_render_attachment_list(self.object)) template = ('attachments/upload.html' if self.attachment.type == AttachmentType.file else 'attachments/add_link.html') return jsonify_template(template, form=form, existing_attachment=self.attachment, action=url_for('.modify_attachment', self.attachment), protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object))
def build_material_legacy_api_data(linked_object): # Skipping root folder and files in legacy API event = linked_object.getConference() try: cache = g.legacy_api_event_attachments[event] except (AttributeError, KeyError): if 'legacy_api_event_attachments' not in g: g.legacy_api_event_attachments = {} g.legacy_api_event_attachments[event] = cache = defaultdict(list) query = (AttachmentFolder.find( event_id=int(linked_object.getConference().id), is_deleted=False, is_default=False).options( joinedload(AttachmentFolder.legacy_mapping), joinedload(AttachmentFolder.attachments))) for folder in query: cache[folder.linked_object].append(folder) return filter( None, map(_build_folder_legacy_api_data, cache.get(linked_object, [])))
def _process(self): form = AddAttachmentFilesForm(linked_object=self.object) if form.validate_on_submit(): files = form.files.data folder = form.folder.data or AttachmentFolder.get_or_create_default( linked_object=self.object) for f in files: filename = secure_client_filename(f.filename) attachment = Attachment( folder=folder, user=session.user, title=f.filename, type=AttachmentType.file, protection_mode=form.protection_mode.data) if attachment.is_self_protected: attachment.acl = form.acl.data content_type = mimetypes.guess_type( f.filename)[0] or f.mimetype or 'application/octet-stream' attachment.file = AttachmentFile(user=session.user, filename=filename, content_type=content_type) attachment.file.save(f.stream) db.session.add(attachment) db.session.flush() logger.info('Attachment %s uploaded by %s', attachment, session.user) signals.attachments.attachment_created.send(attachment, user=session.user) flash( ngettext("The attachment has been uploaded", "{count} attachments have been uploaded", len(files)).format(count=len(files)), 'success') return jsonify_data( attachment_list=_render_attachment_list(self.object)) return jsonify_template( 'attachments/upload.html', form=form, action=url_for('.upload', self.object), protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object), existing_attachment=None)
def _create_material(self, logs): folder = AttachmentFolder.find_first(object=self.event_new, is_default=False, title='Chat Logs', is_deleted=False) if folder is None: folder = AttachmentFolder(protection_mode=ProtectionMode.protected, linked_object=self.event_new, title='Chat Logs', description='Chat logs for this event') db.session.add(folder) filename = '{}.html'.format(secure_filename(self.material_name, 'logs')) attachment = Attachment(folder=folder, user=session.user, title=self.material_name, type=AttachmentType.file, description="Chat logs for the chat room '{}'".format(self.chatroom.name)) attachment.file = AttachmentFile(user=session.user, filename=filename, content_type='text/html') attachment.file.save(logs.encode('utf-8')) db.session.flush() signals.attachments.attachment_created.send(attachment, user=session.user) log_data = [ ('Range', 'Everything' if not self.date_filter else '{} - {}'.format(format_date(self.start_date), format_date(self.end_date))), ] self.event.log(EventLogRealm.management, EventLogKind.positive, 'Chat', 'Created material: {}'.format(filename), session.user, data=log_data)
def get_attached_folders(linked_object, include_empty=True, include_hidden=True, preload_event=False): """ Return a list of all the folders linked to an object. :param linked_object: The object whose attachments are to be returned :param include_empty: Whether to return empty folders as well. :param include_hidden: Include folders that the user can't see :param preload_event: in the process, preload all objects tied to the corresponding event and keep them in cache """ from indico.modules.attachments.models.folders import AttachmentFolder folders = AttachmentFolder.get_for_linked_object(linked_object, preload_event=preload_event) if not include_hidden: folders = [f for f in folders if f.can_view(session.user)] if not include_empty: folders = [f for f in folders if f.attachments] return folders
def create_contribution_from_abstract(abstract, contrib_session=None): from indico.modules.events.abstracts.settings import abstracts_settings event = abstract.event contrib_person_links = set() person_link_attrs = {'_title', 'address', 'affiliation', 'first_name', 'last_name', 'phone', 'author_type', 'is_speaker', 'display_order'} for abstract_person_link in abstract.person_links: link = ContributionPersonLink(person=abstract_person_link.person) link.populate_from_attrs(abstract_person_link, person_link_attrs) contrib_person_links.add(link) if contrib_session: duration = contrib_session.default_contribution_duration else: duration = contribution_settings.get(event, 'default_duration') custom_fields_data = {'custom_{}'.format(field_value.contribution_field.id): field_value.data for field_value in abstract.field_values} contrib = create_contribution(event, {'friendly_id': abstract.friendly_id, 'title': abstract.title, 'duration': duration, 'description': abstract.description, 'type': abstract.accepted_contrib_type, 'track': abstract.accepted_track, 'session': contrib_session, 'person_link_data': {link: True for link in contrib_person_links}}, custom_fields_data=custom_fields_data) if abstracts_settings.get(event, 'copy_attachments') and abstract.files: folder = AttachmentFolder.get_or_create_default(contrib) for abstract_file in abstract.files: attachment = Attachment(user=abstract.submitter, type=AttachmentType.file, folder=folder, title=abstract_file.filename) attachment.file = AttachmentFile(user=abstract.submitter, filename=abstract_file.filename, content_type=abstract_file.content_type) with abstract_file.open() as fd: attachment.file.save(fd) db.session.flush() return contrib
def _process(self): form = AddAttachmentLinkForm(linked_object=self.object) if form.validate_on_submit(): folder = form.folder.data or AttachmentFolder.get_or_create_default( linked_object=self.object) link = Attachment(user=session.user, type=AttachmentType.link) form.populate_obj(link, skip={'acl'}) if link.is_protected: link.acl = form.acl.data link.folder = folder db.session.flush() logger.info('Attachment {} added by {}'.format(link, session.user)) signals.attachments.attachment_created.send(link, user=session.user) flash(_("The link has been added"), 'success') return jsonify_data( attachment_list=_render_attachment_list(self.object)) return jsonify_template( 'attachments/add_link.html', form=form, protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object))
def _process(self): form = AddAttachmentFilesForm(linked_object=self.object) if form.validate_on_submit(): files = request.files.getlist('file') folder = form.folder.data or AttachmentFolder.get_or_create_default(linked_object=self.object) for f in files: filename = secure_filename(f.filename, 'attachment') attachment = Attachment(folder=folder, user=session.user, title=to_unicode(f.filename), type=AttachmentType.file, protection_mode=form.protection_mode.data) if attachment.is_self_protected: attachment.acl = form.acl.data content_type = mimetypes.guess_type(f.filename)[0] or f.mimetype or 'application/octet-stream' attachment.file = AttachmentFile(user=session.user, filename=filename, content_type=content_type) attachment.file.save(f.file) db.session.add(attachment) db.session.flush() logger.info('Attachment %s uploaded by %s', attachment, session.user) signals.attachments.attachment_created.send(attachment, user=session.user) flash(ngettext("The attachment has been uploaded", "{count} attachments have been uploaded", len(files)) .format(count=len(files)), 'success') return jsonify_data(attachment_list=_render_attachment_list(self.object)) return jsonify_template('attachments/upload.html', form=form, action=url_for('.upload', self.object), protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object))
def test_dump_attachment(db, dummy_user, dummy_contribution): from indico.modules.search.schemas import AttachmentSchema folder = AttachmentFolder(title='Dummy Folder', description='a dummy folder') file = AttachmentFile(user=dummy_user, filename='dummy_file.txt', content_type='text/plain') attachment = Attachment(folder=folder, user=dummy_user, title='Dummy Attachment', type=AttachmentType.file, file=file) attachment.folder.object = dummy_contribution attachment.file.save(BytesIO(b'hello world')) db.session.flush() category_id = dummy_contribution.event.category_id schema = AttachmentSchema() assert schema.dump(attachment) == { 'filename': 'dummy_file.txt', 'title': 'Dummy Attachment', 'user': { 'affiliation': None, 'name': 'Guinea Pig' }, 'attachment_id': attachment.id, 'attachment_type': 'file', 'category_id': category_id, 'category_path': [ { 'id': 0, 'title': 'Home', 'url': '/' }, { 'id': category_id, 'title': 'dummy', 'url': f'/category/{category_id}/' }, ], 'contribution_id': dummy_contribution.id, 'subcontribution_id': None, 'event_id': 0, 'folder_id': folder.id, 'modified_dt': attachment.modified_dt.isoformat(), 'type': 'attachment', 'url': (f'/event/0/contributions/' f'{dummy_contribution.id}/attachments/{folder.id}/{attachment.id}/dummy_file.txt' ), }
def find_folders(self): return AttachmentFolder.find(event_id=int(self.event.id), is_deleted=False)
def _get_folders_protection_info(linked_object): folders = AttachmentFolder.find(object=linked_object, is_deleted=False) return {folder.id: folder.is_self_protected for folder in folders}
def _process_args(self): self.folder = AttachmentFolder.find_one(id=request.view_args['folder_id'], is_deleted=False)
def has_data(self): return AttachmentFolder.has_rows() or Attachment.has_rows()
def test_dump_attachment(db, dummy_user, dummy_contribution): from .schemas import AttachmentRecordSchema folder = AttachmentFolder(title='Dummy Folder', description='a dummy folder') file = AttachmentFile(user=dummy_user, filename='dummy_file.txt', content_type='text/plain') attachment = Attachment(folder=folder, user=dummy_user, title='Dummy Attachment', type=AttachmentType.file, file=file) attachment.folder.object = dummy_contribution attachment.file.save(BytesIO(b'hello world')) db.session.flush() category_id = dummy_contribution.event.category_id schema = AttachmentRecordSchema(context={'schema': 'test-attachment'}) assert schema.dump(attachment) == { '$schema': 'test-attachment', '_access': { 'delete': ['IndicoAdmin'], 'owner': ['IndicoAdmin'], 'update': ['IndicoAdmin'], }, '_data': { 'filename': 'dummy_file.txt', 'site': 'http://localhost', 'title': 'Dummy Attachment', 'persons': { 'name': 'Guinea Pig' }, }, 'attachment_id': attachment.id, 'category_id': category_id, 'category_path': [ { 'id': 0, 'title': 'Home', 'url': '/' }, { 'id': category_id, 'title': 'dummy', 'url': f'/category/{category_id}/' }, ], 'contribution_id': dummy_contribution.id, 'event_id': 0, 'folder_id': folder.id, 'modified_dt': attachment.modified_dt.isoformat(), 'type': 'attachment', 'type_format': 'file', 'url': (f'http://localhost/event/0/contributions/' f'{dummy_contribution.id}/attachments/{folder.id}/{attachment.id}/dummy_file.txt' ), }
def _get_event_path(self, data): if not (folder := AttachmentFolder.get(data['folder_id'])): return []
def test_attachment_acls(dummy_event, dummy_user, create_user): from .schemas import ACLSchema class TestSchema(ACLSchema, mm.Schema): pass folder = AttachmentFolder(title='Dummy Folder', description='a dummy folder') attachment = Attachment(folder=folder, user=dummy_user, title='Dummy Attachment', type=AttachmentType.link, link_url='https://example.com') attachment.folder.object = dummy_event def assert_acl(expected_read_acl): __tracebackhide__ = True data = schema.dump(attachment) read_acl = data['_access'].pop('read', None) assert data == { '_access': { 'delete': ['IndicoAdmin'], 'owner': ['IndicoAdmin'], 'update': ['IndicoAdmin'] } } if read_acl is not None: read_acl = set(read_acl) assert read_acl == expected_read_acl schema = TestSchema() u1 = create_user(1, email='*****@*****.**') u2 = create_user(2, email='*****@*****.**') u3 = create_user(3, email='*****@*****.**') # event is inheriting public, so no acl assert_acl(None) # event is protected and the acl is empty (nobody has regular access) dummy_event.protection_mode = ProtectionMode.protected assert_acl({'IndicoAdmin'}) dummy_event.update_principal(u1, read_access=True) dummy_event.category.update_principal(u2, read_access=True) dummy_event.category.parent.update_principal(u3, read_access=True) # self-protected, so no acl inherited assert_acl({'IndicoAdmin', 'User:1'}) # event is inheriting from public categories, so there is no acl dummy_event.protection_mode = ProtectionMode.inheriting assert_acl(None) # event it itself public, so no acl here as well dummy_event.protection_mode = ProtectionMode.public assert_acl(None) # inheriting, so all parent acl entries dummy_event.protection_mode = ProtectionMode.inheriting dummy_event.category.parent.protection_mode = ProtectionMode.protected assert_acl({'IndicoAdmin', 'User:1', 'User:2', 'User:3'}) # category protected, so no parent category acl inherited dummy_event.category.protection_mode = ProtectionMode.protected assert_acl({'IndicoAdmin', 'User:1', 'User:2'}) # parent category acl entry is a manager, that one is inherited dummy_event.category.parent.update_principal(u3, full_access=True) assert_acl({'IndicoAdmin', 'User:1', 'User:2', 'User:3'}) # attachment self-protected, only the category/event manager has access folder.update_principal(u2, read_access=True) attachment.protection_mode = ProtectionMode.protected assert_acl({'IndicoAdmin', 'User:3'}) # the user in the attachment acl has access as well attachment.update_principal(u1, read_access=True) attachment.protection_mode = ProtectionMode.protected assert_acl({'IndicoAdmin', 'User:3', 'User:1'}) # attachment inheriting from self-protected folder - only the folder acl is used attachment.protection_mode = ProtectionMode.inheriting folder.protection_mode = ProtectionMode.protected assert_acl({'IndicoAdmin', 'User:3', 'User:2'})
def __init__(self, *args, **kwargs): linked_object = kwargs.pop('linked_object') super(AttachmentFormBase, self).__init__(*args, **kwargs) self.folder.query = (AttachmentFolder.find( object=linked_object, is_default=False, is_deleted=False).order_by(db.func.lower(AttachmentFolder.title)))
def _checkParams(self): self.folder = AttachmentFolder.find_one(id=request.view_args['folder_id'], is_deleted=False)
def _process(self): defaults = FormDefaults(self.attachment, protected=self.attachment.is_protected, skip_attrs={'file'}) if self.attachment.type == AttachmentType.file: file_ = self.attachment.file # file_attrs has to be manually "serialized", since it's going to be converted to JSON file_attrs = { 'url': url_for('attachments.download', self.attachment, filename=self.attachment.file.filename, from_preview='1'), 'filename': file_.filename, 'size': file_.size, 'content_type': file_.content_type } form = EditAttachmentFileForm(linked_object=self.object, obj=defaults, file=file_attrs) else: form = EditAttachmentLinkForm(linked_object=self.object, obj=defaults) if form.validate_on_submit(): folder = form.folder.data or AttachmentFolder.get_or_create_default( linked_object=self.object) logger.info('Attachment {} edited by {}'.format( self.attachment, session.user)) form.populate_obj(self.attachment, skip={'acl', 'file'}) self.attachment.folder = folder if self.attachment.is_protected: # can't use `=` because of https://bitbucket.org/zzzeek/sqlalchemy/issues/3583 self.attachment.acl |= form.acl.data self.attachment.acl &= form.acl.data # files need special handling; links are already updated in `populate_obj` if self.attachment.type == AttachmentType.file: file = request.files['file'] if request.files else None if file: self.attachment.file = AttachmentFile( user=session.user, content_type=file.mimetype, filename=secure_filename(file.filename, 'attachment')) self.attachment.file.save(file.file) signals.attachments.attachment_updated.send(self.attachment, user=session.user) flash( _("The attachment \"{name}\" has been updated").format( name=self.attachment.title), 'success') return jsonify_data( attachment_list=_render_attachment_list(self.object)) template = ('attachments/upload.html' if self.attachment.type == AttachmentType.file else 'attachments/add_link.html') return jsonify_template( template, form=form, existing_attachment=self.attachment, action=url_for('.modify_attachment', self.attachment), protection_message=_render_protection_message(self.object), folders_protection_info=_get_folders_protection_info(self.object))
def has_data(self): return AttachmentFolder.has_rows() or Attachment.has_rows()