def _get(self, req, form):
"""
Returns a file attached to a comment.
Example:
CFG_SITE_URL/CFG_SITE_RECORD/5953/comments/attachments/get/652/myfile.pdf
where 652 is the comment ID
"""
argd = wash_urlargd(form, {"file": (str, None), "comid": (int, 0)})
_ = gettext_set_language(argd["ln"])
# Can user view this record, i.e. can user access its
# attachments?
uid = getUid(req)
user_info = collect_user_info(req)
# Check that user can view record, and its comments (protected
# with action "viewcomment")
(auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid)
if auth_code and user_info["email"] == "guest":
cookie = mail_cookie_create_authorize_action(
VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)}
)
target = (
CFG_SITE_SECURE_URL
+ "/youraccount/login"
+ make_canonical_urlargd(
{"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {}
)
)
return redirect_to_url(req, target, norobot=True)
elif auth_code:
return page_not_authorized(req, "../", text=auth_msg)
# Does comment exist?
if not query_get_comment(argd["comid"]):
req.status = apache.HTTP_NOT_FOUND
return page(title=_("Page Not Found"), body=_("The requested comment could not be found"), req=req)
# Check that user can view this particular comment, protected
# using its own restriction
(auth_code, auth_msg) = check_user_can_view_comment(user_info, argd["comid"])
if auth_code and user_info["email"] == "guest":
cookie = mail_cookie_create_authorize_action(
VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)}
)
target = (
CFG_SITE_SECURE_URL
+ "/youraccount/login"
+ make_canonical_urlargd(
{"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {}
)
)
return redirect_to_url(req, target)
elif auth_code:
return page_not_authorized(req, "../", text=auth_msg, ln=argd["ln"])
# Check that comment is not currently deleted
if is_comment_deleted(argd["comid"]):
return page_not_authorized(
req, "../", text=_("You cannot access files of a deleted comment"), ln=argd["ln"]
)
if not argd["file"] is None:
# Prepare path to file on disk. Normalize the path so that
# ../ and other dangerous components are removed.
path = os.path.abspath(
CFG_PREFIX + "/var/data/comments/" + str(self.recid) + "/" + str(argd["comid"]) + "/" + argd["file"]
)
# Check that we are really accessing attachements
# directory, for the declared record.
if path.startswith(CFG_PREFIX + "/var/data/comments/" + str(self.recid)) and os.path.exists(path):
return stream_file(req, path)
# Send error 404 in all other cases
req.status = apache.HTTP_NOT_FOUND
return page(
title=_("Page Not Found"), body=_("The requested file could not be found"), req=req, language=argd["ln"]
)
def perform_request_delete(comID=-1,
recID=-1,
uid=-1,
reviews="",
ln=CFG_SITE_LANG):
"""
"""
_ = gettext_set_language(ln)
from invenio.legacy.search_engine import record_exists
warnings = []
ln = wash_language(ln)
comID = wash_url_argument(comID, 'int')
recID = wash_url_argument(recID, 'int')
uid = wash_url_argument(uid, 'int')
# parameter reviews is deduced from comID when needed
if comID is not None and recID is not None and uid is not None:
if comID <= 0 and recID <= 0 and uid <= 0:
if comID != -1:
try:
raise InvenioWebCommentWarning(_('Invalid comment ID.'))
except InvenioWebCommentWarning as exc:
register_exception(stream='warning')
warnings.append((exc.message, ''))
#warnings.append(("WRN_WEBCOMMENT_ADMIN_INVALID_COMID",))
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
if comID > 0 and not recID > 0:
comment = query_get_comment(comID)
if comment:
# Figure out if this is a review or a comment
c_star_score = 5
if comment[c_star_score] > 0:
reviews = 1
else:
reviews = 0
return (perform_request_comments(ln=ln,
comID=comID,
recID=recID,
reviews=reviews), None,
warnings)
else:
try:
raise InvenioWebCommentWarning(
_('Comment ID %(x_name)s does not exist.',
x_name=comID))
except InvenioWebCommentWarning as exc:
register_exception(stream='warning')
warnings.append((exc.message, ''))
#warnings.append(('WRN_WEBCOMMENT_ADMIN_COMID_INEXISTANT', comID))
return webcomment_templates.tmpl_admin_delete_form(
ln, warnings)
elif recID > 0:
if record_exists(recID):
comID = ''
reviews = wash_url_argument(reviews, 'int')
return (perform_request_comments(ln=ln,
comID=comID,
recID=recID,
reviews=reviews), None,
warnings)
else:
try:
raise InvenioWebCommentWarning(
_('Record ID %(x_rec)s does not exist.', x_rec=comID))
except InvenioWebCommentWarning as exc:
register_exception(stream='warning')
warnings.append((exc.message, ''))
#warnings.append(('WRN_WEBCOMMENT_ADMIN_RECID_INEXISTANT', comID))
return webcomment_templates.tmpl_admin_delete_form(
ln, warnings)
else:
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
else:
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
def _get(self, req, form):
"""
Returns a file attached to a comment.
Example:
CFG_SITE_URL/CFG_SITE_RECORD/5953/comments/attachments/get/652/myfile.pdf
where 652 is the comment ID
"""
argd = wash_urlargd(form, {'file': (str, None), 'comid': (int, 0)})
_ = gettext_set_language(argd['ln'])
# Can user view this record, i.e. can user access its
# attachments?
uid = getUid(req)
user_info = collect_user_info(req)
# Check that user can view record, and its comments (protected
# with action "viewcomment")
(auth_code,
auth_msg) = check_user_can_view_comments(user_info, self.recid)
if auth_code and user_info['email'] == 'guest':
cookie = mail_cookie_create_authorize_action(
VIEWRESTRCOLL, {
'collection': guess_primary_collection_of_a_record(
self.recid)
})
target = CFG_SITE_SECURE_URL + '/youraccount/login' + \
make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
CFG_SITE_SECURE_URL + user_info['uri']}, {})
return redirect_to_url(req, target, norobot=True)
elif auth_code:
return page_not_authorized(req, "../", \
text = auth_msg)
# Does comment exist?
if not query_get_comment(argd['comid']):
req.status = apache.HTTP_NOT_FOUND
return page(title=_("Page Not Found"),
body=_('The requested comment could not be found'),
req=req)
# Check that user can view this particular comment, protected
# using its own restriction
(auth_code,
auth_msg) = check_user_can_view_comment(user_info, argd['comid'])
if auth_code and user_info['email'] == 'guest':
cookie = mail_cookie_create_authorize_action(
VIEWRESTRCOLL, {
'collection': guess_primary_collection_of_a_record(
self.recid)
})
target = CFG_SITE_SECURE_URL + '/youraccount/login' + \
make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
CFG_SITE_SECURE_URL + user_info['uri']}, {})
return redirect_to_url(req, target)
elif auth_code:
return page_not_authorized(req, "../", \
text = auth_msg,
ln=argd['ln'])
# Check that comment is not currently deleted
if is_comment_deleted(argd['comid']):
return page_not_authorized(req, "../", \
text = _("You cannot access files of a deleted comment"),
ln=argd['ln'])
if not argd['file'] is None:
# Prepare path to file on disk. Normalize the path so that
# ../ and other dangerous components are removed.
path = os.path.abspath(CFG_PREFIX + '/var/data/comments/' + \
str(self.recid) + '/' + str(argd['comid']) + \
'/' + argd['file'])
# Check that we are really accessing attachements
# directory, for the declared record.
if path.startswith(CFG_PREFIX + '/var/data/comments/' + \
str(self.recid)) and \
os.path.exists(path):
return stream_file(req, path)
# Send error 404 in all other cases
req.status = apache.HTTP_NOT_FOUND
return page(title=_("Page Not Found"),
body=_('The requested file could not be found'),
req=req,
language=argd['ln'])
def perform_request_delete(comID=-1, recID=-1, uid=-1, reviews="", ln=CFG_SITE_LANG):
"""
"""
_ = gettext_set_language(ln)
from invenio.legacy.search_engine import record_exists
warnings = []
ln = wash_language(ln)
comID = wash_url_argument(comID, 'int')
recID = wash_url_argument(recID, 'int')
uid = wash_url_argument(uid, 'int')
# parameter reviews is deduced from comID when needed
if comID is not None and recID is not None and uid is not None:
if comID <= 0 and recID <= 0 and uid <= 0:
if comID != -1:
try:
raise InvenioWebCommentWarning(_('Invalid comment ID.'))
except InvenioWebCommentWarning as exc:
register_exception(stream='warning')
warnings.append((exc.message, ''))
#warnings.append(("WRN_WEBCOMMENT_ADMIN_INVALID_COMID",))
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
if comID > 0 and not recID > 0:
comment = query_get_comment(comID)
if comment:
# Figure out if this is a review or a comment
c_star_score = 5
if comment[c_star_score] > 0:
reviews = 1
else:
reviews = 0
return (perform_request_comments(ln=ln, comID=comID, recID=recID, reviews=reviews), None, warnings)
else:
try:
raise InvenioWebCommentWarning(_('Comment ID %(x_name)s does not exist.', x_name=comID))
except InvenioWebCommentWarning as exc:
register_exception(stream='warning')
warnings.append((exc.message, ''))
#warnings.append(('WRN_WEBCOMMENT_ADMIN_COMID_INEXISTANT', comID))
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
elif recID > 0:
if record_exists(recID):
comID = ''
reviews = wash_url_argument(reviews, 'int')
return (perform_request_comments(ln=ln, comID=comID, recID=recID, reviews=reviews), None, warnings)
else:
try:
raise InvenioWebCommentWarning(_('Record ID %(x_rec)s does not exist.', x_rec=comID))
except InvenioWebCommentWarning as exc:
register_exception(stream='warning')
warnings.append((exc.message, ''))
#warnings.append(('WRN_WEBCOMMENT_ADMIN_RECID_INEXISTANT', comID))
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
else:
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
else:
return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
