def get_media(request, path): def return_file(path, name): res = serve(request, path, document_root=settings.MEDIA_ROOT, show_indexes=False) res['Content-Disposition'] = 'attachment; filename=%s' % name return res if not path: raise Http404() id = None try: path2 = path.split('!target_id=')[0] id = path.split('!target_id=')[1] path = path2 except: pass try: slug = path.split('/')[0] name = path.split('/')[1] except: return return_file('', path) print slug print name klass = mapping.get(slug, None) if not klass: raise Http404() if klass == 1: return return_file(path, name) if not request.user.is_authenticated(): raise Http404() if not id: raise Http404() try: object = klass.objects.get(pk=id) except: raise Http404() if PermissionController().is_admin( request.user) or PermissionController().is_supervisor( request.user): return return_file(path, name) if PermissionController().is_arbiter( request.user) and not isinstance(klass, Member): return return_file(path, name) if PermissionController().is_member(request.user): try: member = request.user.member except: raise Http404() if not member: raise Http404() if member == object: return return_file(path, name) if isinstance(object, Project): if check_project_access(object, member): return return_file(path, name) if isinstance(object, ProjectReport): if check_project_access(object.project, member): return return_file(path, name) raise Http404()