def _get(self, req, form): """ Returns a file attached to a comment. Example: CFG_SITE_URL/CFG_SITE_RECORD/5953/comments/attachments/get/652/myfile.pdf where 652 is the comment ID """ argd = wash_urlargd(form, {"file": (str, None), "comid": (int, 0)}) _ = gettext_set_language(argd["ln"]) # Can user view this record, i.e. can user access its # attachments? uid = getUid(req) user_info = collect_user_info(req) # Check that user can view record, and its comments (protected # with action "viewcomment") (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if auth_code and user_info["email"] == "guest": cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", text=auth_msg) # Does comment exist? if not query_get_comment(argd["comid"]): req.status = apache.HTTP_NOT_FOUND return page(title=_("Page Not Found"), body=_("The requested comment could not be found"), req=req) # Check that user can view this particular comment, protected # using its own restriction (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd["comid"]) if auth_code and user_info["email"] == "guest": cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", text=auth_msg, ln=argd["ln"]) # Check that comment is not currently deleted if is_comment_deleted(argd["comid"]): return page_not_authorized( req, "../", text=_("You cannot access files of a deleted comment"), ln=argd["ln"] ) if not argd["file"] is None: # Prepare path to file on disk. Normalize the path so that # ../ and other dangerous components are removed. path = os.path.abspath( CFG_PREFIX + "/var/data/comments/" + str(self.recid) + "/" + str(argd["comid"]) + "/" + argd["file"] ) # Check that we are really accessing attachements # directory, for the declared record. if path.startswith(CFG_PREFIX + "/var/data/comments/" + str(self.recid)) and os.path.exists(path): return stream_file(req, path) # Send error 404 in all other cases req.status = apache.HTTP_NOT_FOUND return page( title=_("Page Not Found"), body=_("The requested file could not be found"), req=req, language=argd["ln"] )
def perform_request_delete(comID=-1, recID=-1, uid=-1, reviews="", ln=CFG_SITE_LANG): """ """ _ = gettext_set_language(ln) from invenio.legacy.search_engine import record_exists warnings = [] ln = wash_language(ln) comID = wash_url_argument(comID, 'int') recID = wash_url_argument(recID, 'int') uid = wash_url_argument(uid, 'int') # parameter reviews is deduced from comID when needed if comID is not None and recID is not None and uid is not None: if comID <= 0 and recID <= 0 and uid <= 0: if comID != -1: try: raise InvenioWebCommentWarning(_('Invalid comment ID.')) except InvenioWebCommentWarning as exc: register_exception(stream='warning') warnings.append((exc.message, '')) #warnings.append(("WRN_WEBCOMMENT_ADMIN_INVALID_COMID",)) return webcomment_templates.tmpl_admin_delete_form(ln, warnings) if comID > 0 and not recID > 0: comment = query_get_comment(comID) if comment: # Figure out if this is a review or a comment c_star_score = 5 if comment[c_star_score] > 0: reviews = 1 else: reviews = 0 return (perform_request_comments(ln=ln, comID=comID, recID=recID, reviews=reviews), None, warnings) else: try: raise InvenioWebCommentWarning( _('Comment ID %(x_name)s does not exist.', x_name=comID)) except InvenioWebCommentWarning as exc: register_exception(stream='warning') warnings.append((exc.message, '')) #warnings.append(('WRN_WEBCOMMENT_ADMIN_COMID_INEXISTANT', comID)) return webcomment_templates.tmpl_admin_delete_form( ln, warnings) elif recID > 0: if record_exists(recID): comID = '' reviews = wash_url_argument(reviews, 'int') return (perform_request_comments(ln=ln, comID=comID, recID=recID, reviews=reviews), None, warnings) else: try: raise InvenioWebCommentWarning( _('Record ID %(x_rec)s does not exist.', x_rec=comID)) except InvenioWebCommentWarning as exc: register_exception(stream='warning') warnings.append((exc.message, '')) #warnings.append(('WRN_WEBCOMMENT_ADMIN_RECID_INEXISTANT', comID)) return webcomment_templates.tmpl_admin_delete_form( ln, warnings) else: return webcomment_templates.tmpl_admin_delete_form(ln, warnings) else: return webcomment_templates.tmpl_admin_delete_form(ln, warnings)
def _get(self, req, form): """ Returns a file attached to a comment. Example: CFG_SITE_URL/CFG_SITE_RECORD/5953/comments/attachments/get/652/myfile.pdf where 652 is the comment ID """ argd = wash_urlargd(form, {'file': (str, None), 'comid': (int, 0)}) _ = gettext_set_language(argd['ln']) # Can user view this record, i.e. can user access its # attachments? uid = getUid(req) user_info = collect_user_info(req) # Check that user can view record, and its comments (protected # with action "viewcomment") (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) # Does comment exist? if not query_get_comment(argd['comid']): req.status = apache.HTTP_NOT_FOUND return page(title=_("Page Not Found"), body=_('The requested comment could not be found'), req=req) # Check that user can view this particular comment, protected # using its own restriction (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd['comid']) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg, ln=argd['ln']) # Check that comment is not currently deleted if is_comment_deleted(argd['comid']): return page_not_authorized(req, "../", \ text = _("You cannot access files of a deleted comment"), ln=argd['ln']) if not argd['file'] is None: # Prepare path to file on disk. Normalize the path so that # ../ and other dangerous components are removed. path = os.path.abspath(CFG_PREFIX + '/var/data/comments/' + \ str(self.recid) + '/' + str(argd['comid']) + \ '/' + argd['file']) # Check that we are really accessing attachements # directory, for the declared record. if path.startswith(CFG_PREFIX + '/var/data/comments/' + \ str(self.recid)) and \ os.path.exists(path): return stream_file(req, path) # Send error 404 in all other cases req.status = apache.HTTP_NOT_FOUND return page(title=_("Page Not Found"), body=_('The requested file could not be found'), req=req, language=argd['ln'])
def perform_request_delete(comID=-1, recID=-1, uid=-1, reviews="", ln=CFG_SITE_LANG): """ """ _ = gettext_set_language(ln) from invenio.legacy.search_engine import record_exists warnings = [] ln = wash_language(ln) comID = wash_url_argument(comID, 'int') recID = wash_url_argument(recID, 'int') uid = wash_url_argument(uid, 'int') # parameter reviews is deduced from comID when needed if comID is not None and recID is not None and uid is not None: if comID <= 0 and recID <= 0 and uid <= 0: if comID != -1: try: raise InvenioWebCommentWarning(_('Invalid comment ID.')) except InvenioWebCommentWarning as exc: register_exception(stream='warning') warnings.append((exc.message, '')) #warnings.append(("WRN_WEBCOMMENT_ADMIN_INVALID_COMID",)) return webcomment_templates.tmpl_admin_delete_form(ln, warnings) if comID > 0 and not recID > 0: comment = query_get_comment(comID) if comment: # Figure out if this is a review or a comment c_star_score = 5 if comment[c_star_score] > 0: reviews = 1 else: reviews = 0 return (perform_request_comments(ln=ln, comID=comID, recID=recID, reviews=reviews), None, warnings) else: try: raise InvenioWebCommentWarning(_('Comment ID %(x_name)s does not exist.', x_name=comID)) except InvenioWebCommentWarning as exc: register_exception(stream='warning') warnings.append((exc.message, '')) #warnings.append(('WRN_WEBCOMMENT_ADMIN_COMID_INEXISTANT', comID)) return webcomment_templates.tmpl_admin_delete_form(ln, warnings) elif recID > 0: if record_exists(recID): comID = '' reviews = wash_url_argument(reviews, 'int') return (perform_request_comments(ln=ln, comID=comID, recID=recID, reviews=reviews), None, warnings) else: try: raise InvenioWebCommentWarning(_('Record ID %(x_rec)s does not exist.', x_rec=comID)) except InvenioWebCommentWarning as exc: register_exception(stream='warning') warnings.append((exc.message, '')) #warnings.append(('WRN_WEBCOMMENT_ADMIN_RECID_INEXISTANT', comID)) return webcomment_templates.tmpl_admin_delete_form(ln, warnings) else: return webcomment_templates.tmpl_admin_delete_form(ln, warnings) else: return webcomment_templates.tmpl_admin_delete_form(ln, warnings)