def download_file(request, file_id, type=None, file_=None, addon=None): if not file_: file_ = get_object_or_404(File.objects, pk=file_id) if not addon: addon = get_object_or_404(Addon.with_unlisted, pk=file_.version.addon_id) if addon.is_disabled or file_.status == amo.STATUS_DISABLED: if acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer( request ): return HttpResponseSendFile(request, file_.guarded_file_path, content_type="application/x-xpinstall") log.info( u"download file {file_id}: addon/file disabled or user " u"{user_id} is not an owner".format(file_id=file_id, user_id=request.user.pk) ) raise http.Http404() if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)): log.info( u"download file {file_id}: addon is unlisted but user " u"{user_id} is not an owner".format(file_id=file_id, user_id=request.user.pk) ) raise http.Http404 # Not listed, not owner or admin. attachment = type == "attachment" or not request.APP.browser loc = urlparams(file_.get_mirror(addon, attachment=attachment), filehash=file_.hash) response = http.HttpResponseRedirect(loc) response["X-Target-Digest"] = file_.hash return response
def download_file(request, file_id, type=None, file_=None, addon=None): if not file_: file_ = get_object_or_404(File.objects, pk=file_id) if not addon: addon = get_object_or_404(Addon.with_unlisted, pk=file_.version.addon_id) if addon.is_disabled or file_.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership( request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile(request, file_.guarded_file_path, content_type='application/x-xpinstall') log.info(u'download file {file_id}: addon/file disabled or user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404() if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)): log.info(u'download file {file_id}: addon is unlisted but user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file_.get_mirror(addon, attachment=attachment), filehash=file_.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file_.hash return response
def reporter_detail(request, guid): try: addon = Addon.objects.get(guid=guid) except Addon.DoesNotExist: addon = None name = addon.name if addon else guid qs = CompatReport.objects.filter(guid=guid) show_listed_only = addon and not owner_or_unlisted_reviewer(request, addon) if (addon and not addon.has_listed_versions() and show_listed_only): # Not authorized? Let's pretend this addon simply doesn't exist. name = guid qs = CompatReport.objects.none() elif show_listed_only: unlisted_versions = addon.versions.filter( channel=amo.RELEASE_CHANNEL_UNLISTED).values_list('version', flat=True) qs = qs.exclude(version__in=unlisted_versions) form = AppVerForm(request.GET) if request.GET and form.is_valid() and form.cleaned_data['appver']: # Apply filters only if we have a good app/version combination. version = form.cleaned_data['appver'] ver = vdict(floor_version(version))['major'] # 3.6 => 3 # Ideally we'd have a `version_int` column to do strict version # comparing, but that's overkill for basic version filtering here. qs = qs.filter(app_guid=amo.FIREFOX.guid, app_version__startswith=str(ver) + '.') works_ = dict(qs.values_list('works_properly').annotate(Count('id'))) works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)} works_properly = request.GET.get('works_properly') if works_properly: qs = qs.filter(works_properly=works_properly) reports = paginate(request, qs.order_by('-created'), 100) return render( request, 'compat/reporter_detail.html', dict(reports=reports, works=works, works_properly=works_properly, name=name, guid=guid, form=form))
def allowed(request, file): try: addon = file.version.addon except ObjectDoesNotExist: raise http.Http404 # General case: addon is listed. if addon.is_listed: if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES) or acl.check_addons_reviewer(request) or acl.check_addon_ownership( request, addon, viewer=True, dev=True)): return True # Public and sources are visible, or reviewer. raise PermissionDenied # Listed but not allowed. # Not listed? Needs an owner or an "unlisted" admin. else: if owner_or_unlisted_reviewer(request, addon): return True raise http.Http404 # Not listed, not owner or admin.
def reporter(request): query = request.GET.get("guid") if query: qs = None if query.isdigit(): qs = Addon.with_unlisted.filter(id=query) if not qs: qs = Addon.with_unlisted.filter(slug=query) if not qs: qs = Addon.with_unlisted.filter(guid=query) if not qs and len(query) > 4: qs = CompatReport.objects.filter(guid__startswith=query) if qs: guid = qs[0].guid addon = Addon.with_unlisted.get(guid=guid) if addon.is_listed or owner_or_unlisted_reviewer(request, addon): return redirect("compat.reporter_detail", guid) addons = Addon.with_unlisted.filter(authors=request.user) if request.user.is_authenticated() else [] return render(request, "compat/reporter.html", dict(query=query, addons=addons))
def download_source(request, version_id): version = get_object_or_404(Version.objects, pk=version_id) # General case: version is listed. if version.channel == amo.RELEASE_CHANNEL_LISTED: if not (version.source and (acl.check_addon_ownership( request, version.addon, dev=True, ignore_disabled=True))): raise http.Http404() else: if not owner_or_unlisted_reviewer(request, version.addon): raise http.Http404 # Not listed, not owner or unlisted reviewer. res = HttpResponseSendFile(request, version.source.path) path = version.source.path if not isinstance(path, six.text_type): path = path.decode('utf8') name = os.path.basename(path.replace(u'"', u'')) disposition = u'attachment; filename="{0}"'.format(name).encode('utf8') res['Content-Disposition'] = disposition return res
def allowed(request, file): try: addon = file.version.addon except ObjectDoesNotExist: raise http.Http404 # General case: addon is listed. if addon.is_listed: if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES) or acl.check_addons_reviewer(request) or acl.check_addon_ownership(request, addon, viewer=True, dev=True)): return True # Public and sources are visible, or reviewer. raise PermissionDenied # Listed but not allowed. # Not listed? Needs an owner or an "unlisted" admin. else: if owner_or_unlisted_reviewer(request, addon): return True raise http.Http404 # Not listed, not owner or admin.
def reporter_detail(request, guid): try: addon = Addon.with_unlisted.get(guid=guid) except Addon.DoesNotExist: addon = None name = addon.name if addon else guid qs = CompatReport.objects.filter(guid=guid) if (addon and not addon.is_listed and not owner_or_unlisted_reviewer(request, addon)): # Not authorized? Let's pretend this addon simply doesn't exist. name = guid qs = CompatReport.objects.none() form = AppVerForm(request.GET) if request.GET and form.is_valid() and form.cleaned_data['appver']: # Apply filters only if we have a good app/version combination. app, ver = form.cleaned_data['appver'].split('-') app = amo.APP_IDS[int(app)] ver = vdict(floor_version(ver))['major'] # 3.6 => 3 # Ideally we'd have a `version_int` column to do strict version # comparing, but that's overkill for basic version filtering here. qs = qs.filter(app_guid=app.guid, app_version__startswith=str(ver) + '.') works_ = dict(qs.values_list('works_properly').annotate(Count('id'))) works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)} works_properly = request.GET.get('works_properly') if works_properly: qs = qs.filter(works_properly=works_properly) reports = amo_utils.paginate(request, qs.order_by('-created'), 100) return render( request, 'compat/reporter_detail.html', dict(reports=reports, works=works, works_properly=works_properly, name=name, guid=guid, form=form))
def reporter_detail(request, guid): try: addon = Addon.objects.get(guid=guid) except Addon.DoesNotExist: addon = None name = addon.name if addon else guid qs = CompatReport.objects.filter(guid=guid) show_listed_only = addon and not owner_or_unlisted_reviewer(request, addon) if (addon and not addon.has_listed_versions() and show_listed_only): # Not authorized? Let's pretend this addon simply doesn't exist. name = guid qs = CompatReport.objects.none() elif show_listed_only: unlisted_versions = addon.versions.filter( channel=amo.RELEASE_CHANNEL_UNLISTED).values_list( 'version', flat=True) qs = qs.exclude(version__in=unlisted_versions) form = AppVerForm(request.GET) if request.GET and form.is_valid() and form.cleaned_data['appver']: # Apply filters only if we have a good app/version combination. version = form.cleaned_data['appver'] ver = vdict(floor_version(version))['major'] # 3.6 => 3 # Ideally we'd have a `version_int` column to do strict version # comparing, but that's overkill for basic version filtering here. qs = qs.filter(app_guid=amo.FIREFOX.guid, app_version__startswith=str(ver) + '.') works_ = dict(qs.values_list('works_properly').annotate(Count('id'))) works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)} works_properly = request.GET.get('works_properly') if works_properly: qs = qs.filter(works_properly=works_properly) reports = paginate(request, qs.order_by('-created'), 100) return render(request, 'compat/reporter_detail.html', dict(reports=reports, works=works, works_properly=works_properly, name=name, guid=guid, form=form))
def allowed(request, file): try: version = file.version addon = version.addon except ObjectDoesNotExist: raise http.Http404 # General case: addon is listed. if version.channel == amo.RELEASE_CHANNEL_LISTED: # We don't show the file-browser publicly because of potential DOS # issues, we're working on a fix but for now, let's not do this. # (cgrebs, 06042017) is_owner = acl.check_addon_ownership(request, addon, dev=True) if (acl.is_reviewer(request, addon) or is_owner): return True # Public and sources are visible, or reviewer. raise PermissionDenied # Listed but not allowed. # Not listed? Needs an owner or an "unlisted" admin. else: if owner_or_unlisted_reviewer(request, addon): return True raise http.Http404 # Not listed, not owner or admin.
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) # General case: addon is listed. if version.addon.is_listed: if not (version.source and (acl.check_addon_ownership(request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): raise http.Http404() else: if not owner_or_unlisted_reviewer(request, version.addon): raise http.Http404 # Not listed, not owner or admin. res = HttpResponseSendFile(request, version.source.path) path = version.source.path if not isinstance(path, unicode): path = path.decode('utf8') name = os.path.basename(path.replace(u'"', u'')) disposition = u'attachment; filename="{0}"'.format(name).encode('utf8') res['Content-Disposition'] = disposition return res
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) # General case: addon is listed. if version.addon.is_listed: if not (version.source and (acl.check_addon_ownership( request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): raise http.Http404() else: if not owner_or_unlisted_reviewer(request, version.addon): raise http.Http404 # Not listed, not owner or admin. res = HttpResponseSendFile(request, version.source.path) path = version.source.path if not isinstance(path, unicode): path = path.decode('utf8') name = os.path.basename(path.replace(u'"', u'')) disposition = u'attachment; filename="{0}"'.format(name).encode('utf8') res['Content-Disposition'] = disposition return res
def reporter(request): query = request.GET.get('guid') if query: qs = None if query.isdigit(): qs = Addon.with_unlisted.filter(id=query) if not qs: qs = Addon.with_unlisted.filter(slug=query) if not qs: qs = Addon.with_unlisted.filter(guid=query) if not qs and len(query) > 4: qs = CompatReport.objects.filter(guid__startswith=query) if qs: guid = qs[0].guid addon = Addon.with_unlisted.get(guid=guid) if addon.is_listed or owner_or_unlisted_reviewer(request, addon): return redirect('compat.reporter_detail', guid) addons = (Addon.with_unlisted.filter( authors=request.user) if request.user.is_authenticated() else []) return render(request, 'compat/reporter.html', dict(query=query, addons=addons))
def reporter(request): query = request.GET.get('guid') if query: qs = None if query.isdigit(): qs = Addon.objects.filter(id=query) if not qs: qs = Addon.objects.filter(slug=query) if not qs: qs = Addon.objects.filter(guid=query) if not qs and len(query) > 4: qs = CompatReport.objects.filter(guid__startswith=query) if qs: guid = qs[0].guid addon = Addon.objects.get(guid=guid) if (addon.has_listed_versions() or owner_or_unlisted_reviewer(request, addon)): return redirect('compat.reporter_detail', guid) addons = (Addon.objects.filter(authors=request.user) if request.user.is_authenticated() else []) return render(request, 'compat/reporter.html', dict(query=query, addons=addons))
def reporter_detail(request, guid): try: addon = Addon.with_unlisted.get(guid=guid) except Addon.DoesNotExist: addon = None name = addon.name if addon else guid qs = CompatReport.objects.filter(guid=guid) if (addon and not addon.is_listed and not owner_or_unlisted_reviewer(request, addon)): # Not authorized? Let's pretend this addon simply doesn't exist. name = guid qs = CompatReport.objects.none() form = AppVerForm(request.GET) if request.GET and form.is_valid() and form.cleaned_data['appver']: # Apply filters only if we have a good app/version combination. app, ver = form.cleaned_data['appver'].split('-') app = amo.APP_IDS[int(app)] ver = vdict(floor_version(ver))['major'] # 3.6 => 3 # Ideally we'd have a `version_int` column to do strict version # comparing, but that's overkill for basic version filtering here. qs = qs.filter(app_guid=app.guid, app_version__startswith=str(ver) + '.') works_ = dict(qs.values_list('works_properly').annotate(Count('id'))) works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)} works_properly = request.GET.get('works_properly') if works_properly: qs = qs.filter(works_properly=works_properly) reports = amo_utils.paginate(request, qs.order_by('-created'), 100) return render(request, 'compat/reporter_detail.html', dict(reports=reports, works=works, works_properly=works_properly, name=name, guid=guid, form=form))