def validate_absolute_path(self, root, absolute_path): """Overrides StaticFileHandler's method to include authentication """ # Get the filename (or the base directory) of the result len_prefix = len(commonprefix([root, absolute_path])) base_requested_fp = absolute_path[len_prefix:].split(sep, 1)[0] current_user = self.current_user # If the user is an admin, then allow access if current_user.level == 'admin': return super(ResultsHandler, self).validate_absolute_path( root, absolute_path) # otherwise, we have to check if they have access to the requested # resource user_id = current_user.id accessible_filepaths = check_access_to_analysis_result( user_id, base_requested_fp) # Turn these filepath IDs into absolute paths db_files_base_dir = get_db_files_base_dir() relpaths = filepath_ids_to_rel_paths(accessible_filepaths) accessible_filepaths = {join(db_files_base_dir, relpath) for relpath in relpaths.values()} # check if the requested resource is a file (or is in a directory) that # the user has access to if join(root, base_requested_fp) in accessible_filepaths: return super(ResultsHandler, self).validate_absolute_path( root, absolute_path) else: raise QiitaPetAuthorizationError(user_id, absolute_path)
def validate_absolute_path(self, root, absolute_path): """Overrides StaticFileHandler's method to include authentication """ # Get the filename (or the base directory) of the result if root[-1] != '/': root = "%s/" % root len_prefix = len(commonprefix([root, absolute_path])) base_requested_fp = absolute_path[len_prefix:].split(sep, 1)[0] current_user = self.current_user # If the user is an admin, then allow access if current_user.level == 'admin': return super(ResultsHandler, self).validate_absolute_path( root, absolute_path) # otherwise, we have to check if they have access to the requested # resource user_id = current_user.id accessible_filepaths = check_access_to_analysis_result( user_id, base_requested_fp) # Turn these filepath IDs into absolute paths db_files_base_dir = get_db_files_base_dir() relpaths = filepath_ids_to_rel_paths(accessible_filepaths) accessible_filepaths = {join(db_files_base_dir, relpath) for relpath in relpaths.values()} # check if the requested resource is a file (or is in a directory) that # the user has access to if join(root, base_requested_fp) in accessible_filepaths: return super(ResultsHandler, self).validate_absolute_path( root, absolute_path) else: raise QiitaPetAuthorizationError(user_id, absolute_path)
def test_check_access_to_analysis_result(self): obs = check_access_to_analysis_result('*****@*****.**', '1_job_result.txt') exp = [12] self.assertEqual(obs, exp)
def test_check_access_to_analysis_result(self): obs = check_access_to_analysis_result("*****@*****.**", "1_job_result.txt") exp = [10] self.assertEqual(obs, exp)