def validate_absolute_path(self, root, absolute_path): """Overrides StaticFileHandler's method to include authentication """ # Get the filename (or the base directory) of the result len_prefix = len(commonprefix([root, absolute_path])) base_requested_fp = absolute_path[len_prefix:].split(sep, 1)[0] current_user = self.current_user # If the user is an admin, then allow access if current_user.level == 'admin': return super(ResultsHandler, self).validate_absolute_path( root, absolute_path) # otherwise, we have to check if they have access to the requested # resource user_id = current_user.id accessible_filepaths = check_access_to_analysis_result( user_id, base_requested_fp) # Turn these filepath IDs into absolute paths db_files_base_dir = get_db_files_base_dir() relpaths = filepath_ids_to_rel_paths(accessible_filepaths) accessible_filepaths = {join(db_files_base_dir, relpath) for relpath in relpaths.values()} # check if the requested resource is a file (or is in a directory) that # the user has access to if join(root, base_requested_fp) in accessible_filepaths: return super(ResultsHandler, self).validate_absolute_path( root, absolute_path) else: raise QiitaPetAuthorizationError(user_id, absolute_path)
def test_filepath_ids_to_rel_paths(self): obs = filepath_ids_to_rel_paths([1, 3]) exp = { 1: 'raw_data/1_s_G1_L001_sequences.fastq.gz', 3: 'raw_data/2_sequences.fastq.gz' } self.assertEqual(obs, exp)
def validate_absolute_path(self, root, absolute_path): """Overrides StaticFileHandler's method to include authentication """ # Get the filename (or the base directory) of the result if root[-1] != '/': root = "%s/" % root len_prefix = len(commonprefix([root, absolute_path])) base_requested_fp = absolute_path[len_prefix:].split(sep, 1)[0] current_user = self.current_user # If the user is an admin, then allow access if current_user.level == 'admin': return super(ResultsHandler, self).validate_absolute_path(root, absolute_path) # otherwise, we have to check if they have access to the requested # resource user_id = current_user.id accessible_filepaths = check_access_to_analysis_result( user_id, base_requested_fp) # Turn these filepath IDs into absolute paths db_files_base_dir = get_db_files_base_dir() relpaths = filepath_ids_to_rel_paths(accessible_filepaths) accessible_filepaths = { join(db_files_base_dir, relpath) for relpath in relpaths.values() } # check if the requested resource is a file (or is in a directory) that # the user has access to if join(root, base_requested_fp) in accessible_filepaths: return super(ResultsHandler, self).validate_absolute_path(root, absolute_path) else: raise QiitaPetAuthorizationError(user_id, absolute_path)
def test_filepath_ids_to_rel_paths(self): obs = filepath_ids_to_rel_paths([1, 3]) exp = {1: 'raw_data/1_s_G1_L001_sequences.fastq.gz', 3: 'raw_data/2_sequences.fastq.gz'} self.assertEqual(obs, exp)
def test_filepath_ids_to_rel_paths(self): obs = filepath_ids_to_rel_paths([1, 3]) exp = {1: "raw_data/1_s_G1_L001_sequences.fastq.gz", 3: "preprocessed_data/1_seqs.fna"} self.assertEqual(obs, exp)