def wrapped_f(*args, **kwargs):
from bioshareX.models import Share
share = kwargs.get(self.share_param, None)
if share:
if not isinstance(kwargs[self.share_param], Share):
try:
share = Share.get_by_slug_or_id(share)
except Share.DoesNotExist:
return render(
args[0],
'errors/message.html',
{'message': 'No share with that ID exists.'},
status=500)
if not paths_contain(settings.DIRECTORY_WHITELIST,
share.get_realpath()):
raise Exception('Share has an invalid root path: %s' %
share.get_realpath())
path = kwargs.get(self.path_param, None)
if path is not None:
test_path(path)
if share:
full_path = os.path.join(share.get_path(), path)
if not paths_contain(settings.DIRECTORY_WHITELIST,
full_path):
raise Exception('Illegal path encountered, %s, %s' %
(share.get_path(), path))
return f(*args, **kwargs)
def wrapped_f(*args, **kwargs):
from bioshareX.models import Share
try:
share = Share.get_by_slug_or_id(kwargs[self.share_param])
except Share.DoesNotExist:
return render(args[0],
'errors/message.html',
{'message': 'No share with that ID exists.'},
status=500)
kwargs[self.share_param] = share
request = args[0]
user_permissions = share.get_user_permissions(request.user)
for perm in self.perms:
if not share.secure and perm in [
'view_share_files', 'download_share_files'
]:
continue
if not perm in user_permissions:
if request.is_ajax():
if not request.user.is_authenticated():
return JsonResponse(
{
'status':
'error',
'unauthenticated':
True,
'errors': [
'You do not have access to this resource.'
]
},
status=status.HTTP_401_UNAUTHORIZED)
return json_error({
'status':
'error',
'unauthenticated':
True,
'errors':
['You do not have access to this resource.']
})
else:
return json_error(
['You do not have access to this resource.'])
else:
if not request.user.is_authenticated():
url = reverse(
'login'
) + '?next=%s' % request.get_full_path()
return redirect(url)
return redirect('forbidden')
return f(*args, **kwargs)
def wrapped_f(*args,**kwargs):
from bioshareX.models import Share
share = kwargs.get(self.share_param,None)
if share:
if not isinstance(kwargs[self.share_param], Share):
share = Share.get_by_slug_or_id(share)
if not paths_contain(settings.DIRECTORY_WHITELIST,share.get_realpath()):
raise Exception('Share has an invalid root path: %s'%share.get_realpath())
path = kwargs.get(self.path_param,None)
if path is not None:
test_path(path)
if share:
full_path = os.path.join(share.get_path(),path)
if not paths_contain(settings.DIRECTORY_WHITELIST,full_path):
raise Exception('Illegal path encountered, %s, %s'%(share.get_path(),path))
return f(*args,**kwargs)
def _get_share(self,path):
parts = path.split(os.path.sep)
if len(parts) < 2:
print 'bad length'
raise PermissionDenied("Received an invalid path: %s"%path)
if not self.shares.has_key(parts[1]) and self.user.id == -1: #Anonymous users don't yet have a dictionary of shares.
try:
share = Share.get_by_slug_or_id(parts[1])
self.shares[share.slug_or_id] = share
except:
pass
if not self.shares.has_key(parts[1]):
print 'no share exists'
print path
raise PermissionDenied("Share does not exist: %s"%path[1])
return self.shares[parts[1]]
def wrapped_f(*args,**kwargs):
from bioshareX.models import Share
share = Share.get_by_slug_or_id(kwargs[self.share_param])
kwargs[self.share_param]=share
request = args[0]
user_permissions = share.get_user_permissions(request.user)
for perm in self.perms:
if not share.secure and perm in ['view_share_files','download_share_files']:
continue
if not perm in user_permissions:
if request.is_ajax():
if not request.user.is_authenticated():
return JsonResponse({'status':'error','unauthenticated':True,'errors':['You do not have access to this resource.']},status=status.HTTP_401_UNAUTHORIZED)
return json_error({'status':'error','unauthenticated':True,'errors':['You do not have access to this resource.']})
else:
return json_error(['You do not have access to this resource.'])
else:
if not request.user.is_authenticated():
url = reverse('login') + '?next=%s' % request.get_full_path()
return redirect(url)
return redirect('forbidden')
return f(*args,**kwargs)
