Exemplo n.º 1
0
def move_folder(db_folder, target_path, user_account, data_manager, permissions_manager, logger):
    """
    Moves a disk folder to the given new path (which must not already exist),
    and updates the associated database records. The folder is effectively
    renamed if the parent folder path remains the same.

    This method may take a long time, as the folder's sub-folders and images
    must also be moved, both on disk and in the database. The audit trail is
    also updated for every affected image, image IDs cached under the old path
    are cleared, and folder tree permissions are re-calculated.

    The user account must have Delete Folder permission for the original
    parent folder and Create Folder permission for the target parent folder,
    or alternatively have the file admin system permission.

    This method creates and commits its own separate database connection
    in an attempt to keep the operation is as atomic as possible. Note however
    that if there is an error moving the folder tree (in the database or on
    disk), operations already performed are not rolled back, and the database
    may become out of sync with the file system.

    Returns the updated folder object, including all affected sub-folders.

    Raises a DoesNotExistError if the source folder does not exist.
    Raises an AlreadyExistsError if the target path already exists.
    Raises an IOError or OSError on error moving the disk files or folders.
    Raises a ValueError if the source folder or target path is invalid.
    Raises a DBError for database errors.
    Raises a SecurityError if the current user does not have sufficient
    permission to perform the move or if the target path is outside of
    IMAGES_BASE_DIR.
    """
    db_session = data_manager.db_get_session()
    success = False
    try:
        _validate_path_chars(target_path)
        target_path = filepath_normalize(target_path)
        target_path = _secure_folder_path(
            target_path,
            True,
            app.config['ALLOW_UNICODE_FILENAMES']
        )
        norm_src = strip_seps(db_folder.path)
        norm_tgt = strip_seps(target_path)

        # Cannot move the root folder
        if norm_src == '':
            raise ValueError('Cannot move the root folder')
        # Don't allow blank path (move to become root) either
        if norm_tgt == '':
            raise ValueError('Target folder path cannot be empty')
        # Cannot move a folder into itself
        if norm_tgt.startswith(add_sep(norm_src)):
            raise ValueError('Cannot move a folder into itself')

        # Do nothing if target path is the same as the source
        if norm_src == norm_tgt:
            success = True
            return db_folder

        # Connect db_folder to our database session
        db_folder = data_manager.get_folder(db_folder.id, _db_session=db_session)
        if not db_folder:
            raise DoesNotExistError('Folder ID %d does not exist' % db_folder.id)

        # Source folder must exist
        ensure_path_exists(db_folder.path, require_directory=True)
        # Target folder must not yet exist (we cannot merge)
        if path_exists(target_path):
            raise AlreadyExistsError('Path already exists: ' + target_path)

        renaming = (
            strip_seps(filepath_parent(db_folder.path)) ==
            strip_seps(filepath_parent(target_path))
        )

        # Get parent folders for permissions checking
        # Target parent may not exist yet so use the closest node in the tree
        db_source_parent = db_folder.parent
        db_target_parent = _get_nearest_parent_folder(
            target_path, data_manager, db_session
        )
        # Require Create Folder permission for destination folder
        if user_account:
            permissions_manager.ensure_folder_permitted(
                db_target_parent,
                FolderPermission.ACCESS_CREATE_FOLDER,
                user_account
            )
        # Require Delete Folder permission for source parent folder
        if user_account and not renaming:
            permissions_manager.ensure_folder_permitted(
                db_source_parent,
                FolderPermission.ACCESS_DELETE_FOLDER,
                user_account
            )

        logger.info(
            'Disk folder %s is being moved to %s by %s' %
            (db_folder.path, target_path,
             user_account.username if user_account else 'System')
        )

        # We know there's no physical target folder, but if there is an
        # old (deleted) db record for the target path, purge it first.
        db_old_target_folder = data_manager.get_folder(
            folder_path=target_path, _db_session=db_session
        )
        if db_old_target_folder:
            # This recurses to purge files and sub-folders too
            data_manager.delete_folder(
                db_old_target_folder,
                purge=True,
                _db_session=db_session,
                _commit=False
            )

        # Move the disk files first, as this is the most likely thing to fail.
        # Note that this might involve moving files and directories we haven't
        # got database entries for (but that doesn't matter).
        filesystem_manager.move(db_folder.path, target_path)

        # Prep image history
        if renaming:
            history_info = 'Folder renamed from ' + filepath_filename(db_folder.path) + \
                           ' to ' + filepath_filename(target_path)
        else:
            history_info = 'Folder moved from ' + db_folder.path + ' to ' + target_path

        # Update the database
        data_manager.set_folder_path(
            db_folder,
            target_path,
            user_account,
            history_info,
            _db_session=db_session,
            _commit=False
        )

        # OK!
        logger.info(
            'Disk folder %s successfully moved to %s by %s' %
            (db_folder.path, target_path,
             user_account.username if user_account else 'System')
        )
        success = True
        return db_folder

    finally:
        # Commit or rollback database
        try:
            if success:
                db_session.commit()
            else:
                db_session.rollback()
        finally:
            db_session.close()

        # Clear folder permissions cache as folder tree has changed
        if success:
            permissions_manager.reset()
Exemplo n.º 2
0
def move_file(db_image, target_path, user_account, data_manager, permissions_manager):
    """
    Moves an image file to the given new path and filename (the folder component
    of which must already exist), adds image history and updates the associated
    database records. The image file is effectively renamed if the folder part
    of the path remains the same.

    The user account must have Delete File permission for the source folder
    and Upload File permission for the target folder, or alternatively have
    the file admin system permission.

    This method creates and commits its own separate database connection
    so that the operation is atomic.

    Returns the updated image object.

    Raises a DoesNotExistError if the source image file does not exist
    or the target folder does not exist.
    Raises an AlreadyExistsError if the target file already exists.
    Raises an IOError or OSError if the target file cannot be created.
    Raises a ValueError if the target filename is invalid.
    Raises a DBError for database errors.
    Raises a SecurityError if the current user does not have sufficient
    permission to perform the move or if the target path is outside of
    IMAGES_BASE_DIR.
    """
    db_session = data_manager.db_get_session()
    file_moved = False
    success = False
    try:
        _validate_path_chars(target_path)
        target_path = filepath_normalize(target_path)

        # Connect db_image to our database session
        db_image = data_manager.get_image(db_image.id, _db_session=db_session)
        if not db_image:
            raise DoesNotExistError('Image ID %d does not exist' % db_image.id)

        # Save the old path for rolling back
        source_path = db_image.src
        source_folder = filepath_parent(source_path)
        source_filename = filepath_filename(source_path)

        # Get and secure the target filename
        target_folder = filepath_parent(target_path)
        target_filename = filepath_filename(target_path)
        target_filename = secure_filename(
            target_filename,
            app.config['ALLOW_UNICODE_FILENAMES']
        )
        target_path = os.path.join(target_folder, target_filename)

        # Insist on minimum a.xyz file name (else raise ValueError)
        validate_filename(target_filename)
        # Target folder must exist
        ensure_path_exists(target_folder, require_directory=True)

        # Do nothing if target path is the same as the source
        if strip_sep(db_image.src, leading=True) == strip_sep(target_path, leading=True):
            success = True
            return db_image

        # Get source and target folder data
        db_source_folder = db_image.folder
        db_target_folder = auto_sync_existing_folder(
            target_folder, data_manager, _db_session=db_session
        )
        if db_target_folder is None:
            raise DoesNotExistError(target_folder)  # Should never happen

        # Check source file exists
        ensure_path_exists(db_image.src, require_file=True)
        # Check target file does not exist (we cannot merge)
        if path_exists(target_path, require_file=True):
            raise AlreadyExistsError('Target file already exists: ' + target_path)

        renaming = (db_source_folder == db_target_folder)

        # Check permissions for source and destination folders
        permissions_manager.ensure_folder_permitted(
            db_target_folder,
            FolderPermission.ACCESS_UPLOAD,
            user_account
        )
        if not renaming:
            permissions_manager.ensure_folder_permitted(
                db_source_folder,
                FolderPermission.ACCESS_DELETE,
                user_account
            )

        # We know there's no physical target file, but if there is an
        # old (deleted) db record for the target path, purge it first
        db_old_target_image = data_manager.get_image(
            src=target_path, _db_session=db_session
        )
        if db_old_target_image:
            data_manager.delete_image(
                db_old_target_image,
                purge=True,
                _db_session=db_session,
                _commit=False
            )

        # Move the physical file
        filesystem_manager.move(source_path, target_path)
        file_moved = True

        # Update the database
        db_image.status = Image.STATUS_ACTIVE
        db_image.folder = db_target_folder
        data_manager.set_image_src(db_image, target_path)

        # Add history
        if renaming:
            history_info = 'Renamed from ' + source_filename + ' to ' + target_filename
        else:
            history_info = 'Moved from ' + source_folder + ' to ' + target_folder
        data_manager.add_image_history(
            db_image,
            user_account,
            ImageHistory.ACTION_MOVED,
            history_info,
            _db_session=db_session,
            _commit=False
        )

        # OK!
        success = True
        return db_image

    finally:
        # Rollback file move?
        if not success and file_moved:
            try:
                filesystem_manager.move(target_path, source_path)
            except:
                pass
        # Commit or rollback database
        try:
            if success:
                db_session.commit()
            else:
                db_session.rollback()
        finally:
            db_session.close()