def test_move_to_folder_basic(self):
group, _ = Group.objects.get_or_create(name='Hydroshare Author')
user = hydroshare.create_account('*****@*****.**',
username='******',
first_name='Creator_FirstName',
last_name='Creator_LastName',
superuser=False,
groups=[])
resource = hydroshare.create_resource(
'GenericResource',
user,
'test resource',
)
resource.save()
open('myfile.txt', "w").close()
file = open('myfile.txt', 'rb')
hydroshare.add_resource_files(resource.short_id, file)
create_folder(resource.short_id, "data/contents/test_folder")
move_to_folder(user,
resource.short_id,
src_paths=['data/contents/myfile.txt'],
tgt_path="data/contents/test_folder",
validate_move=True)
folder_contents = list_folder(resource.short_id,
"data/contents/test_folder")
self.assertTrue(['myfile.txt'] in folder_contents)
resource.delete()
def test_move_to_folder_basic(self):
group, _ = Group.objects.get_or_create(name='Hydroshare Author')
user = hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='Creator_FirstName',
last_name='Creator_LastName',
superuser=False,
groups=[]
)
resource = hydroshare.create_resource(
'GenericResource',
user,
'test resource',
)
resource.save()
open('myfile.txt', "w").close()
file = open('myfile.txt', 'r')
hydroshare.add_resource_files(resource.short_id, file)
create_folder(resource.short_id, "data/contents/test_folder")
move_to_folder(user, resource.short_id,
src_paths=['data/contents/myfile.txt'],
tgt_path="data/contents/test_folder",
validate_move=True)
folder_contents = list_folder(resource.short_id, "data/contents/test_folder")
self.assertTrue(['myfile.txt'] in folder_contents)
resource.delete()
def data_store_move_to_folder(request, pk=None):
"""
Move a list of files and/or folders to another folder in a resource file hierarchy.
:param request: a REST request
:param pk: the short_id of a resource to modify, from REST URL.
It is invoked by an AJAX call and returns a json object that has the relative paths of
the target files or folders to which files have been moved. The AJAX request must be a POST
request with input data passed in for source_paths and target_path where source_paths
and target_path are the relative paths for the source and target file or folder in the
res_id file directory.
This routine is **specifically** targeted at validating requests from the UI.
Thus it is much more limiting than a general purpose REST responder.
"""
pk = request.POST.get('res_id', pk)
if pk is None:
return HttpResponse('Bad request - resource id is not included',
status=status.HTTP_400_BAD_REQUEST)
# whether to treat request as atomic: skip overwrites for valid request
atomic = request.POST.get('atomic', 'false') == 'true' # False by default
pk = str(pk).strip()
try:
resource, _, user = authorize(
request, pk, needed_permission=ACTION_TO_AUTHORIZE.EDIT_RESOURCE)
except NotFound:
return HttpResponse('Bad request - resource not found',
status=status.HTTP_400_BAD_REQUEST)
except PermissionDenied:
return HttpResponse('Permission denied',
status=status.HTTP_401_UNAUTHORIZED)
tgt_path = resolve_request(request).get('target_path', None)
src_paths = resolve_request(request).get('source_paths', None)
if src_paths is None or tgt_path is None:
return HttpResponse(
'Bad request - src_paths or tgt_path is not included',
status=status.HTTP_400_BAD_REQUEST)
tgt_path = str(tgt_path).strip()
if not tgt_path:
return HttpResponse('Target directory not specified',
status=status.HTTP_400_BAD_REQUEST)
# protect against common hacking attacks
if not tgt_path.startswith('data/contents/'):
return HttpResponse(
'Target directory path must start with data/contents/',
status=status.HTTP_400_BAD_REQUEST)
if tgt_path.find('/../') >= 0 or tgt_path.endswith('/..'):
return HttpResponse('Bad request - tgt_path cannot contain /../',
status=status.HTTP_400_BAD_REQUEST)
istorage = resource.get_irods_storage()
# strip trailing slashes (if any)
tgt_path = tgt_path.rstrip('/')
tgt_short_path = tgt_path[len('data/contents/'):]
tgt_storage_path = os.path.join(resource.root_path, tgt_path)
if not irods_path_is_directory(istorage, tgt_storage_path):
return HttpResponse('Target of move is not an existing folder',
status=status.HTTP_400_BAD_REQUEST)
src_paths = json.loads(src_paths)
for i in range(len(src_paths)):
src_paths[i] = str(src_paths[i]).strip().rstrip('/')
# protect against common hacking attacks
for src_path in src_paths:
if not src_path.startswith('data/contents/'):
return HttpResponse(
'Paths to be moved must start with data/contents/',
status=status.HTTP_400_BAD_REQUEST)
if src_path.find('/../') >= 0 or src_path.endswith('/..'):
return HttpResponse('Paths to be moved cannot contain /../',
status=status.HTTP_400_BAD_REQUEST)
valid_src_paths = []
skipped_tgt_paths = []
for src_path in src_paths:
src_storage_path = os.path.join(resource.root_path, src_path)
src_short_path = src_path[len('data/contents/'):]
# protect against stale data botches: source files should exist
try:
folder, file = ResourceFile.resource_path_is_acceptable(
resource, src_storage_path, test_exists=True)
except ValidationError:
return HttpResponse(
'Source file {} does not exist'.format(src_short_path),
status=status.HTTP_400_BAD_REQUEST)
if not irods_path_is_directory(
istorage, src_storage_path): # there is django record
try:
ResourceFile.get(resource, file, folder=folder)
except ResourceFile.DoesNotExist:
return HttpResponse(
'Source file {} does not exist'.format(src_short_path),
status=status.HTTP_400_BAD_REQUEST)
# protect against inadvertent overwrite
base = os.path.basename(src_storage_path)
tgt_overwrite = os.path.join(tgt_storage_path, base)
if not istorage.exists(tgt_overwrite):
valid_src_paths.append(
src_path) # partly qualified path for operation
else: # skip pre-existing objects
skipped_tgt_paths.append(os.path.join(tgt_short_path, base))
if skipped_tgt_paths:
if atomic:
message = 'move would overwrite {}'.format(
', '.join(skipped_tgt_paths))
return HttpResponse(message, status=status.HTTP_400_BAD_REQUEST)
# if not atomic, then try to move the files that don't have conflicts
# stop immediately on error.
try:
move_to_folder(user, pk, valid_src_paths, tgt_path)
except SessionException as ex:
return HttpResponse(ex.stderr,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
except DRF_ValidationError as ex:
return HttpResponse(ex.detail, status=status.HTTP_400_BAD_REQUEST)
return_object = {'target_rel_path': tgt_path}
if skipped_tgt_paths: # add information on skipped steps
message = '[Warn] skipped move to existing {}'.format(
', '.join(skipped_tgt_paths))
return_object['additional_status'] = message
return HttpResponse(json.dumps(return_object),
content_type='application/json')
def data_store_move_to_folder(request, pk=None):
"""
Move a list of files and/or folders to another folder in a resource file hierarchy.
:param request: a REST request
:param pk: the short_id of a resource to modify, from REST URL.
It is invoked by an AJAX call and returns a json object that has the relative paths of
the target files or folders to which files have been moved. The AJAX request must be a POST
request with input data passed in for source_paths and target_path where source_paths
and target_path are the relative paths (relative to path res_id/data/contents) for the source
and target file or folder in the res_id file directory.
This routine is **specifically** targeted at validating requests from the UI.
Thus it is much more limiting than a general purpose REST responder.
"""
pk = request.POST.get('res_id', pk)
if pk is None:
return HttpResponse('Bad request - resource id is not included',
status=status.HTTP_400_BAD_REQUEST)
# whether to treat request as atomic: skip overwrites for valid request
atomic = request.POST.get('atomic', 'false') == 'true' # False by default
pk = str(pk).strip()
try:
resource, _, user = authorize(request, pk,
needed_permission=ACTION_TO_AUTHORIZE.EDIT_RESOURCE)
except NotFound:
return HttpResponse('Bad request - resource not found', status=status.HTTP_400_BAD_REQUEST)
except PermissionDenied:
return HttpResponse('Permission denied', status=status.HTTP_401_UNAUTHORIZED)
tgt_path = resolve_request(request).get('target_path', None)
src_paths = resolve_request(request).get('source_paths', None)
try:
tgt_path = _validate_path(tgt_path, 'tgt_path', check_path_empty=False)
except ValidationError as ex:
return HttpResponse(ex.message, status=status.HTTP_400_BAD_REQUEST)
istorage = resource.get_irods_storage()
tgt_short_path = tgt_path[len('data/contents/'):]
tgt_storage_path = os.path.join(resource.root_path, tgt_path)
if not irods_path_is_directory(istorage, tgt_storage_path):
return HttpResponse('Target of move is not an existing folder',
status=status.HTTP_400_BAD_REQUEST)
src_paths = json.loads(src_paths)
# protect against common hacking attacks
for index, src_path in enumerate(src_paths):
try:
src_paths[index] = _validate_path(src_path, 'src_paths')
except ValidationError as ex:
return HttpResponse(ex.message, status=status.HTTP_400_BAD_REQUEST)
valid_src_paths = []
skipped_tgt_paths = []
for src_path in src_paths:
src_storage_path = os.path.join(resource.root_path, src_path)
src_short_path = src_path[len('data/contents/'):]
# protect against stale data botches: source files should exist
try:
folder, file = ResourceFile.resource_path_is_acceptable(resource,
src_storage_path,
test_exists=True)
except ValidationError:
return HttpResponse('Source file {} does not exist'.format(src_short_path),
status=status.HTTP_400_BAD_REQUEST)
if not irods_path_is_directory(istorage, src_storage_path): # there is django record
try:
ResourceFile.get(resource, file, folder=folder)
except ResourceFile.DoesNotExist:
return HttpResponse('Source file {} does not exist'.format(src_short_path),
status=status.HTTP_400_BAD_REQUEST)
# protect against inadvertent overwrite
base = os.path.basename(src_storage_path)
tgt_overwrite = os.path.join(tgt_storage_path, base)
if not istorage.exists(tgt_overwrite):
valid_src_paths.append(src_path) # partly qualified path for operation
else: # skip pre-existing objects
skipped_tgt_paths.append(os.path.join(tgt_short_path, base))
if skipped_tgt_paths:
if atomic:
message = 'move would overwrite {}'.format(', '.join(skipped_tgt_paths))
return HttpResponse(message, status=status.HTTP_400_BAD_REQUEST)
# if not atomic, then try to move the files that don't have conflicts
# stop immediately on error.
try:
move_to_folder(user, pk, valid_src_paths, tgt_path)
except SessionException as ex:
return HttpResponse(ex.stderr, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
except DRF_ValidationError as ex:
return HttpResponse(ex.detail, status=status.HTTP_400_BAD_REQUEST)
return_object = {'target_rel_path': tgt_path}
if skipped_tgt_paths: # add information on skipped steps
message = '[Warn] skipped move to existing {}'.format(', '.join(skipped_tgt_paths))
return_object['additional_status'] = message
return HttpResponse(
json.dumps(return_object),
content_type='application/json'
)