def file_display(request):
"""
Stream a file
"""
root_path = get_root_directory(request)
rel_filepath = decode_path(request.params['name'])
# remove the leading slash to be able to join
rel_filepath = rel_filepath.strip('/')
filepath = os.path.join(root_path, rel_filepath)
filename = os.path.basename(filepath)
company_code = request.context.code_compta
if not code_is_not_null(company_code):
logger.warn("Current context has no code")
return HTTPForbidden()
if not isprefixed(filename, company_code):
logger.warn("Current context has no code")
return HTTPForbidden()
if not issubdir(root_path, filepath):
logger.warn("Given filepath is not a subdirectory")
logger.warn(filepath)
logger.warn(root_path)
return HTTPForbidden()
if os.path.isfile(filepath):
file_obj = AbstractFile(filename, filepath)
file_obj.as_response(request)
return request.response
logger.warn("AbstractFile not found")
logger.warn(filepath)
return HTTPNotFound()
def file_display(request):
"""
Stream a file
"""
root_path = get_root_directory(request)
rel_filepath = decode_path(request.params['name'])
# remove the leading slash to be able to join
rel_filepath = rel_filepath.strip('/')
filepath = os.path.join(root_path, rel_filepath)
filename = os.path.basename(filepath)
company_code = request.context.code_compta
if not code_is_not_null(company_code):
logger.warn("Current context has no code")
return HTTPForbidden()
if not isprefixed(filename, company_code):
logger.warn("Current context has no code")
return HTTPForbidden()
if not issubdir(root_path, filepath):
logger.warn("Given filepath is not a subdirectory")
logger.warn(filepath)
logger.warn(root_path)
return HTTPForbidden()
if os.path.isfile(filepath):
file_obj = AbstractFile(filename, filepath)
file_obj.as_response(request)
return request.response
logger.warn("AbstractFile not found")
logger.warn(filepath)
return HTTPNotFound()
def test_issubdir():
assert(issubdir("/root/foo", "/root/foo/bar"))
assert(not issubdir("/root/foo", "/root/bar"))
assert(not issubdir("/root/foo", "/root/../../foo/bar"))
def test_issubdir(self):
self.assertTrue(issubdir("/root/foo", "/root/foo/bar"))
self.assertFalse(issubdir("/root/foo", "/root/bar"))
self.assertFalse(issubdir("/root/foo", "/root/../../foo/bar"))
def test_issubdir():
assert (issubdir("/root/foo", "/root/foo/bar"))
assert (not issubdir("/root/foo", "/root/bar"))
assert (not issubdir("/root/foo", "/root/../../foo/bar"))
