Пример #1
0
def upload_image(current_user=None):
    application = Application.get_for_user(current_user.id)
    if application is None:
        raise ForbiddenException('User {} does not have access.'.format(
            current_user.id))
    else:
        if app.config.get('TESTING'):
            image = Image(application_id=application.id)
            db.session.add(image)
            db.session.commit()
            return {'status': 'ok'}
        else:
            s3 = boto3.client(
                's3',
                region_name=aws_region_name,
                endpoint_url=aws_endpoint_url,
                config=Config(signature_version=aws_signature_version),
            )
            for key, file in request.files.items():
                if file.filename == "":
                    raise BadRequestException("No file selected")

                if file and file.filename.lower().endswith(
                    ('.png', '.jpg', '.jpeg')):
                    try:
                        image = Image(application_id=application.id)
                        db.session.add(image)
                        db.session.commit()
                        s3.upload_fileobj(file,
                                          aws_bucket_name,
                                          image.filename,
                                          ExtraArgs={
                                              "ACL": 'public-read',
                                              "ContentType": file.content_type
                                          })
                    except Exception as e:
                        print('ERROR upload_image AppException', e)
                        Image.delete(image.id, image.filename)
                        raise AppException() from e
                else:
                    print('ERROR upload_image File was not an allowed type')
                    raise ForbiddenException('File was not an allowed type')
            return {'status': 'ok'}
Пример #2
0
def delete_s3(image_id, current_user=None):
    image = Image.query.get(image_id)
    application = Application.get_for_user(current_user.id)
    if application is not None:
        self_access = not application.is_submitted
        has_access = has_applicant_access(current_user,
                                          application.user,
                                          self_access=self_access)
    else:
        has_access = False
    if (not has_access or image is None or application is None
            or application.is_submitted
            or application.id != image.application_id):
        raise ForbiddenException(
            'User {} does not have access to image {}.'.format(
                current_user.id, image_id))
    else:
        Image.delete(image_id, image.filename)
        return {'status': 'ok'}
Пример #3
0
def delete_image(id):
    # Get image #id
    try:
        image = Image.get(Image.id == id)
    except Image.DoesNotExist:
        return jsonify(**IMAGE_NOT_FOUND)

    # TODO: Delete image binary file and thumb
    # Need to check safe path and MIME type first

    # Delete image DB record
    query = Image.delete().where(Image.id == id)
    query.execute()

    # return JSON status OK
    return jsonify(**STATUS_OK)
Пример #4
0
def delete_image(id):
    # Get image #id
    try:
        image = Image.get(Image.id == id)
    except Image.DoesNotExist:
        return jsonify(**IMAGE_NOT_FOUND)

    # TODO: Delete image binary file and thumb
    # Need to check safe path and MIME type first

    # Delete image DB record
    query = Image.delete().where(Image.id == id)
    query.execute()

    # return JSON status OK
    return jsonify(**STATUS_OK)