def download_file(request, file_id, type=None, file_=None, addon=None):
if not file_:
file_ = get_object_or_404(File.objects, pk=file_id)
if not addon:
addon = get_object_or_404(Addon.with_unlisted, pk=file_.version.addon_id)
if addon.is_disabled or file_.status == amo.STATUS_DISABLED:
if acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(
request
):
return HttpResponseSendFile(request, file_.guarded_file_path, content_type="application/x-xpinstall")
log.info(
u"download file {file_id}: addon/file disabled or user "
u"{user_id} is not an owner".format(file_id=file_id, user_id=request.user.pk)
)
raise http.Http404()
if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)):
log.info(
u"download file {file_id}: addon is unlisted but user "
u"{user_id} is not an owner".format(file_id=file_id, user_id=request.user.pk)
)
raise http.Http404 # Not listed, not owner or admin.
attachment = type == "attachment" or not request.APP.browser
loc = urlparams(file_.get_mirror(addon, attachment=attachment), filehash=file_.hash)
response = http.HttpResponseRedirect(loc)
response["X-Target-Digest"] = file_.hash
return response
def download_file(request, file_id, type=None, file_=None, addon=None):
if not file_:
file_ = get_object_or_404(File.objects, pk=file_id)
if not addon:
addon = get_object_or_404(Addon.with_unlisted,
pk=file_.version.addon_id)
if addon.is_disabled or file_.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(
request, addon, viewer=True, ignore_disabled=True)
or acl.check_addons_reviewer(request)):
return HttpResponseSendFile(request,
file_.guarded_file_path,
content_type='application/x-xpinstall')
log.info(u'download file {file_id}: addon/file disabled or user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404()
if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)):
log.info(u'download file {file_id}: addon is unlisted but user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file_.get_mirror(addon, attachment=attachment),
filehash=file_.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file_.hash
return response
def reporter_detail(request, guid):
try:
addon = Addon.objects.get(guid=guid)
except Addon.DoesNotExist:
addon = None
name = addon.name if addon else guid
qs = CompatReport.objects.filter(guid=guid)
show_listed_only = addon and not owner_or_unlisted_reviewer(request, addon)
if (addon and not addon.has_listed_versions() and show_listed_only):
# Not authorized? Let's pretend this addon simply doesn't exist.
name = guid
qs = CompatReport.objects.none()
elif show_listed_only:
unlisted_versions = addon.versions.filter(
channel=amo.RELEASE_CHANNEL_UNLISTED).values_list('version',
flat=True)
qs = qs.exclude(version__in=unlisted_versions)
form = AppVerForm(request.GET)
if request.GET and form.is_valid() and form.cleaned_data['appver']:
# Apply filters only if we have a good app/version combination.
version = form.cleaned_data['appver']
ver = vdict(floor_version(version))['major'] # 3.6 => 3
# Ideally we'd have a `version_int` column to do strict version
# comparing, but that's overkill for basic version filtering here.
qs = qs.filter(app_guid=amo.FIREFOX.guid,
app_version__startswith=str(ver) + '.')
works_ = dict(qs.values_list('works_properly').annotate(Count('id')))
works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)}
works_properly = request.GET.get('works_properly')
if works_properly:
qs = qs.filter(works_properly=works_properly)
reports = paginate(request, qs.order_by('-created'), 100)
return render(
request, 'compat/reporter_detail.html',
dict(reports=reports,
works=works,
works_properly=works_properly,
name=name,
guid=guid,
form=form))
def allowed(request, file):
try:
addon = file.version.addon
except ObjectDoesNotExist:
raise http.Http404
# General case: addon is listed.
if addon.is_listed:
if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES)
or acl.check_addons_reviewer(request)
or acl.check_addon_ownership(
request, addon, viewer=True, dev=True)):
return True # Public and sources are visible, or reviewer.
raise PermissionDenied # Listed but not allowed.
# Not listed? Needs an owner or an "unlisted" admin.
else:
if owner_or_unlisted_reviewer(request, addon):
return True
raise http.Http404 # Not listed, not owner or admin.
def reporter(request):
query = request.GET.get("guid")
if query:
qs = None
if query.isdigit():
qs = Addon.with_unlisted.filter(id=query)
if not qs:
qs = Addon.with_unlisted.filter(slug=query)
if not qs:
qs = Addon.with_unlisted.filter(guid=query)
if not qs and len(query) > 4:
qs = CompatReport.objects.filter(guid__startswith=query)
if qs:
guid = qs[0].guid
addon = Addon.with_unlisted.get(guid=guid)
if addon.is_listed or owner_or_unlisted_reviewer(request, addon):
return redirect("compat.reporter_detail", guid)
addons = Addon.with_unlisted.filter(authors=request.user) if request.user.is_authenticated() else []
return render(request, "compat/reporter.html", dict(query=query, addons=addons))
def download_source(request, version_id):
version = get_object_or_404(Version.objects, pk=version_id)
# General case: version is listed.
if version.channel == amo.RELEASE_CHANNEL_LISTED:
if not (version.source and (acl.check_addon_ownership(
request, version.addon, dev=True, ignore_disabled=True))):
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, version.addon):
raise http.Http404 # Not listed, not owner or unlisted reviewer.
res = HttpResponseSendFile(request, version.source.path)
path = version.source.path
if not isinstance(path, six.text_type):
path = path.decode('utf8')
name = os.path.basename(path.replace(u'"', u''))
disposition = u'attachment; filename="{0}"'.format(name).encode('utf8')
res['Content-Disposition'] = disposition
return res
def allowed(request, file):
try:
addon = file.version.addon
except ObjectDoesNotExist:
raise http.Http404
# General case: addon is listed.
if addon.is_listed:
if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES) or
acl.check_addons_reviewer(request) or
acl.check_addon_ownership(request, addon, viewer=True,
dev=True)):
return True # Public and sources are visible, or reviewer.
raise PermissionDenied # Listed but not allowed.
# Not listed? Needs an owner or an "unlisted" admin.
else:
if owner_or_unlisted_reviewer(request, addon):
return True
raise http.Http404 # Not listed, not owner or admin.
def reporter_detail(request, guid):
try:
addon = Addon.with_unlisted.get(guid=guid)
except Addon.DoesNotExist:
addon = None
name = addon.name if addon else guid
qs = CompatReport.objects.filter(guid=guid)
if (addon and not addon.is_listed
and not owner_or_unlisted_reviewer(request, addon)):
# Not authorized? Let's pretend this addon simply doesn't exist.
name = guid
qs = CompatReport.objects.none()
form = AppVerForm(request.GET)
if request.GET and form.is_valid() and form.cleaned_data['appver']:
# Apply filters only if we have a good app/version combination.
app, ver = form.cleaned_data['appver'].split('-')
app = amo.APP_IDS[int(app)]
ver = vdict(floor_version(ver))['major'] # 3.6 => 3
# Ideally we'd have a `version_int` column to do strict version
# comparing, but that's overkill for basic version filtering here.
qs = qs.filter(app_guid=app.guid,
app_version__startswith=str(ver) + '.')
works_ = dict(qs.values_list('works_properly').annotate(Count('id')))
works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)}
works_properly = request.GET.get('works_properly')
if works_properly:
qs = qs.filter(works_properly=works_properly)
reports = amo_utils.paginate(request, qs.order_by('-created'), 100)
return render(
request, 'compat/reporter_detail.html',
dict(reports=reports,
works=works,
works_properly=works_properly,
name=name,
guid=guid,
form=form))
def reporter_detail(request, guid):
try:
addon = Addon.objects.get(guid=guid)
except Addon.DoesNotExist:
addon = None
name = addon.name if addon else guid
qs = CompatReport.objects.filter(guid=guid)
show_listed_only = addon and not owner_or_unlisted_reviewer(request, addon)
if (addon and not addon.has_listed_versions() and show_listed_only):
# Not authorized? Let's pretend this addon simply doesn't exist.
name = guid
qs = CompatReport.objects.none()
elif show_listed_only:
unlisted_versions = addon.versions.filter(
channel=amo.RELEASE_CHANNEL_UNLISTED).values_list(
'version', flat=True)
qs = qs.exclude(version__in=unlisted_versions)
form = AppVerForm(request.GET)
if request.GET and form.is_valid() and form.cleaned_data['appver']:
# Apply filters only if we have a good app/version combination.
version = form.cleaned_data['appver']
ver = vdict(floor_version(version))['major'] # 3.6 => 3
# Ideally we'd have a `version_int` column to do strict version
# comparing, but that's overkill for basic version filtering here.
qs = qs.filter(app_guid=amo.FIREFOX.guid,
app_version__startswith=str(ver) + '.')
works_ = dict(qs.values_list('works_properly').annotate(Count('id')))
works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)}
works_properly = request.GET.get('works_properly')
if works_properly:
qs = qs.filter(works_properly=works_properly)
reports = paginate(request, qs.order_by('-created'), 100)
return render(request, 'compat/reporter_detail.html',
dict(reports=reports, works=works,
works_properly=works_properly,
name=name, guid=guid, form=form))
def download_source(request, version_id):
version = get_object_or_404(Version.objects, pk=version_id)
# General case: version is listed.
if version.channel == amo.RELEASE_CHANNEL_LISTED:
if not (version.source and
(acl.check_addon_ownership(
request, version.addon, dev=True, ignore_disabled=True))):
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, version.addon):
raise http.Http404 # Not listed, not owner or unlisted reviewer.
res = HttpResponseSendFile(request, version.source.path)
path = version.source.path
if not isinstance(path, six.text_type):
path = path.decode('utf8')
name = os.path.basename(path.replace(u'"', u''))
disposition = u'attachment; filename="{0}"'.format(name).encode('utf8')
res['Content-Disposition'] = disposition
return res
def allowed(request, file):
try:
version = file.version
addon = version.addon
except ObjectDoesNotExist:
raise http.Http404
# General case: addon is listed.
if version.channel == amo.RELEASE_CHANNEL_LISTED:
# We don't show the file-browser publicly because of potential DOS
# issues, we're working on a fix but for now, let's not do this.
# (cgrebs, 06042017)
is_owner = acl.check_addon_ownership(request, addon, dev=True)
if (acl.is_reviewer(request, addon) or is_owner):
return True # Public and sources are visible, or reviewer.
raise PermissionDenied # Listed but not allowed.
# Not listed? Needs an owner or an "unlisted" admin.
else:
if owner_or_unlisted_reviewer(request, addon):
return True
raise http.Http404 # Not listed, not owner or admin.
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
# General case: addon is listed.
if version.addon.is_listed:
if not (version.source and
(acl.check_addon_ownership(request, version.addon,
viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, version.addon):
raise http.Http404 # Not listed, not owner or admin.
res = HttpResponseSendFile(request, version.source.path)
path = version.source.path
if not isinstance(path, unicode):
path = path.decode('utf8')
name = os.path.basename(path.replace(u'"', u''))
disposition = u'attachment; filename="{0}"'.format(name).encode('utf8')
res['Content-Disposition'] = disposition
return res
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
# General case: addon is listed.
if version.addon.is_listed:
if not (version.source and
(acl.check_addon_ownership(
request, version.addon, viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, version.addon):
raise http.Http404 # Not listed, not owner or admin.
res = HttpResponseSendFile(request, version.source.path)
path = version.source.path
if not isinstance(path, unicode):
path = path.decode('utf8')
name = os.path.basename(path.replace(u'"', u''))
disposition = u'attachment; filename="{0}"'.format(name).encode('utf8')
res['Content-Disposition'] = disposition
return res
def allowed(request, file):
try:
version = file.version
addon = version.addon
except ObjectDoesNotExist:
raise http.Http404
# General case: addon is listed.
if version.channel == amo.RELEASE_CHANNEL_LISTED:
# We don't show the file-browser publicly because of potential DOS
# issues, we're working on a fix but for now, let's not do this.
# (cgrebs, 06042017)
is_owner = acl.check_addon_ownership(request, addon, dev=True)
if (acl.is_reviewer(request, addon) or is_owner):
return True # Public and sources are visible, or reviewer.
raise PermissionDenied # Listed but not allowed.
# Not listed? Needs an owner or an "unlisted" admin.
else:
if owner_or_unlisted_reviewer(request, addon):
return True
raise http.Http404 # Not listed, not owner or admin.
def reporter(request):
query = request.GET.get('guid')
if query:
qs = None
if query.isdigit():
qs = Addon.with_unlisted.filter(id=query)
if not qs:
qs = Addon.with_unlisted.filter(slug=query)
if not qs:
qs = Addon.with_unlisted.filter(guid=query)
if not qs and len(query) > 4:
qs = CompatReport.objects.filter(guid__startswith=query)
if qs:
guid = qs[0].guid
addon = Addon.with_unlisted.get(guid=guid)
if addon.is_listed or owner_or_unlisted_reviewer(request, addon):
return redirect('compat.reporter_detail', guid)
addons = (Addon.with_unlisted.filter(
authors=request.user) if request.user.is_authenticated() else [])
return render(request, 'compat/reporter.html',
dict(query=query, addons=addons))
def reporter(request):
query = request.GET.get('guid')
if query:
qs = None
if query.isdigit():
qs = Addon.objects.filter(id=query)
if not qs:
qs = Addon.objects.filter(slug=query)
if not qs:
qs = Addon.objects.filter(guid=query)
if not qs and len(query) > 4:
qs = CompatReport.objects.filter(guid__startswith=query)
if qs:
guid = qs[0].guid
addon = Addon.objects.get(guid=guid)
if (addon.has_listed_versions() or
owner_or_unlisted_reviewer(request, addon)):
return redirect('compat.reporter_detail', guid)
addons = (Addon.objects.filter(authors=request.user)
if request.user.is_authenticated() else [])
return render(request, 'compat/reporter.html',
dict(query=query, addons=addons))
def reporter_detail(request, guid):
try:
addon = Addon.with_unlisted.get(guid=guid)
except Addon.DoesNotExist:
addon = None
name = addon.name if addon else guid
qs = CompatReport.objects.filter(guid=guid)
if (addon and not addon.is_listed and
not owner_or_unlisted_reviewer(request, addon)):
# Not authorized? Let's pretend this addon simply doesn't exist.
name = guid
qs = CompatReport.objects.none()
form = AppVerForm(request.GET)
if request.GET and form.is_valid() and form.cleaned_data['appver']:
# Apply filters only if we have a good app/version combination.
app, ver = form.cleaned_data['appver'].split('-')
app = amo.APP_IDS[int(app)]
ver = vdict(floor_version(ver))['major'] # 3.6 => 3
# Ideally we'd have a `version_int` column to do strict version
# comparing, but that's overkill for basic version filtering here.
qs = qs.filter(app_guid=app.guid,
app_version__startswith=str(ver) + '.')
works_ = dict(qs.values_list('works_properly').annotate(Count('id')))
works = {'success': works_.get(True, 0), 'failure': works_.get(False, 0)}
works_properly = request.GET.get('works_properly')
if works_properly:
qs = qs.filter(works_properly=works_properly)
reports = amo_utils.paginate(request, qs.order_by('-created'), 100)
return render(request, 'compat/reporter_detail.html',
dict(reports=reports, works=works,
works_properly=works_properly,
name=name, guid=guid, form=form))
