def raw(part_id): """ Return the part's body as a raw byte-stream for eg. serving images. """ part = MimePart.get(part_id) logged_in = logged_in_user() if not part: abort(404, 'No such content item', force_status=True) # If anyone has shared this part with us (or the public), we get to view # it. for link in part.posts: if link.post.has_permission_to_view(logged_in): return raw_response(part.body, part.type) abort(403, 'Forbidden')
def avatar(contact_id): """ Display the photo (or other media item) that represents a Contact. If the user is logged in they can view the avatar for any contact, but if not logged in then only locally-mastered contacts have their avatar displayed. """ contact = Contact.get(contact_id) if not contact: abort(404, 'No such contact', force_status=True) if not contact.user and not logged_in_user(): abort(404, 'No such contact', force_status=True) part = contact.avatar if not part: abort(404, 'Contact has no avatar', force_status=True) return raw_response(part.body, part.type)