def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True) or
acl.check_addons_reviewer(request)):
return HttpResponseSendFile(request, file.guarded_file_path,
content_type='application/x-xpinstall')
log.info(u'download file {file_id}: addon/file disabled or user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404()
if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)):
log.info(u'download file {file_id}: addon is unlisted but user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def download_file(request, file_id, type=None):
file = get_object_or_404(File, pk=file_id)
webapp = get_object_or_404(Webapp,
pk=file.version.addon_id,
is_packaged=True)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(
request, webapp, viewer=True, ignore_disabled=True):
raise http.Http404()
# We treat blocked files like public files so users get the update.
if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]:
path = webapp.sign_if_packaged(file.version_id)
else:
# This is someone asking for an unsigned packaged app.
if not acl.check_addon_ownership(request, webapp, dev=True):
raise http.Http404()
path = file.file_path
log.info('Downloading package: %s from %s' % (webapp.id, path))
return HttpResponseSendFile(request,
path,
content_type='application/zip',
etag=file.hash.split(':')[-1])
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
# General case: addon is listed.
if addon.is_listed:
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(
request, addon, viewer=True, ignore_disabled=True)
or acl.check_addons_reviewer(request)):
return HttpResponseSendFile(
request,
file.guarded_file_path,
content_type='application/xp-install')
else:
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, addon):
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def retrieve(self, request, *args, **kwargs):
obj = self.get_object()
if not obj.has_image:
raise Http404
return HttpResponseSendFile(request,
obj.image_path(),
content_type='image/png')
def get_signed_packaged(request, addon, version_id):
get_object_or_404(addon.versions, pk=version_id)
path = addon.sign_if_packaged(version_id, reviewer=True)
if not path:
raise http.Http404
log.info('Returning signed package addon: %s, version: %s, path: %s' %
(addon.pk, version_id, path))
return HttpResponseSendFile(request, path, content_type='application/zip')
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
if (version.source
and (acl.check_addon_ownership(
request, version.addon, viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
return HttpResponseSendFile(request, version.source.path)
raise http.Http404()
def get_signed_packaged(request, addon, version_id):
version = get_object_or_404(addon.versions, pk=version_id)
file = version.all_files[0]
path = addon.sign_if_packaged(version.pk, reviewer=True)
if not path:
raise http.Http404
log.info('Returning signed package addon: %s, version: %s, path: %s' %
(addon.pk, version_id, path))
return HttpResponseSendFile(request, path, content_type='application/zip',
etag=file.hash.split(':')[-1])
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
webapp = get_object_or_404(Addon.objects, pk=file.version.addon_id,
type=amo.ADDON_WEBAPP)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(request, webapp, viewer=True,
ignore_disabled=True):
raise http.Http404()
log.info('Downloading: %s from %s' % (webapp.id, file.file_path))
return HttpResponseSendFile(request, file.file_path)
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
if (version.source and
(acl.check_addon_ownership(request, version.addon,
viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
res = HttpResponseSendFile(request, version.source.path)
name = os.path.basename(version.source.path.replace('"', ''))
res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name)
return res
raise http.Http404()
def get(self, request, note_id, pk, *args, **kwargs):
attach = get_object_or_404(CommAttachment, pk=pk)
self.check_object_permissions(request, attach)
full_path = os.path.join(settings.REVIEWER_ATTACHMENTS_PATH,
attach.filepath)
content_type = 'application/force-download'
if attach.is_image():
content_type = 'image'
return HttpResponseSendFile(
request, full_path, content_type=content_type)
def serve(request, viewer, key):
"""
This is to serve files off of st.a.m.o, not standard a.m.o. For this we
use token based authentication.
"""
files = viewer.get_files()
obj = files.get(key)
if not obj:
log.error(u'Couldn\'t find %s in %s (%d entries) for file %s' %
(key, files.keys()[:10], len(files.keys()), viewer.file.id))
raise http.Http404
return HttpResponseSendFile(request, obj['full'],
content_type=obj['mimetype'])
def download_file(request, file_id, type=None):
file = get_object_or_404(File, pk=file_id)
webapp = get_object_or_404(Webapp, pk=file.version.addon_id,
is_packaged=True)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(request, webapp, viewer=True,
ignore_disabled=True):
raise http.Http404()
log.info('Downloading package: %s from %s' % (webapp.id,
file.file_path))
path = webapp.sign_if_packaged(file.version_id)
return HttpResponseSendFile(request, path, content_type='application/zip')
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.objects, pk=file.version.addon_id)
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True):
return HttpResponseSendFile(request, file.guarded_file_path,
content_type='application/xp-install')
else:
raise http.Http404()
attachment = (type == 'attachment' or not request.APP.browser)
loc = file.get_mirror(addon, attachment=attachment)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
# General case: addon is listed.
if version.addon.is_listed:
if not (version.source and
(acl.check_addon_ownership(
request, version.addon, viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, version.addon):
raise http.Http404 # Not listed, not owner or admin.
res = HttpResponseSendFile(request, version.source.path)
name = os.path.basename(version.source.path.replace('"', ''))
res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name)
return res
def download_watermarked(request, file_id):
if not waffle.switch_is_active('marketplace'):
raise http.Http404()
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.objects, pk=file.version.addon_id)
author = request.check_ownership(addon, require_owner=False)
user = request.amo_user
if not author:
if (not addon.is_premium() or addon.is_disabled
or file.status == amo.STATUS_DISABLED):
raise http.Http404()
if request.user.is_anonymous():
log.debug('Anonymous user, checking hash: %s' % file_id)
email = request.GET.get(amo.WATERMARK_KEY, None)
hsh = request.GET.get(amo.WATERMARK_KEY_HASH, None)
user = addon.get_user_from_hash(email, hsh)
if not user:
log.debug('Watermarking denied, no user: %s, %s, %s' %
(file_id, email, hsh))
raise PermissionDenied
if not addon.has_purchased(user):
log.debug('Watermarking denied, not purchased: %s, %s' %
(file_id, user.id))
raise PermissionDenied
dest = file.watermark(user)
if not dest:
# TODO(andym): the watermarking is already in progress and we've
# got multiple requests from the same users for the same file
# perhaps this should go into a loop.
log.debug('Watermarking in progress: %s, %s' % (file_id, user.id))
raise http.Http404()
log.debug('Serving watermarked file: %s, %s' % (file_id, user.id))
return HttpResponseSendFile(request,
dest,
content_type='application/xp-install')
def download_file(request, uuid):
upload = get_object_or_404(FileUpload, uuid=uuid)
return HttpResponseSendFile(request,
upload.path,
content_type='application/octet-stream')
def retrieve(self, request, *args, **kwargs):
obj = self.get_object()
if not getattr(obj, 'image_hash', None):
raise Http404
return HttpResponseSendFile(request, obj.image_path(self.image_suffix),
content_type='image/png')
def retrieve(self, request, pk=None):
obj = self.get_object()
return HttpResponseSendFile(request,
obj.image_path(),
content_type='image/png')