def get_media(request, path):
def return_file(path, name):
res = serve(request,
path,
document_root=settings.MEDIA_ROOT,
show_indexes=False)
res['Content-Disposition'] = 'attachment; filename=%s' % name
return res
if not path:
raise Http404()
id = None
try:
path2 = path.split('!target_id=')[0]
id = path.split('!target_id=')[1]
path = path2
except:
pass
try:
slug = path.split('/')[0]
name = path.split('/')[1]
except:
return return_file('', path)
print slug
print name
klass = mapping.get(slug, None)
if not klass:
raise Http404()
if klass == 1:
return return_file(path, name)
if not request.user.is_authenticated():
raise Http404()
if not id:
raise Http404()
try:
object = klass.objects.get(pk=id)
except:
raise Http404()
if PermissionController().is_admin(
request.user) or PermissionController().is_supervisor(
request.user):
return return_file(path, name)
if PermissionController().is_arbiter(
request.user) and not isinstance(klass, Member):
return return_file(path, name)
if PermissionController().is_member(request.user):
try:
member = request.user.member
except:
raise Http404()
if not member:
raise Http404()
if member == object:
return return_file(path, name)
if isinstance(object, Project):
if check_project_access(object, member):
return return_file(path, name)
if isinstance(object, ProjectReport):
if check_project_access(object.project, member):
return return_file(path, name)
raise Http404()
