def post(self): name = COURSE_EXPLORER_SETTINGS.name request = transforms.loads(self.request.get('request')) if not self.assert_xsrf_token_or_fail(request, self.ACTION, {}): return if not roles.Roles.is_course_admin(self.app_context): transforms.send_json_response(self, 401, 'Access denied.', {}) return raw_data = transforms.loads(request.get('payload')) raw_data.pop('logo', None) try: data = transforms.json_to_dict( raw_data, schema_provider(None).get_json_schema_dict()) except (TypeError, ValueError) as err: self.validation_error(err.replace('\n', ' ')) return logo = self.request.POST.get('logo') logo_uploaded = isinstance(logo, cgi.FieldStorage) if logo_uploaded: data['logo_bytes_base64'] = base64.b64encode(logo.file.read()) data['logo_mime_type'] = logo.type with common_utils.Namespace(appengine_config.DEFAULT_NAMESPACE_NAME): entity = config.ConfigPropertyEntity.get_by_key_name(name) if entity is None: entity = config.ConfigPropertyEntity(key_name=name) old_value = None else: old_value = entity.value # Don't delete the logo. if not logo_uploaded and old_value: old_dict = transforms.loads(old_value) if ('logo_bytes_base64' in old_dict and 'logo_mime_type' in old_dict): data['logo_bytes_base64'] = old_dict['logo_bytes_base64'] data['logo_mime_type'] = old_dict['logo_mime_type'] entity.value = transforms.dumps(data) entity.is_draft = False entity.put() # is this necessary? models.EventEntity.record( 'put-property', users.get_current_user(), transforms.dumps({ 'name': name, 'before': str(old_value), 'after': str(entity.value) })) transforms.send_file_upload_response(self, 200, 'Saved.')
def post(self): name = COURSE_EXPLORER_SETTINGS.name request = transforms.loads(self.request.get('request')) if not self.assert_xsrf_token_or_fail( request, self.ACTION, {}): return if not roles.Roles.is_course_admin(self.app_context): transforms.send_json_response( self, 401, 'Access denied.', {}) return raw_data = transforms.loads(request.get('payload')) raw_data.pop('logo', None) try: data = transforms.json_to_dict( raw_data, schema_provider(None).get_json_schema_dict()) except (TypeError, ValueError) as err: self.validation_error(err.replace('\n', ' ')) return logo = self.request.POST.get('logo') logo_uploaded = isinstance(logo, cgi.FieldStorage) if logo_uploaded: data['logo_bytes_base64'] = base64.b64encode(logo.file.read()) data['logo_mime_type'] = logo.type with common_utils.Namespace(appengine_config.DEFAULT_NAMESPACE_NAME): entity = config.ConfigPropertyEntity.get_by_key_name(name) if entity is None: entity = config.ConfigPropertyEntity(key_name=name) old_value = None else: old_value = entity.value # Don't delete the logo. if not logo_uploaded and old_value: old_dict = transforms.loads(old_value) if ( 'logo_bytes_base64' in old_dict and 'logo_mime_type' in old_dict): data['logo_bytes_base64'] = old_dict['logo_bytes_base64'] data['logo_mime_type'] = old_dict['logo_mime_type'] entity.value = transforms.dumps(data) entity.is_draft = False entity.put() # is this necessary? models.EventEntity.record( 'put-property', users.get_current_user(), transforms.dumps({ 'name': name, 'before': str(old_value), 'after': str(entity.value)})) transforms.send_file_upload_response(self, 200, 'Saved.')
def _handle_post(self, physical_path, is_overwrite_allowed, upload): fs = self.app_context.fs.impl path = fs.physical_to_logical(physical_path) if fs.isfile(path): if not is_overwrite_allowed: transforms.send_file_upload_response( self, 403, 'Cannot overwrite existing file.') return else: fs.delete(path) upload.file.seek(0) fs.put(path, upload.file) transforms.send_file_upload_response(self, 200, 'Saved.')
def _validate_post(self): """Handles asset uploads.""" assert self.app_context.is_editable_fs() if not FilesRights.can_add(self): transforms.send_file_upload_response(self, 401, 'Access denied.') return False, None, None request = transforms.loads(self.request.get('request')) if not self.assert_xsrf_token_or_fail(request, self.XSRF_TOKEN_NAME, None): return False, None, None uploads = self.request.POST.getall('file') for upload in uploads: if not isinstance(upload, cgi.FieldStorage): transforms.send_file_upload_response(self, 403, 'No file specified.') return False, None, None payload = transforms.loads(request['payload']) base = payload['base'] if not _is_asset_in_allowed_bases(base): transforms.send_file_upload_response(self, 400, 'Malformed request.', {'key': base}) return False, None, None for upload in uploads: content = upload.file.read() if not self._can_write_payload_to_base(content, base): transforms.send_file_upload_response( self, 403, 'Cannot write binary data to %s.' % base) return False, None, None if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024: transforms.send_file_upload_response( self, 403, 'Max allowed file upload size is %dK' % MAX_ASSET_UPLOAD_SIZE_K) return False, None, None return True, payload, uploads
def _validate_post(self): """Handles asset uploads.""" assert self.app_context.is_editable_fs() if not FilesRights.can_add(self): transforms.send_file_upload_response( self, 401, 'Access denied.') return False, None, None request = transforms.loads(self.request.get('request')) if not self.assert_xsrf_token_or_fail(request, self.XSRF_TOKEN_NAME, None): return False, None, None upload = self.request.POST['file'] if not isinstance(upload, cgi.FieldStorage): transforms.send_file_upload_response( self, 403, 'No file specified.') return False, None, None payload = transforms.loads(request['payload']) base = payload['base'] if not _is_asset_in_allowed_bases(base): transforms.send_file_upload_response( self, 400, 'Malformed request.', {'key': base}) return False, None, None content = upload.file.read() if not self._can_write_payload_to_base(content, base): transforms.send_file_upload_response( self, 403, 'Cannot write binary data to %s.' % base) return False, None, None if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024: transforms.send_file_upload_response( self, 403, 'Max allowed file upload size is %dK' % MAX_ASSET_UPLOAD_SIZE_K) return False, None, None return True, payload, upload
def post(self): is_valid, payload, uploads = self._validate_post() if is_valid: key = payload['key'] base = payload['base'] errors = [] for upload in uploads: if key == base: # File name not given on setup; we are uploading a new file. filename = os.path.split(upload.filename)[1] physical_path = os.path.join(base, filename) is_overwrite_allowed = False self._handle_post(physical_path, False, upload, errors) else: # File name already established on setup; use existing # file's name and uploaded file's data. physical_path = key is_overwrite_allowed = True self._handle_post(physical_path, True, upload, errors) if errors: transforms.send_file_upload_response(self, 403, ','.join(errors)) return transforms.send_file_upload_response(self, 200, 'Saved.')
def post(self): """Handles asset uploads.""" assert is_editable_fs(self.app_context) if not FilesRights.can_add(self): transforms.send_file_upload_response(self, 401, "Access denied.") return request = transforms.loads(self.request.get("request")) if not self.assert_xsrf_token_or_fail(request, "asset-upload", None): return payload = transforms.loads(request["payload"]) base = payload["base"] assert base in ALLOWED_ASSET_UPLOAD_BASES upload = self.request.POST["file"] if not isinstance(upload, cgi.FieldStorage): transforms.send_file_upload_response(self, 403, "No file specified.") return filename = os.path.split(upload.filename)[1] assert filename physical_path = os.path.join(base, filename) fs = self.app_context.fs.impl path = fs.physical_to_logical(physical_path) if fs.isfile(path): transforms.send_file_upload_response(self, 403, "Cannot overwrite existing file.") return content = upload.file.read() if not self._can_write_payload_to_base(content, base): transforms.send_file_upload_response(self, 403, "Cannot write binary data to %s." % base) return upload.file.seek(0) if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024: transforms.send_file_upload_response( self, 403, "Max allowed file upload size is %dK" % MAX_ASSET_UPLOAD_SIZE_K ) return fs.put(path, upload.file) transforms.send_file_upload_response(self, 200, "Saved.")
def post(self): """Handles asset uploads.""" assert is_editable_fs(self.app_context) if not FilesRights.can_add(self): transforms.send_file_upload_response(self, 401, 'Access denied.') return request = transforms.loads(self.request.get('request')) if not self.assert_xsrf_token_or_fail(request, 'asset-upload', None): return payload = transforms.loads(request['payload']) base = payload['base'] assert base in ALLOWED_ASSET_UPLOAD_BASES upload = self.request.POST['file'] if not isinstance(upload, cgi.FieldStorage): transforms.send_file_upload_response(self, 403, 'No file specified.') return filename = os.path.split(upload.filename)[1] assert filename physical_path = os.path.join(base, filename) fs = self.app_context.fs.impl path = fs.physical_to_logical(physical_path) if fs.isfile(path): transforms.send_file_upload_response( self, 403, 'Cannot overwrite existing file.') return content = upload.file.read() if not self._can_write_payload_to_base(content, base): transforms.send_file_upload_response( self, 403, 'Cannot write binary data to %s.' % base) return upload.file.seek(0) if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024: transforms.send_file_upload_response( self, 403, 'Max allowed file upload size is %dK' % MAX_ASSET_UPLOAD_SIZE_K) return fs.put(path, upload.file) transforms.send_file_upload_response(self, 200, 'Saved.')