def post(self):
name = COURSE_EXPLORER_SETTINGS.name
request = transforms.loads(self.request.get('request'))
if not self.assert_xsrf_token_or_fail(request, self.ACTION, {}):
return
if not roles.Roles.is_course_admin(self.app_context):
transforms.send_json_response(self, 401, 'Access denied.', {})
return
raw_data = transforms.loads(request.get('payload'))
raw_data.pop('logo', None)
try:
data = transforms.json_to_dict(
raw_data,
schema_provider(None).get_json_schema_dict())
except (TypeError, ValueError) as err:
self.validation_error(err.replace('\n', ' '))
return
logo = self.request.POST.get('logo')
logo_uploaded = isinstance(logo, cgi.FieldStorage)
if logo_uploaded:
data['logo_bytes_base64'] = base64.b64encode(logo.file.read())
data['logo_mime_type'] = logo.type
with common_utils.Namespace(appengine_config.DEFAULT_NAMESPACE_NAME):
entity = config.ConfigPropertyEntity.get_by_key_name(name)
if entity is None:
entity = config.ConfigPropertyEntity(key_name=name)
old_value = None
else:
old_value = entity.value
# Don't delete the logo.
if not logo_uploaded and old_value:
old_dict = transforms.loads(old_value)
if ('logo_bytes_base64' in old_dict
and 'logo_mime_type' in old_dict):
data['logo_bytes_base64'] = old_dict['logo_bytes_base64']
data['logo_mime_type'] = old_dict['logo_mime_type']
entity.value = transforms.dumps(data)
entity.is_draft = False
entity.put()
# is this necessary?
models.EventEntity.record(
'put-property', users.get_current_user(),
transforms.dumps({
'name': name,
'before': str(old_value),
'after': str(entity.value)
}))
transforms.send_file_upload_response(self, 200, 'Saved.')
def post(self):
name = COURSE_EXPLORER_SETTINGS.name
request = transforms.loads(self.request.get('request'))
if not self.assert_xsrf_token_or_fail(
request, self.ACTION, {}):
return
if not roles.Roles.is_course_admin(self.app_context):
transforms.send_json_response(
self, 401, 'Access denied.', {})
return
raw_data = transforms.loads(request.get('payload'))
raw_data.pop('logo', None)
try:
data = transforms.json_to_dict(
raw_data, schema_provider(None).get_json_schema_dict())
except (TypeError, ValueError) as err:
self.validation_error(err.replace('\n', ' '))
return
logo = self.request.POST.get('logo')
logo_uploaded = isinstance(logo, cgi.FieldStorage)
if logo_uploaded:
data['logo_bytes_base64'] = base64.b64encode(logo.file.read())
data['logo_mime_type'] = logo.type
with common_utils.Namespace(appengine_config.DEFAULT_NAMESPACE_NAME):
entity = config.ConfigPropertyEntity.get_by_key_name(name)
if entity is None:
entity = config.ConfigPropertyEntity(key_name=name)
old_value = None
else:
old_value = entity.value
# Don't delete the logo.
if not logo_uploaded and old_value:
old_dict = transforms.loads(old_value)
if (
'logo_bytes_base64' in old_dict and
'logo_mime_type' in old_dict):
data['logo_bytes_base64'] = old_dict['logo_bytes_base64']
data['logo_mime_type'] = old_dict['logo_mime_type']
entity.value = transforms.dumps(data)
entity.is_draft = False
entity.put()
# is this necessary?
models.EventEntity.record(
'put-property', users.get_current_user(), transforms.dumps({
'name': name,
'before': str(old_value), 'after': str(entity.value)}))
transforms.send_file_upload_response(self, 200, 'Saved.')
def _handle_post(self, physical_path, is_overwrite_allowed, upload):
fs = self.app_context.fs.impl
path = fs.physical_to_logical(physical_path)
if fs.isfile(path):
if not is_overwrite_allowed:
transforms.send_file_upload_response(
self, 403, 'Cannot overwrite existing file.')
return
else:
fs.delete(path)
upload.file.seek(0)
fs.put(path, upload.file)
transforms.send_file_upload_response(self, 200, 'Saved.')
def _handle_post(self, physical_path, is_overwrite_allowed, upload):
fs = self.app_context.fs.impl
path = fs.physical_to_logical(physical_path)
if fs.isfile(path):
if not is_overwrite_allowed:
transforms.send_file_upload_response(
self, 403, 'Cannot overwrite existing file.')
return
else:
fs.delete(path)
upload.file.seek(0)
fs.put(path, upload.file)
transforms.send_file_upload_response(self, 200, 'Saved.')
def _validate_post(self):
"""Handles asset uploads."""
assert self.app_context.is_editable_fs()
if not FilesRights.can_add(self):
transforms.send_file_upload_response(self, 401, 'Access denied.')
return False, None, None
request = transforms.loads(self.request.get('request'))
if not self.assert_xsrf_token_or_fail(request, self.XSRF_TOKEN_NAME,
None):
return False, None, None
uploads = self.request.POST.getall('file')
for upload in uploads:
if not isinstance(upload, cgi.FieldStorage):
transforms.send_file_upload_response(self, 403,
'No file specified.')
return False, None, None
payload = transforms.loads(request['payload'])
base = payload['base']
if not _is_asset_in_allowed_bases(base):
transforms.send_file_upload_response(self, 400,
'Malformed request.',
{'key': base})
return False, None, None
for upload in uploads:
content = upload.file.read()
if not self._can_write_payload_to_base(content, base):
transforms.send_file_upload_response(
self, 403, 'Cannot write binary data to %s.' % base)
return False, None, None
if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024:
transforms.send_file_upload_response(
self, 403, 'Max allowed file upload size is %dK' %
MAX_ASSET_UPLOAD_SIZE_K)
return False, None, None
return True, payload, uploads
def _validate_post(self):
"""Handles asset uploads."""
assert self.app_context.is_editable_fs()
if not FilesRights.can_add(self):
transforms.send_file_upload_response(
self, 401, 'Access denied.')
return False, None, None
request = transforms.loads(self.request.get('request'))
if not self.assert_xsrf_token_or_fail(request, self.XSRF_TOKEN_NAME,
None):
return False, None, None
upload = self.request.POST['file']
if not isinstance(upload, cgi.FieldStorage):
transforms.send_file_upload_response(
self, 403, 'No file specified.')
return False, None, None
payload = transforms.loads(request['payload'])
base = payload['base']
if not _is_asset_in_allowed_bases(base):
transforms.send_file_upload_response(
self, 400, 'Malformed request.', {'key': base})
return False, None, None
content = upload.file.read()
if not self._can_write_payload_to_base(content, base):
transforms.send_file_upload_response(
self, 403, 'Cannot write binary data to %s.' % base)
return False, None, None
if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024:
transforms.send_file_upload_response(
self, 403,
'Max allowed file upload size is %dK' % MAX_ASSET_UPLOAD_SIZE_K)
return False, None, None
return True, payload, upload
def post(self):
is_valid, payload, uploads = self._validate_post()
if is_valid:
key = payload['key']
base = payload['base']
errors = []
for upload in uploads:
if key == base:
# File name not given on setup; we are uploading a new file.
filename = os.path.split(upload.filename)[1]
physical_path = os.path.join(base, filename)
is_overwrite_allowed = False
self._handle_post(physical_path, False, upload, errors)
else:
# File name already established on setup; use existing
# file's name and uploaded file's data.
physical_path = key
is_overwrite_allowed = True
self._handle_post(physical_path, True, upload, errors)
if errors:
transforms.send_file_upload_response(self, 403,
','.join(errors))
return
transforms.send_file_upload_response(self, 200, 'Saved.')
def post(self):
"""Handles asset uploads."""
assert is_editable_fs(self.app_context)
if not FilesRights.can_add(self):
transforms.send_file_upload_response(self, 401, "Access denied.")
return
request = transforms.loads(self.request.get("request"))
if not self.assert_xsrf_token_or_fail(request, "asset-upload", None):
return
payload = transforms.loads(request["payload"])
base = payload["base"]
assert base in ALLOWED_ASSET_UPLOAD_BASES
upload = self.request.POST["file"]
if not isinstance(upload, cgi.FieldStorage):
transforms.send_file_upload_response(self, 403, "No file specified.")
return
filename = os.path.split(upload.filename)[1]
assert filename
physical_path = os.path.join(base, filename)
fs = self.app_context.fs.impl
path = fs.physical_to_logical(physical_path)
if fs.isfile(path):
transforms.send_file_upload_response(self, 403, "Cannot overwrite existing file.")
return
content = upload.file.read()
if not self._can_write_payload_to_base(content, base):
transforms.send_file_upload_response(self, 403, "Cannot write binary data to %s." % base)
return
upload.file.seek(0)
if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024:
transforms.send_file_upload_response(
self, 403, "Max allowed file upload size is %dK" % MAX_ASSET_UPLOAD_SIZE_K
)
return
fs.put(path, upload.file)
transforms.send_file_upload_response(self, 200, "Saved.")
def post(self):
"""Handles asset uploads."""
assert is_editable_fs(self.app_context)
if not FilesRights.can_add(self):
transforms.send_file_upload_response(self, 401, 'Access denied.')
return
request = transforms.loads(self.request.get('request'))
if not self.assert_xsrf_token_or_fail(request, 'asset-upload', None):
return
payload = transforms.loads(request['payload'])
base = payload['base']
assert base in ALLOWED_ASSET_UPLOAD_BASES
upload = self.request.POST['file']
if not isinstance(upload, cgi.FieldStorage):
transforms.send_file_upload_response(self, 403,
'No file specified.')
return
filename = os.path.split(upload.filename)[1]
assert filename
physical_path = os.path.join(base, filename)
fs = self.app_context.fs.impl
path = fs.physical_to_logical(physical_path)
if fs.isfile(path):
transforms.send_file_upload_response(
self, 403, 'Cannot overwrite existing file.')
return
content = upload.file.read()
if not self._can_write_payload_to_base(content, base):
transforms.send_file_upload_response(
self, 403, 'Cannot write binary data to %s.' % base)
return
upload.file.seek(0)
if len(content) > MAX_ASSET_UPLOAD_SIZE_K * 1024:
transforms.send_file_upload_response(
self, 403, 'Max allowed file upload size is %dK' %
MAX_ASSET_UPLOAD_SIZE_K)
return
fs.put(path, upload.file)
transforms.send_file_upload_response(self, 200, 'Saved.')
