def upload_image(current_user=None):
application = Application.get_for_user(current_user.id)
if application is None:
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
else:
if app.config.get('TESTING'):
image = Image(application_id=application.id)
db.session.add(image)
db.session.commit()
return {'status': 'ok'}
else:
s3 = boto3.client(
's3',
region_name=aws_region_name,
endpoint_url=aws_endpoint_url,
config=Config(signature_version=aws_signature_version),
)
for key, file in request.files.items():
if file.filename == "":
raise BadRequestException("No file selected")
if file and file.filename.lower().endswith(
('.png', '.jpg', '.jpeg')):
try:
image = Image(application_id=application.id)
db.session.add(image)
db.session.commit()
s3.upload_fileobj(file,
aws_bucket_name,
image.filename,
ExtraArgs={
"ACL": 'public-read',
"ContentType": file.content_type
})
except Exception as e:
print('ERROR upload_image AppException', e)
Image.delete(image.id, image.filename)
raise AppException() from e
else:
print('ERROR upload_image File was not an allowed type')
raise ForbiddenException('File was not an allowed type')
return {'status': 'ok'}
def delete_s3(image_id, current_user=None):
image = Image.query.get(image_id)
application = Application.get_for_user(current_user.id)
if application is not None:
self_access = not application.is_submitted
has_access = has_applicant_access(current_user,
application.user,
self_access=self_access)
else:
has_access = False
if (not has_access or image is None or application is None
or application.is_submitted
or application.id != image.application_id):
raise ForbiddenException(
'User {} does not have access to image {}.'.format(
current_user.id, image_id))
else:
Image.delete(image_id, image.filename)
return {'status': 'ok'}
def delete_image(id):
# Get image #id
try:
image = Image.get(Image.id == id)
except Image.DoesNotExist:
return jsonify(**IMAGE_NOT_FOUND)
# TODO: Delete image binary file and thumb
# Need to check safe path and MIME type first
# Delete image DB record
query = Image.delete().where(Image.id == id)
query.execute()
# return JSON status OK
return jsonify(**STATUS_OK)
def delete_image(id):
# Get image #id
try:
image = Image.get(Image.id == id)
except Image.DoesNotExist:
return jsonify(**IMAGE_NOT_FOUND)
# TODO: Delete image binary file and thumb
# Need to check safe path and MIME type first
# Delete image DB record
query = Image.delete().where(Image.id == id)
query.execute()
# return JSON status OK
return jsonify(**STATUS_OK)