def get(self, request, fid, cid): cf = get_object_or_404(ContactField, pk=fid) if not perms.c_can_view_fields_cg(request.user.id, cf.contact_group_id): raise PermissionDenied fullpath = os.path.join(settings.MEDIA_ROOT, 'fields', fid, cid) if not os.path.exists(fullpath): raise Http404(_('"{path}" does not exist').format(path=fullpath)) # Respect the If-Modified-Since header. statobj = os.stat(fullpath) if not static.was_modified_since( request.META.get('HTTP_IF_MODIFIED_SINCE'), statobj.st_mtime, statobj.st_size): return HttpResponseNotModified() # START OF content_type detection cfv = get_object_or_404(ContactFieldValue, contact_id=cid, contact_field_id=fid) fileinfo = json.loads(cfv.value) content_type = fileinfo['content_type'] # END OF content_type detection response = FileResponse(open(fullpath, 'rb'), content_type=content_type) response["Last-Modified"] = http_date(statobj.st_mtime) if stat.S_ISREG(statobj.st_mode): response["Content-Length"] = statobj.st_size response['Content-Disposition'] = 'inline; filename="{0}"'.format( header_encode(fileinfo['filename'].encode('utf-8'), 'utf-8')) return response
def get(self, request, fid, cid, width, height): cf = get_object_or_404(ContactField, pk=fid) if not perms.c_can_view_fields_cg(request.user.id, cf.contact_group_id): raise PermissionDenied fullpath_orig = os.path.join(settings.MEDIA_ROOT, 'fields', fid, cid) fullpath_thumb = os.path.join(settings.MEDIA_ROOT, 'fields', fid, cid + ".{0}x{1}".format(width, height)) try: stat_orig = os.stat(fullpath_orig) except FileNotFoundError: raise Http404(_('"{path}" does not exist').format( path=fullpath_orig)) try: stat_thumb = os.stat(fullpath_thumb) thumb_outdated = (stat_thumb.st_mtime < stat_orig.st_mtime) except FileNotFoundError: thumb_outdated = True if thumb_outdated: img = Image.open(fullpath_orig) width, height = int(width), int(height) img.thumbnail((width, height)) img.save(fullpath_thumb, "JPEG") stat_thumb = os.stat(fullpath_thumb) else: # Respect the If-Modified-Since header. if not static.was_modified_since( request.META.get('HTTP_IF_MODIFIED_SINCE'), stat_thumb.st_mtime, stat_thumb.st_size): return HttpResponseNotModified() # START OF content_type detection cfv = get_object_or_404(ContactFieldValue, contact_id=cid, contact_field_id=fid) fileinfo = json.loads(cfv.value) content_type = fileinfo['content_type'] # END OF content_type detection response = FileResponse(open(fullpath_thumb, 'rb'), content_type=content_type) response["Last-Modified"] = http_date(stat_thumb.st_mtime) if stat.S_ISREG(stat_thumb.st_mode): response["Content-Length"] = stat_thumb.st_size response['Content-Disposition'] = 'inline; filename="{0}"'.format( header_encode(fileinfo['filename'].encode('utf-8'), 'utf-8')) return response
def _filter_parse_expression(lexer, user_id): ''' Filter parser. Returns a BoundFilter, that is a filter reader to apply, that includes parameters. user_id is there only to check security priviledges. ''' try: lexem = next(lexer) except StopIteration: return EmptyBoundFilter() if lexem.type == FilterLexer.Lexem.Type.WORD and lexem.str == 'and': lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.LPARENTHESIS: raise FilterSyntaxError( "Unexpected {!r}. Expected '('.".format(lexem)) subfilters = [] while True: subfilters.append(_filter_parse_expression(lexer, user_id)) lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.RPARENTHESIS: break if lexem.type == FilterLexer.Lexem.Type.COMMA: continue raise FilterSyntaxError( "Unexpected {!r}. Expected ',' or ')'.".format(lexem)) return AndBoundFilter(*subfilters) if lexem.type == FilterLexer.Lexem.Type.WORD and lexem.str == 'or': lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.LPARENTHESIS: raise FilterSyntaxError( "Unexpected {!r}. Expected '('.".format(lexem)) subfilters = [] while True: subfilters.append(_filter_parse_expression(lexer, user_id)) lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.RPARENTHESIS: break if lexem.type == FilterLexer.Lexem.Type.COMMA: continue raise FilterSyntaxError( "Unexpected {!r}. Expected ',' or ')'.".format(lexem)) return OrBoundFilter(*subfilters) if lexem.type == FilterLexer.Lexem.Type.WORD and lexem.str == 'ffilter': lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.LPARENTHESIS: raise FilterSyntaxError( "Unexpected {!r}. Expected '('.".format(lexem)) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.INT: raise FilterSyntaxError( "Unexpected {!r}. Expected INT.".format(lexem)) field_id = int(lexem.str) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.COMMA: raise FilterSyntaxError( "Unexpected {!r}. Expected ','.".format(lexem)) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.WORD: raise FilterSyntaxError( "Unexpected {!r}. Expected word.".format(lexem)) field_filter_name = lexem.str params = [] while True: lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.RPARENTHESIS: break if lexem.type != FilterLexer.Lexem.Type.COMMA: raise FilterSyntaxError( "Unexpected {!r}. Expected ','.".format(lexem)) lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.STRING: params.append(lexem.str) elif lexem.type == FilterLexer.Lexem.Type.INT: params.append(int(lexem.str)) field = ContactField.objects.get(pk=field_id) # Security check: user must have read access that field if not perms.c_can_view_fields_cg(user_id, field.contact_group_id): raise PermissionDenied filter = field.get_filter_by_name(field_filter_name) return filter.bind(*params) elif lexem.type == FilterLexer.Lexem.Type.WORD and lexem.str == 'gfilter': lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.LPARENTHESIS: raise FilterSyntaxError( "Unexpected {!r}. Expected '('.".format(lexem)) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.INT: raise FilterSyntaxError( "Unexpected {!r}. Expected INT.".format(lexem)) group_id = int(lexem.str) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.COMMA: raise FilterSyntaxError( "Unexpected {!r}. Expected ','.".format(lexem)) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.WORD: raise FilterSyntaxError( "Unexpected {!r}. Expected word.".format(lexem)) group_filter_name = lexem.str params = [] while True: lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.RPARENTHESIS: break if lexem.type != FilterLexer.Lexem.Type.COMMA: raise FilterSyntaxError( "Unexpected {!r}. Expected ','.".format(lexem)) lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.STRING: params.append(lexem.str) elif lexem.type == FilterLexer.Lexem.Type.INT: params.append(int(lexem.str)) # Security check: user must have access to members list of that group if not perms.c_can_see_members_cg(user_id, group_id): raise PermissionDenied filter = (ContactGroup.objects.get(pk=group_id) .get_filter_by_name(group_filter_name)) return filter.bind(*params) elif lexem.type == FilterLexer.Lexem.Type.WORD and lexem.str == 'nfilter': lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.LPARENTHESIS: raise FilterSyntaxError( "Unexpected {!r}. Expected '('.".format(lexem)) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.WORD: raise FilterSyntaxError( "Unexpected {!r}. Expected word.".format(lexem)) name_filter_name = lexem.str params = [] while True: lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.RPARENTHESIS: break if lexem.type != FilterLexer.Lexem.Type.COMMA: raise FilterSyntaxError( "Unexpected {!r}. Expected ','.".format(lexem)) lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.STRING: params.append(lexem.str) elif lexem.type == FilterLexer.Lexem.Type.INT: params.append(int(lexem.str)) filter = ContactNameMetaField.get_filter_by_name(name_filter_name) return filter.bind(*params) elif (lexem.type == FilterLexer.Lexem.Type.WORD and lexem.str == 'allevents'): lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.LPARENTHESIS: raise FilterSyntaxError( "Unexpected {!r}. Expected '('.".format(lexem)) lexem = next(lexer) if lexem.type != FilterLexer.Lexem.Type.WORD: raise FilterSyntaxError( "Unexpected {!r}. Expected word.".format(lexem)) allevents_filter_name = lexem.str params = [] while True: lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.RPARENTHESIS: break if lexem.type != FilterLexer.Lexem.Type.COMMA: raise FilterSyntaxError( "Unexpected {!r}. Expected ','.".format(lexem)) lexem = next(lexer) if lexem.type == FilterLexer.Lexem.Type.STRING: params.append(lexem.str) elif lexem.type == FilterLexer.Lexem.Type.INT: params.append(int(lexem.str)) filter = AllEventsMetaField.get_filter_by_name(allevents_filter_name) return filter.bind(*params) else: raise FilterSyntaxError("Unexpected {!r}.".format(lexem))