def fsDownloadView(fsPathString=''): """Download-file view.""" user = g.user lsPath = splitPathString(fsPathString) boxPath, fileName = lsPath[:-1], lsPath[-1] db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] parentBox = getBoxFromPath(db, boxPath, user) request._onErrorUrl = url_for( 'lsView', lsPathString='/'.join(boxPath[1:]), ) if parentBox is not None: file = getFileFromParent(db, parentBox, fileName, user) if file is not None: filePhysicalPath, filePhysicalName = fileIdToSplitPath( file.file_id, fileStorageDirectory=fileStorageDirectory, ) return send_from_directory( filePhysicalPath, filePhysicalName, attachment_filename=file.name, as_attachment=True, mimetype=file.mime_type, ) else: return abort(404, 'Content unavailable') else: return abort(404, 'Content unavailable')
def ticketGalleryFsView(ticketId, securityCode, fileName): """ View-file-within-a-ticket-generated-gallery-view route. Helper endpoint to return viewable (only viewables, there's no 'download') files in a ticket-gallery view. Must take care of punching the ticket. """ user = g.user db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] # richTicket = dbGetEnrichAndCheckTicket( db, 'g', ticketId, securityCode, request.url_root, ) if richTicket is not None: issuer = dbGetUser(db, richTicket['ticket'].username) if richTicket['redeemable']: # valid ticket. Further checks are on the way. if (not g.settings['behaviour']['behaviour_tickets'] ['protect_banned_user_tickets']['value'] or issuer.banned == 0): # boxPath = richTicket['metadata']['box_path'] request._onErrorUrl = url_for( 'lsView', lsPathString='/'.join(boxPath[1:]), ) parentBox = getBoxFromPath(db, boxPath[1:], issuer) if parentBox is not None: # we retrieve the file and serve it file = getFileFromParent(db, parentBox, fileName, issuer) if file is not None: dbPunchRichTicket(db, richTicket) filePhysicalPath, filePhysicalName = fileIdToSplitPath( file.file_id, fileStorageDirectory=fileStorageDirectory, ) return send_from_directory( filePhysicalPath, filePhysicalName, attachment_filename=file.name, as_attachment=True, mimetype=file.mime_type, ) else: return abort(404, 'Content unavailable') else: return abort(404, 'Content unavailable') else: return abort(404, 'Content unavailable') else: return abort(404, 'Content unavailable') else: return abort(404, 'Content unavailable')
def fileThumbnailView(dummyId, fsPathString): """Route for access to thumbnail image files based on file path.""" user = g.user lsPath = splitPathString(fsPathString) boxPath, fileName = lsPath[:-1], lsPath[-1] db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] parentBox = getBoxFromPath(db, boxPath, user) request._onErrorUrl = url_for( 'lsView', lsPathString='/'.join(boxPath[1:]), ) file = getFileFromParent(db, parentBox, fileName, user) if (file is not None and file.icon_file_id is not None and file.icon_file_id != ''): filePhysicalPath, filePhysicalName = fileIdToSplitPath( file.icon_file_id, fileStorageDirectory=fileStorageDirectory, ) return send_from_directory( filePhysicalPath, filePhysicalName, mimetype=file.icon_mime_type, ) else: return redirect(pickFileThumbnail(file.mime_type))
def settingThumbnailView(dummyId, settingGroupId, settingId): """ Route for access to setting (of type image) thumbnail with live resolution of id-vs-default. """ user = g.user db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] setting = g.settings['image'][settingGroupId][settingId]['setting'] if setting.klass != 'image': raise RuntimeError('unexpected setting of non-image klass') else: if setting.value != '': filePhysicalPath, filePhysicalName = fileIdToSplitPath( setting.value, fileStorageDirectory=fileStorageDirectory, ) mimeType = setting.icon_mime_type else: filePhysicalPath = defaultAppImageDirectory filePhysicalName = setting.default_value mimeType = setting.default_icon_mime_type # return send_from_directory( filePhysicalPath, filePhysicalName, mimetype=mimeType, )
def boxThumbnailView(dummyId, boxPathString=''): """Route for access to thumbnail image files based on box path.""" user = g.user db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] if boxPathString == '': # root case return redirect(makeSettingImageUrl(g, 'app_images', 'root_box')) else: db = dbGetDatabase() boxPath = splitPathString(boxPathString) request._onErrorUrl = url_for( 'lsView', lsPathString='/'.join(boxPath[1:]), ) box = getBoxFromPath(db, boxPath, user) if (box is not None and box.icon_file_id is not None and box.icon_file_id != ''): filePhysicalPath, filePhysicalName = fileIdToSplitPath( box.icon_file_id, fileStorageDirectory=fileStorageDirectory, ) return send_from_directory( filePhysicalPath, filePhysicalName, mimetype=box.icon_mime_type, ) else: return redirect( makeSettingImageUrl( g, 'app_images', 'standard_box', ))
def linkThumbnailView(dummyId, fsPathString=''): """Route for access to thumbnail image files based on link path.""" user = g.user lsPath = splitPathString(fsPathString) boxPath, linkName = lsPath[:-1], lsPath[-1] db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] parentBox = getBoxFromPath(db, boxPath, user) request._onErrorUrl = url_for( 'lsView', lsPathString='/'.join(boxPath[1:]), ) link = getLinkFromParent(db, parentBox, linkName, user) if (link is not None and link.icon_file_id is not None and link.icon_file_id != ''): filePhysicalPath, filePhysicalName = fileIdToSplitPath( link.icon_file_id, fileStorageDirectory=fileStorageDirectory, ) return send_from_directory( filePhysicalPath, filePhysicalName, mimetype=link.icon_mime_type, ) else: return redirect(makeSettingImageUrl(g, 'app_images', 'external_link'))
def ticketFsDownloadView(ticketId, securityCode): """ Give-the-file-contents-based-on-ticket route. Helper endpoint to load-and-return a file upon a ticket; access to files based on a ticket. Used by both the direct-file-download or the view-file file-ticket modes. Note: punching occurs here. """ user = g.user db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] # richTicket = dbGetEnrichAndCheckTicket( db, 'f', ticketId, securityCode, request.url_root, ) issuer = (dbGetUser(db, richTicket['ticket'].username) if richTicket is not None else None) noBandUsrTickets = g.settings['behaviour']['behaviour_tickets'][ 'protect_banned_user_tickets']['value'] if (issuer is not None and (not noBandUsrTickets or issuer.banned == 0)): boxPath, fileName = ( richTicket['metadata']['path'][:-1], richTicket['metadata']['path'][-1], ) parentBox = getBoxFromPath(db, boxPath, issuer) # if parentBox is not None: file = getFileFromParent(db, parentBox, fileName, issuer) if file is not None: # return it and contextually punch the ticket dbPunchRichTicket(db, richTicket) # then we return the file as a download # (this flow assumes download is desired as opposed to view) filePhysicalPath, filePhysicalName = fileIdToSplitPath( file.file_id, fileStorageDirectory=fileStorageDirectory, ) return send_from_directory( filePhysicalPath, filePhysicalName, attachment_filename=file.name, as_attachment=True, mimetype=file.mime_type, ) else: return abort(404, 'Content unavailable') else: return abort(404, 'Content unavailable') else: return abort(404, 'Content unavailable')
def userThumbnailView(dummyId, username): """Route for access to thumbnail image files based on user name.""" user = g.user db = dbGetDatabase() fileStorageDirectory = g.settings['system']['system_directories'][ 'fs_directory']['value'] if user.username == username or userIsAdmin(db, user): targetUser = (user if user.username == username else dbGetUser( db, username)) if targetUser.icon_file_id != '': filePhysicalPath, filePhysicalName = fileIdToSplitPath( targetUser.icon_file_id, fileStorageDirectory=fileStorageDirectory, ) return send_from_directory( filePhysicalPath, filePhysicalName, mimetype=targetUser.icon_mime_type, ) else: return redirect(makeSettingImageUrl(g, 'user_images', 'user_icon')) else: return abort(400, 'User has no permission to access this resource.')