rhodecode-enterprise-ce Files · rhodecode/apps/file_store/views.py

spelling

super-admin - - Load All Authors

File last commit:

r5095:aa627a5f default


                r5133:0ea0ce62

default

Download file

             views.py
        
                    200 lines
            
             | 8.0 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / apps / file_store / views.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        super-admin
    
copyrights: updated for 2023

              r5088
            
      # Copyright (C) 2016-2023 RhodeCode GmbH

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      import logging

        milka
    
application: not use config.scan(), and replace all @add_view decorator into a explicit add_view call for faster app start.

              r4610
            
        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
      from pyramid.response import FileResponse

      from pyramid.httpexceptions import HTTPFound, HTTPNotFound

      from rhodecode.apps._base import BaseAppView

      from rhodecode.apps.file_store import utils

      from rhodecode.apps.file_store.exceptions import (

        marcink
    
file-store: save DB entry on upload, and track access times.

              r3457
            
          FileNotAllowedException, FileOverSizeException)

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
      from rhodecode.lib import helpers as h

      from rhodecode.lib import audit_logger

        marcink
    
artifacts: expose a special auth-token based artifacts download urls....

              r4003
            
      from rhodecode.lib.auth import (

          CSRFRequired, NotAnonymous, HasRepoPermissionAny, HasRepoGroupPermissionAny,

          LoginRequired)

        marcink
    
file-store: use our own logic for setting content-type. This solves a problem...

              r4237
            
      from rhodecode.lib.vcs.conf.mtypes import get_mimetypes_db

        marcink
    
artifacts: expose a special auth-token based artifacts download urls....

              r4003
            
      from rhodecode.model.db import Session, FileStore, UserApiKeys

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
      log = logging.getLogger(__name__)

      class FileStoreView(BaseAppView):

          upload_key = 'store_file'

          def load_default_context(self):

              c = self._get_local_tmpl_context()

              self.storage = utils.get_file_storage(self.request.registry.settings)

              return c

        marcink
    
file-store: use our own logic for setting content-type. This solves a problem...

              r4237
            
          def _guess_type(self, file_name):

              """

              Our own type guesser for mimetypes using the rich DB

              """

              if not hasattr(self, 'db'):

                  self.db = get_mimetypes_db()

              _content_type, _encoding = self.db.guess_type(file_name, strict=False)

              return _content_type, _encoding

        marcink
    
file-store: small code cleanups.

              r4012
            
          def _serve_file(self, file_uid):

              if not self.storage.exists(file_uid):

                  store_path = self.storage.store_path(file_uid)

                  log.debug('File with FID:%s not found in the store under `%s`',

                            file_uid, store_path)

                  raise HTTPNotFound()

        marcink
    
artifacts: few fixes for handling cases of using sub path to store artifacts....

              r4476
            
              db_obj = FileStore.get_by_store_uid(file_uid, safe=True)

        marcink
    
file-store: small code cleanups.

              r4012
            
              if not db_obj:

                  raise HTTPNotFound()

              # private upload for user

              if db_obj.check_acl and db_obj.scope_user_id:

                  log.debug('Artifact: checking scope access for bound artifact user: `%s`',

                            db_obj.scope_user_id)

                  user = db_obj.user

                  if self._rhodecode_db_user.user_id != user.user_id:

                      log.warning('Access to file store object forbidden')

                      raise HTTPNotFound()

              # scoped to repository permissions

              if db_obj.check_acl and db_obj.scope_repo_id:

                  log.debug('Artifact: checking scope access for bound artifact repo: `%s`',

                            db_obj.scope_repo_id)

                  repo = db_obj.repo

                  perm_set = ['repository.read', 'repository.write', 'repository.admin']

                  has_perm = HasRepoPermissionAny(*perm_set)(repo.repo_name, 'FileStore check')

                  if not has_perm:

                      log.warning('Access to file store object `%s` forbidden', file_uid)

                      raise HTTPNotFound()

              # scoped to repository group permissions

              if db_obj.check_acl and db_obj.scope_repo_group_id:

                  log.debug('Artifact: checking scope access for bound artifact repo group: `%s`',

                            db_obj.scope_repo_group_id)

                  repo_group = db_obj.repo_group

                  perm_set = ['group.read', 'group.write', 'group.admin']

                  has_perm = HasRepoGroupPermissionAny(*perm_set)(repo_group.group_name, 'FileStore check')

                  if not has_perm:

                      log.warning('Access to file store object `%s` forbidden', file_uid)

                      raise HTTPNotFound()

              FileStore.bump_access_counter(file_uid)

              file_path = self.storage.store_path(file_uid)

        marcink
    
file-store: use our own logic for setting content-type. This solves a problem...

              r4237
            
              content_type = 'application/octet-stream'

              content_encoding = None

              _content_type, _encoding = self._guess_type(file_path)

              if _content_type:

                  content_type = _content_type

        marcink
    
file-store: don't response with cookies on file-store download.

              r4236
            
              # For file store we don't submit any session data, this logic tells the

              # Session lib to skip it

              setattr(self.request, '_file_response', True)

        milka
    
file-store: expose additional headers, and content-disposiztion for nicer downloads

              r4609
            
              response = FileResponse(

                  file_path, request=self.request,

                  content_type=content_type, content_encoding=content_encoding)

              file_name = db_obj.file_display_name

              response.headers["Content-Disposition"] = (

        super-admin
    
modernize: updates for python3

              r5095
            
                  f'attachment; filename="{str(file_name)}"'

        milka
    
file-store: expose additional headers, and content-disposiztion for nicer downloads

              r4609
            
              )

              response.headers["X-RC-Artifact-Id"] = str(db_obj.file_store_id)

              response.headers["X-RC-Artifact-Desc"] = str(db_obj.file_description)

              response.headers["X-RC-Artifact-Sha256"] = str(db_obj.file_hash)

              return response

        marcink
    
file-store: small code cleanups.

              r4012
            
        marcink
    
artifacts: expose a special auth-token based artifacts download urls....

              r4003
            
          @LoginRequired()

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
          @NotAnonymous()

          @CSRFRequired()

          def upload_file(self):

              self.load_default_context()

              file_obj = self.request.POST.get(self.upload_key)

              if file_obj is None:

                  return {'store_fid': None,

                          'access_path': None,

        super-admin
    
modernize: updates for python3

              r5095
            
                          'error': f'{self.upload_key} data field is missing'}

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
              if not hasattr(file_obj, 'filename'):

                  return {'store_fid': None,

                          'access_path': None,

                          'error': 'filename cannot be read from the data field'}

              filename = file_obj.filename

              metadata = {

                  'user_uploaded': {'username': self._rhodecode_user.username,

                                    'user_id': self._rhodecode_user.user_id,

                                    'ip': self._rhodecode_user.ip_addr}}

              try:

        marcink
    
artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact

              r3679
            
                  store_uid, metadata = self.storage.save_file(

        marcink
    
file-store: always calculate sha256 and metadata.

              r3455
            
                      file_obj.file, filename, extra_metadata=metadata)

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
              except FileNotAllowedException:

                  return {'store_fid': None,

                          'access_path': None,

        super-admin
    
modernize: updates for python3

              r5095
            
                          'error': f'File {filename} is not allowed.'}

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
              except FileOverSizeException:

                  return {'store_fid': None,

                          'access_path': None,

        super-admin
    
modernize: updates for python3

              r5095
            
                          'error': f'File {filename} is exceeding allowed limit.'}

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
        marcink
    
file-store: save DB entry on upload, and track access times.

              r3457
            
              try:

                  entry = FileStore.create(

        marcink
    
artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact

              r3679
            
                      file_uid=store_uid, filename=metadata["filename"],

        marcink
    
file-store: save DB entry on upload, and track access times.

              r3457
            
                      file_hash=metadata["sha256"], file_size=metadata["size"],

        super-admin
    
modernize: updates for python3

              r5095
            
                      file_description='upload attachment',

        marcink
    
file-store: save DB entry on upload, and track access times.

              r3457
            
                      check_acl=False, user_id=self._rhodecode_user.user_id

                  )

                  Session().add(entry)

                  Session().commit()

                  log.debug('Stored upload in DB as %s', entry)

              except Exception:

                  log.exception('Failed to store file %s', filename)

                  return {'store_fid': None,

                          'access_path': None,

        super-admin
    
modernize: updates for python3

              r5095
            
                          'error': f'File {filename} failed to store in DB.'}

        marcink
    
file-store: save DB entry on upload, and track access times.

              r3457
            
        marcink
    
artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact

              r3679
            
              return {'store_fid': store_uid,

                      'access_path': h.route_path('download_file', fid=store_uid)}

        marcink
    
file-store: rename module from upload_store to file_store.

              r3453
            
        marcink
    
artifacts: expose a special auth-token based artifacts download urls....

              r4003
            
          # ACL is checked by scopes, if no scope the file is accessible to all

          def download_file(self):

              self.load_default_context()

              file_uid = self.request.matchdict['fid']

              log.debug('Requesting FID:%s from store %s', file_uid, self.storage)

              return self._serve_file(file_uid)

        marcink
    
tests: added some more artifact access tests.

              r4008
            
          # in addition to @LoginRequired ACL is checked by scopes

        marcink
    
artifacts: expose a special auth-token based artifacts download urls....

              r4003
            
          @LoginRequired(auth_token_access=[UserApiKeys.ROLE_ARTIFACT_DOWNLOAD])

        marcink
    
tests: added some more artifact access tests.

              r4008
            
          @NotAnonymous()

        marcink
    
artifacts: expose a special auth-token based artifacts download urls....

              r4003
            
          def download_file_by_token(self):

              """

              Special view that allows to access the download file by special URL that

              is stored inside the URL.

              http://example.com/_file_store/token-download/TOKEN/FILE_UID

              """

              self.load_default_context()

              file_uid = self.request.matchdict['fid']

              return self._serve_file(file_uid)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

super-admin copyrights: updated for 2023	r5088	# Copyright (C) 2016-2023 RhodeCode GmbH
marcink file-store: rename module from upload_store to file_store.	r3453	#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/
		import logging

milka application: not use config.scan(), and replace all @add_view decorator into a explicit add_view call for faster app start.	r4610
marcink file-store: rename module from upload_store to file_store.	r3453	from pyramid.response import FileResponse
		from pyramid.httpexceptions import HTTPFound, HTTPNotFound

		from rhodecode.apps._base import BaseAppView
		from rhodecode.apps.file_store import utils
		from rhodecode.apps.file_store.exceptions import (
marcink file-store: save DB entry on upload, and track access times.	r3457	FileNotAllowedException, FileOverSizeException)
marcink file-store: rename module from upload_store to file_store.	r3453
		from rhodecode.lib import helpers as h
		from rhodecode.lib import audit_logger
marcink artifacts: expose a special auth-token based artifacts download urls....	r4003	from rhodecode.lib.auth import (
		CSRFRequired, NotAnonymous, HasRepoPermissionAny, HasRepoGroupPermissionAny,
		LoginRequired)
marcink file-store: use our own logic for setting content-type. This solves a problem...	r4237	from rhodecode.lib.vcs.conf.mtypes import get_mimetypes_db
marcink artifacts: expose a special auth-token based artifacts download urls....	r4003	from rhodecode.model.db import Session, FileStore, UserApiKeys
marcink file-store: rename module from upload_store to file_store.	r3453
		log = logging.getLogger(__name__)


		class FileStoreView(BaseAppView):
		upload_key = 'store_file'

		def load_default_context(self):
		c = self._get_local_tmpl_context()
		self.storage = utils.get_file_storage(self.request.registry.settings)
		return c

marcink file-store: use our own logic for setting content-type. This solves a problem...	r4237	def _guess_type(self, file_name):
		"""
		Our own type guesser for mimetypes using the rich DB
		"""
		if not hasattr(self, 'db'):
		self.db = get_mimetypes_db()
		_content_type, _encoding = self.db.guess_type(file_name, strict=False)
		return _content_type, _encoding

marcink file-store: small code cleanups.	r4012	def _serve_file(self, file_uid):
		if not self.storage.exists(file_uid):
		store_path = self.storage.store_path(file_uid)
		log.debug('File with FID:%s not found in the store under `%s`',
		file_uid, store_path)
		raise HTTPNotFound()

marcink artifacts: few fixes for handling cases of using sub path to store artifacts....	r4476	db_obj = FileStore.get_by_store_uid(file_uid, safe=True)
marcink file-store: small code cleanups.	r4012	if not db_obj:
		raise HTTPNotFound()

		# private upload for user
		if db_obj.check_acl and db_obj.scope_user_id:
		log.debug('Artifact: checking scope access for bound artifact user: `%s`',
		db_obj.scope_user_id)
		user = db_obj.user
		if self._rhodecode_db_user.user_id != user.user_id:
		log.warning('Access to file store object forbidden')
		raise HTTPNotFound()

		# scoped to repository permissions
		if db_obj.check_acl and db_obj.scope_repo_id:
		log.debug('Artifact: checking scope access for bound artifact repo: `%s`',
		db_obj.scope_repo_id)
		repo = db_obj.repo
		perm_set = ['repository.read', 'repository.write', 'repository.admin']
		has_perm = HasRepoPermissionAny(*perm_set)(repo.repo_name, 'FileStore check')
		if not has_perm:
		log.warning('Access to file store object `%s` forbidden', file_uid)
		raise HTTPNotFound()

		# scoped to repository group permissions
		if db_obj.check_acl and db_obj.scope_repo_group_id:
		log.debug('Artifact: checking scope access for bound artifact repo group: `%s`',
		db_obj.scope_repo_group_id)
		repo_group = db_obj.repo_group
		perm_set = ['group.read', 'group.write', 'group.admin']
		has_perm = HasRepoGroupPermissionAny(*perm_set)(repo_group.group_name, 'FileStore check')
		if not has_perm:
		log.warning('Access to file store object `%s` forbidden', file_uid)
		raise HTTPNotFound()

		FileStore.bump_access_counter(file_uid)

		file_path = self.storage.store_path(file_uid)
marcink file-store: use our own logic for setting content-type. This solves a problem...	r4237	content_type = 'application/octet-stream'
		content_encoding = None

		_content_type, _encoding = self._guess_type(file_path)
		if _content_type:
		content_type = _content_type

marcink file-store: don't response with cookies on file-store download.	r4236	# For file store we don't submit any session data, this logic tells the
		# Session lib to skip it
		setattr(self.request, '_file_response', True)
milka file-store: expose additional headers, and content-disposiztion for nicer downloads	r4609	response = FileResponse(
		file_path, request=self.request,
		content_type=content_type, content_encoding=content_encoding)

		file_name = db_obj.file_display_name

		response.headers["Content-Disposition"] = (
super-admin modernize: updates for python3	r5095	f'attachment; filename="{str(file_name)}"'
milka file-store: expose additional headers, and content-disposiztion for nicer downloads	r4609	)
		response.headers["X-RC-Artifact-Id"] = str(db_obj.file_store_id)
		response.headers["X-RC-Artifact-Desc"] = str(db_obj.file_description)
		response.headers["X-RC-Artifact-Sha256"] = str(db_obj.file_hash)
		return response
marcink file-store: small code cleanups.	r4012
marcink artifacts: expose a special auth-token based artifacts download urls....	r4003	@LoginRequired()
marcink file-store: rename module from upload_store to file_store.	r3453	@NotAnonymous()
		@CSRFRequired()
		def upload_file(self):
		self.load_default_context()
		file_obj = self.request.POST.get(self.upload_key)

		if file_obj is None:
		return {'store_fid': None,
		'access_path': None,
super-admin modernize: updates for python3	r5095	'error': f'{self.upload_key} data field is missing'}
marcink file-store: rename module from upload_store to file_store.	r3453
		if not hasattr(file_obj, 'filename'):
		return {'store_fid': None,
		'access_path': None,
		'error': 'filename cannot be read from the data field'}

		filename = file_obj.filename

		metadata = {
		'user_uploaded': {'username': self._rhodecode_user.username,
		'user_id': self._rhodecode_user.user_id,
		'ip': self._rhodecode_user.ip_addr}}
		try:
marcink artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact	r3679	store_uid, metadata = self.storage.save_file(
marcink file-store: always calculate sha256 and metadata.	r3455	file_obj.file, filename, extra_metadata=metadata)
marcink file-store: rename module from upload_store to file_store.	r3453	except FileNotAllowedException:
		return {'store_fid': None,
		'access_path': None,
super-admin modernize: updates for python3	r5095	'error': f'File {filename} is not allowed.'}
marcink file-store: rename module from upload_store to file_store.	r3453
		except FileOverSizeException:
		return {'store_fid': None,
		'access_path': None,
super-admin modernize: updates for python3	r5095	'error': f'File {filename} is exceeding allowed limit.'}
marcink file-store: rename module from upload_store to file_store.	r3453
marcink file-store: save DB entry on upload, and track access times.	r3457	try:
		entry = FileStore.create(
marcink artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact	r3679	file_uid=store_uid, filename=metadata["filename"],
marcink file-store: save DB entry on upload, and track access times.	r3457	file_hash=metadata["sha256"], file_size=metadata["size"],
super-admin modernize: updates for python3	r5095	file_description='upload attachment',
marcink file-store: save DB entry on upload, and track access times.	r3457	check_acl=False, user_id=self._rhodecode_user.user_id
		)
		Session().add(entry)
		Session().commit()
		log.debug('Stored upload in DB as %s', entry)
		except Exception:
		log.exception('Failed to store file %s', filename)
		return {'store_fid': None,
		'access_path': None,
super-admin modernize: updates for python3	r5095	'error': f'File {filename} failed to store in DB.'}
marcink file-store: save DB entry on upload, and track access times.	r3457
marcink artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact	r3679	return {'store_fid': store_uid,
		'access_path': h.route_path('download_file', fid=store_uid)}
marcink file-store: rename module from upload_store to file_store.	r3453
marcink artifacts: expose a special auth-token based artifacts download urls....	r4003	# ACL is checked by scopes, if no scope the file is accessible to all
		def download_file(self):
		self.load_default_context()
		file_uid = self.request.matchdict['fid']
		log.debug('Requesting FID:%s from store %s', file_uid, self.storage)
		return self._serve_file(file_uid)

marcink tests: added some more artifact access tests.	r4008	# in addition to @LoginRequired ACL is checked by scopes
marcink artifacts: expose a special auth-token based artifacts download urls....	r4003	@LoginRequired(auth_token_access=[UserApiKeys.ROLE_ARTIFACT_DOWNLOAD])
marcink tests: added some more artifact access tests.	r4008	@NotAnonymous()
marcink artifacts: expose a special auth-token based artifacts download urls....	r4003	def download_file_by_token(self):
		"""
		Special view that allows to access the download file by special URL that
		is stored inside the URL.

		http://example.com/_file_store/token-download/TOKEN/FILE_UID
		"""
		self.load_default_context()
		file_uid = self.request.matchdict['fid']
		return self._serve_file(file_uid)