##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
repositories: allow updating repository settings for users without store-in-root permissions...
repositories: allow updating repository settings for users without store-in-root permissions in case repository name didn't change. - when an user owns repository in root location, and isn't allow to create repositories in root before we failed to allow this user to update such repository settings due to this validation. We'll now check if name didn't change and in this case allow to update since this doesn't store any new data in root location.
marcink - - Load All Authors

File last commit:

r4306:09801de9 default
r4415:fc1f6c1b default
Show More
views.py
195 lines | 7.9 KiB | text/x-python | PythonLexer
/ rhodecode / apps / file_store / views.py
History | Source | Raw |Copy content |Copy permalink
marcink
file-store: rename module from upload_store to file_store.
 r3453 # -*- coding: utf-8 -*-
marcink
code: update copyrights to 2020
 r4306 # Copyright (C) 2016-2020 RhodeCode GmbH
marcink
file-store: rename module from upload_store to file_store.
 r3453 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import logging
from pyramid.view import view_config
from pyramid.response import FileResponse
from pyramid.httpexceptions import HTTPFound, HTTPNotFound
from rhodecode.apps._base import BaseAppView
from rhodecode.apps.file_store import utils
from rhodecode.apps.file_store.exceptions import (
marcink
file-store: save DB entry on upload, and track access times.
 r3457 FileNotAllowedException, FileOverSizeException)
marcink
file-store: rename module from upload_store to file_store.
 r3453
from rhodecode.lib import helpers as h
from rhodecode.lib import audit_logger
marcink
artifacts: expose a special auth-token based artifacts download urls....
 r4003 from rhodecode.lib.auth import (
CSRFRequired, NotAnonymous, HasRepoPermissionAny, HasRepoGroupPermissionAny,
LoginRequired)
marcink
file-store: use our own logic for setting content-type. This solves a problem...
 r4237 from rhodecode.lib.vcs.conf.mtypes import get_mimetypes_db
marcink
artifacts: expose a special auth-token based artifacts download urls....
 r4003 from rhodecode.model.db import Session, FileStore, UserApiKeys
marcink
file-store: rename module from upload_store to file_store.
 r3453
log = logging.getLogger(__name__)
class FileStoreView(BaseAppView):
upload_key = 'store_file'
def load_default_context(self):
c = self._get_local_tmpl_context()
self.storage = utils.get_file_storage(self.request.registry.settings)
return c
marcink
file-store: use our own logic for setting content-type. This solves a problem...
 r4237 def _guess_type(self, file_name):
"""
Our own type guesser for mimetypes using the rich DB
"""
if not hasattr(self, 'db'):
self.db = get_mimetypes_db()
_content_type, _encoding = self.db.guess_type(file_name, strict=False)
return _content_type, _encoding
marcink
file-store: small code cleanups.
 r4012 def _serve_file(self, file_uid):
if not self.storage.exists(file_uid):
store_path = self.storage.store_path(file_uid)
log.debug('File with FID:%s not found in the store under `%s`',
file_uid, store_path)
raise HTTPNotFound()
db_obj = FileStore().query().filter(FileStore.file_uid == file_uid).scalar()
if not db_obj:
raise HTTPNotFound()
# private upload for user
if db_obj.check_acl and db_obj.scope_user_id:
log.debug('Artifact: checking scope access for bound artifact user: `%s`',
db_obj.scope_user_id)
user = db_obj.user
if self._rhodecode_db_user.user_id != user.user_id:
log.warning('Access to file store object forbidden')
raise HTTPNotFound()
# scoped to repository permissions
if db_obj.check_acl and db_obj.scope_repo_id:
log.debug('Artifact: checking scope access for bound artifact repo: `%s`',
db_obj.scope_repo_id)
repo = db_obj.repo
perm_set = ['repository.read', 'repository.write', 'repository.admin']
has_perm = HasRepoPermissionAny(*perm_set)(repo.repo_name, 'FileStore check')
if not has_perm:
log.warning('Access to file store object `%s` forbidden', file_uid)
raise HTTPNotFound()
# scoped to repository group permissions
if db_obj.check_acl and db_obj.scope_repo_group_id:
log.debug('Artifact: checking scope access for bound artifact repo group: `%s`',
db_obj.scope_repo_group_id)
repo_group = db_obj.repo_group
perm_set = ['group.read', 'group.write', 'group.admin']
has_perm = HasRepoGroupPermissionAny(*perm_set)(repo_group.group_name, 'FileStore check')
if not has_perm:
log.warning('Access to file store object `%s` forbidden', file_uid)
raise HTTPNotFound()
FileStore.bump_access_counter(file_uid)
file_path = self.storage.store_path(file_uid)
marcink
file-store: use our own logic for setting content-type. This solves a problem...
 r4237 content_type = 'application/octet-stream'
content_encoding = None
_content_type, _encoding = self._guess_type(file_path)
if _content_type:
content_type = _content_type
marcink
file-store: don't response with cookies on file-store download.
 r4236 # For file store we don't submit any session data, this logic tells the
# Session lib to skip it
setattr(self.request, '_file_response', True)
marcink
file-store: use our own logic for setting content-type. This solves a problem...
 r4237 return FileResponse(file_path, request=self.request,
content_type=content_type, content_encoding=content_encoding)
marcink
file-store: small code cleanups.
 r4012
marcink
artifacts: expose a special auth-token based artifacts download urls....
 r4003 @LoginRequired()
marcink
file-store: rename module from upload_store to file_store.
 r3453 @NotAnonymous()
@CSRFRequired()
@view_config(route_name='upload_file', request_method='POST', renderer='json_ext')
def upload_file(self):
self.load_default_context()
file_obj = self.request.POST.get(self.upload_key)
if file_obj is None:
return {'store_fid': None,
'access_path': None,
'error': '{} data field is missing'.format(self.upload_key)}
if not hasattr(file_obj, 'filename'):
return {'store_fid': None,
'access_path': None,
'error': 'filename cannot be read from the data field'}
filename = file_obj.filename
metadata = {
'user_uploaded': {'username': self._rhodecode_user.username,
'user_id': self._rhodecode_user.user_id,
'ip': self._rhodecode_user.ip_addr}}
try:
marcink
artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact
 r3679 store_uid, metadata = self.storage.save_file(
marcink
file-store: always calculate sha256 and metadata.
 r3455 file_obj.file, filename, extra_metadata=metadata)
marcink
file-store: rename module from upload_store to file_store.
 r3453 except FileNotAllowedException:
return {'store_fid': None,
'access_path': None,
'error': 'File {} is not allowed.'.format(filename)}
except FileOverSizeException:
return {'store_fid': None,
'access_path': None,
'error': 'File {} is exceeding allowed limit.'.format(filename)}
marcink
file-store: save DB entry on upload, and track access times.
 r3457 try:
entry = FileStore.create(
marcink
artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact
 r3679 file_uid=store_uid, filename=metadata["filename"],
marcink
file-store: save DB entry on upload, and track access times.
 r3457 file_hash=metadata["sha256"], file_size=metadata["size"],
marcink
tests: added some more artifact access tests.
 r4008 file_description=u'upload attachment',
marcink
file-store: save DB entry on upload, and track access times.
 r3457 check_acl=False, user_id=self._rhodecode_user.user_id
)
Session().add(entry)
Session().commit()
log.debug('Stored upload in DB as %s', entry)
except Exception:
log.exception('Failed to store file %s', filename)
return {'store_fid': None,
'access_path': None,
'error': 'File {} failed to store in DB.'.format(filename)}
marcink
artifacts: added reading of metadata and define basic audit-log entries for add/delete artifact
 r3679 return {'store_fid': store_uid,
'access_path': h.route_path('download_file', fid=store_uid)}
marcink
file-store: rename module from upload_store to file_store.
 r3453
marcink
artifacts: expose a special auth-token based artifacts download urls....
 r4003 # ACL is checked by scopes, if no scope the file is accessible to all
@view_config(route_name='download_file')
def download_file(self):
self.load_default_context()
file_uid = self.request.matchdict['fid']
log.debug('Requesting FID:%s from store %s', file_uid, self.storage)
return self._serve_file(file_uid)
marcink
tests: added some more artifact access tests.
 r4008 # in addition to @LoginRequired ACL is checked by scopes
marcink
artifacts: expose a special auth-token based artifacts download urls....
 r4003 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_ARTIFACT_DOWNLOAD])
marcink
tests: added some more artifact access tests.
 r4008 @NotAnonymous()
marcink
artifacts: expose a special auth-token based artifacts download urls....
 r4003 @view_config(route_name='download_file_by_token')
def download_file_by_token(self):
"""
Special view that allows to access the download file by special URL that
is stored inside the URL.
http://example.com/_file_store/token-download/TOKEN/FILE_UID
"""
self.load_default_context()
file_uid = self.request.matchdict['fid']
return self._serve_file(file_uid)