##// END OF EJS Templates
file-store: small code cleanups.
marcink -
r4012:b20c076b default
parent child Browse files
Show More
@@ -0,0 +1,19 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2016-2019 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
1 NO CONTENT: file renamed from rhodecode/apps/file_store/local_store.py to rhodecode/apps/file_store/backends/local_store.py
@@ -25,7 +25,7 b' import pathlib2'
25 25
26 26
27 27 def get_file_storage(settings):
28 from rhodecode.apps.file_store.local_store import LocalFileStorage
28 from rhodecode.apps.file_store.backends.local_store import LocalFileStorage
29 29 from rhodecode.apps.file_store import config_keys
30 30 store_path = settings.get(config_keys.store_path)
31 31 return LocalFileStorage(base_path=store_path)
@@ -46,6 +46,54 b' class FileStoreView(BaseAppView):'
46 46 self.storage = utils.get_file_storage(self.request.registry.settings)
47 47 return c
48 48
49 def _serve_file(self, file_uid):
50
51 if not self.storage.exists(file_uid):
52 store_path = self.storage.store_path(file_uid)
53 log.debug('File with FID:%s not found in the store under `%s`',
54 file_uid, store_path)
55 raise HTTPNotFound()
56
57 db_obj = FileStore().query().filter(FileStore.file_uid == file_uid).scalar()
58 if not db_obj:
59 raise HTTPNotFound()
60
61 # private upload for user
62 if db_obj.check_acl and db_obj.scope_user_id:
63 log.debug('Artifact: checking scope access for bound artifact user: `%s`',
64 db_obj.scope_user_id)
65 user = db_obj.user
66 if self._rhodecode_db_user.user_id != user.user_id:
67 log.warning('Access to file store object forbidden')
68 raise HTTPNotFound()
69
70 # scoped to repository permissions
71 if db_obj.check_acl and db_obj.scope_repo_id:
72 log.debug('Artifact: checking scope access for bound artifact repo: `%s`',
73 db_obj.scope_repo_id)
74 repo = db_obj.repo
75 perm_set = ['repository.read', 'repository.write', 'repository.admin']
76 has_perm = HasRepoPermissionAny(*perm_set)(repo.repo_name, 'FileStore check')
77 if not has_perm:
78 log.warning('Access to file store object `%s` forbidden', file_uid)
79 raise HTTPNotFound()
80
81 # scoped to repository group permissions
82 if db_obj.check_acl and db_obj.scope_repo_group_id:
83 log.debug('Artifact: checking scope access for bound artifact repo group: `%s`',
84 db_obj.scope_repo_group_id)
85 repo_group = db_obj.repo_group
86 perm_set = ['group.read', 'group.write', 'group.admin']
87 has_perm = HasRepoGroupPermissionAny(*perm_set)(repo_group.group_name, 'FileStore check')
88 if not has_perm:
89 log.warning('Access to file store object `%s` forbidden', file_uid)
90 raise HTTPNotFound()
91
92 FileStore.bump_access_counter(file_uid)
93
94 file_path = self.storage.store_path(file_uid)
95 return FileResponse(file_path)
96
49 97 @LoginRequired()
50 98 @NotAnonymous()
51 99 @CSRFRequired()
@@ -102,54 +150,6 b' class FileStoreView(BaseAppView):'
102 150 return {'store_fid': store_uid,
103 151 'access_path': h.route_path('download_file', fid=store_uid)}
104 152
105 def _serve_file(self, file_uid):
106
107 if not self.storage.exists(file_uid):
108 store_path = self.storage.store_path(file_uid)
109 log.debug('File with FID:%s not found in the store under `%s`',
110 file_uid, store_path)
111 raise HTTPNotFound()
112
113 db_obj = FileStore().query().filter(FileStore.file_uid == file_uid).scalar()
114 if not db_obj:
115 raise HTTPNotFound()
116
117 # private upload for user
118 if db_obj.check_acl and db_obj.scope_user_id:
119 log.debug('Artifact: checking scope access for bound artifact user: `%s`',
120 db_obj.scope_user_id)
121 user = db_obj.user
122 if self._rhodecode_db_user.user_id != user.user_id:
123 log.warning('Access to file store object forbidden')
124 raise HTTPNotFound()
125
126 # scoped to repository permissions
127 if db_obj.check_acl and db_obj.scope_repo_id:
128 log.debug('Artifact: checking scope access for bound artifact repo: `%s`',
129 db_obj.scope_repo_id)
130 repo = db_obj.repo
131 perm_set = ['repository.read', 'repository.write', 'repository.admin']
132 has_perm = HasRepoPermissionAny(*perm_set)(repo.repo_name, 'FileStore check')
133 if not has_perm:
134 log.warning('Access to file store object `%s` forbidden', file_uid)
135 raise HTTPNotFound()
136
137 # scoped to repository group permissions
138 if db_obj.check_acl and db_obj.scope_repo_group_id:
139 log.debug('Artifact: checking scope access for bound artifact repo group: `%s`',
140 db_obj.scope_repo_group_id)
141 repo_group = db_obj.repo_group
142 perm_set = ['group.read', 'group.write', 'group.admin']
143 has_perm = HasRepoGroupPermissionAny(*perm_set)(repo_group.group_name, 'FileStore check')
144 if not has_perm:
145 log.warning('Access to file store object `%s` forbidden', file_uid)
146 raise HTTPNotFound()
147
148 FileStore.bump_access_counter(file_uid)
149
150 file_path = self.storage.store_path(file_uid)
151 return FileResponse(file_path)
152
153 153 # ACL is checked by scopes, if no scope the file is accessible to all
154 154 @view_config(route_name='download_file')
155 155 def download_file(self):
General Comments 0
You need to be logged in to leave comments. Login now