rename uuid to secret on attachments

misago/threads/api/attachments.py

@@ -36,7 +36,7 @@ class AttachmentViewSet(viewsets.ViewSet):
         validate_filesize(upload, filetype, request.user.acl['max_attachment_size'])
 
         attachment = Attachment(
-            uuid=Attachment.generate_new_uuid(),
+            secret=Attachment.generate_new_secret(),
             filetype=filetype,
             uploader=request.user,
             uploader_name=request.user.username,

misago/threads/migrations/0001_initial.py

@@ -224,7 +224,7 @@ class Migration(migrations.Migration):
             name='Attachment',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('uuid', models.CharField(max_length=64)),
+                ('secret', models.CharField(max_length=64)),
                 ('uploaded_on', models.DateTimeField(default=django.utils.timezone.now)),
                 ('uploader_name', models.CharField(max_length=255)),
                 ('uploader_slug', models.CharField(max_length=255)),

misago/threads/models/attachment.py

@@ -11,7 +11,7 @@ from PIL import Image
 
 
 class Attachment(models.Model):
-    uuid = models.CharField(max_length=64)
+    secret = models.CharField(max_length=64)
     filetype = models.ForeignKey('AttachmentType')
     post = models.ForeignKey(
         'Post',
@@ -41,7 +41,7 @@ class Attachment(models.Model):
     downloads = models.PositiveIntegerField(default=0)
 
     @classmethod
-    def generate_new_uuid(cls):
+    def generate_new_secret(cls):
         return get_random_string(settings.MISAGO_ATTACHMENT_SECRET_LENGTH)
 
     @property
@@ -55,14 +55,14 @@ class Attachment(models.Model):
     def get_absolute_url(self):
         return reverse('misago:attachment', kwargs={
             'pk': self.pk,
-            'uuid': self.uuid,
+            'secret': self.secret,
         })
 
     def get_thumbnail_url(self):
         if self.is_image:
             return reverse('misago:attachment-thumbnail', kwargs={
                 'pk': self.pk,
-                'uuid': self.uuid,
+                'secret': self.secret,
             })
         else:
             return None

misago/threads/tests/test_attachmenttypeadmin_views.py

@@ -170,7 +170,7 @@ class AttachmentTypeAdminViewsTests(AdminTestCase):
         self.assertEqual(test_type.name, 'Test type')
 
         test_type.attachment_set.create(
-            uuid='loremipsum',
+            secret='loremipsum',
             filetype=test_type,
             uploader_name='Bob',
             uploader_slug='bob',

misago/threads/tests/test_attachmentview.py

@@ -97,18 +97,18 @@ class AttachmentViewTestCase(AuthenticatedUserTestCase):
         """user tries to retrieve nonexistant file"""
         response = self.client.get(reverse('misago:attachment', kwargs={
             'pk': 123,
-            'uuid': 'qwertyuiop'
+            'secret': 'qwertyuiop'
         }))
 
         self.assertIs404(response)
 
-    def test_invalid_uuid(self):
-        """user tries to retrieve existing file using invalid uuid"""
+    def test_invalid_secret(self):
+        """user tries to retrieve existing file using invalid secret"""
         attachment = self.upload_document()
 
         response = self.client.get(reverse('misago:attachment', kwargs={
             'pk': attachment.pk,
-            'uuid': 'qwertyuiop'
+            'secret': 'qwertyuiop'
         }))
 
         self.assertIs404(response)
@@ -135,7 +135,7 @@ class AttachmentViewTestCase(AuthenticatedUserTestCase):
 
         response = self.client.get(reverse('misago:attachment-thumbnail', kwargs={
             'pk': attachment.pk,
-            'uuid': attachment.uuid
+            'secret': attachment.secret
         }))
         self.assertIs404(response)
 

misago/threads/urls/__init__.py

@@ -113,6 +113,6 @@ urlpatterns += goto_patterns(
 
 
 urlpatterns += [
-    url(r'^attachment/(?P<uuid>[-a-zA-Z0-9]+)-(?P<pk>\d+)/', attachment_server, name='attachment'),
-    url(r'^attachment/thumb/(?P<uuid>[-a-zA-Z0-9]+)-(?P<pk>\d+)/', attachment_server, name='attachment-thumbnail', kwargs={'thumbnail': True}),
+    url(r'^attachment/(?P<secret>[-a-zA-Z0-9]+)-(?P<pk>\d+)/', attachment_server, name='attachment'),
+    url(r'^attachment/thumb/(?P<secret>[-a-zA-Z0-9]+)-(?P<pk>\d+)/', attachment_server, name='attachment-thumbnail', kwargs={'thumbnail': True}),
 ]

misago/threads/views/attachment.py

@@ -13,9 +13,9 @@ ATTACHMENT_404_URL = '/'.join((settings.STATIC_URL, settings.MISAGO_404_IMAGE))
 ATTACHMENT_403_URL = '/'.join((settings.STATIC_URL, settings.MISAGO_403_IMAGE))
 
 
-def attachment_server(request, pk, uuid, thumbnail=False):
+def attachment_server(request, pk, secret, thumbnail=False):
     try:
-        url = serve_file(request, pk, uuid, thumbnail)
+        url = serve_file(request, pk, secret, thumbnail)
         return redirect(url)
     except Http404:
         return redirect(ATTACHMENT_404_URL)
@@ -23,9 +23,9 @@ def attachment_server(request, pk, uuid, thumbnail=False):
         return redirect(ATTACHMENT_403_URL)
 
 
-def serve_file(request, pk, uuid, thumbnail):
+def serve_file(request, pk, secret, thumbnail):
     queryset = Attachment.objects.select_related('filetype')
-    attachment = get_object_or_404(queryset, pk=pk, uuid=uuid)
+    attachment = get_object_or_404(queryset, pk=pk, secret=secret)
 
     if not request.user.is_staff:
         allow_file_download(request, attachment)