Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0.5.5
Branches Tags
Misago
/
misago
/
apps
/
attachments.py

attachments.py 2.8 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. from django.conf import settings
    2. 

  2. from django.http import StreamingHttpResponse
    3. 

  3. from django.template import RequestContext
    4. 

  4. from misago.acl.exceptions import ACLError403, ACLError404
    5. 

  5. from django.utils.translation import ugettext as _
    6. 

  6. from misago.apps.errors import error403, error404
    7. 

  7. from misago.models import Attachment
    8. 

  8. from misago.readstrackers import ForumsTracker
    9. 

  9. from misago.shortcuts import render_to_response
    10. 

  10. 

  11. def server(request, attachment, thumb=False):
    12. 

  12.     try:
    13. 

  13.         attachment = Attachment.objects.select_related('forum', 'thread', 'post', 'user').get(hash_id=attachment)
    14. 

  14.         if attachment.forum:
    15. 

  15.             request.acl.forums.allow_forum_view(attachment.forum)
    16. 

  16.         if attachment.thread:
    17. 

  17.             request.acl.threads.allow_thread_view(request.user, attachment.thread)
    18. 

  18.             if attachment.forum.special == 'private_threads':
    19. 

  19.                 if not request.user.is_authenticated():
    20. 

  20.                     raise ACLError404()
    21. 

  21.                 can_see_thread_because_reported = (
    22. 

  22.                     request.acl.private_threads.is_mod() and attachment.thread.replies_reported)
    23. 

  23.                 can_see_thread_because_participates = request.user in attachment.thread.participants.all()
    24. 

  24.                 if not (can_see_thread_because_reported or can_see_thread_because_participates):
    25. 

  25.                     raise ACLError404()
    26. 

  26.             if attachment.post:
    27. 

  27.                 request.acl.threads.allow_post_view(request.user, attachment.thread, attachment.post)
    28. 

  28.                 request.acl.threads.allow_attachment_download(request.user, attachment.forum, attachment.post)
    29. 

  29.         return serve_file(attachment, thumb)
    30. 

  30.     except ACLError403:
    31. 

  31.         if attachment.is_image:
    32. 

  32.             return serve_403_image()
    33. 

  33.         return error403(request,  _("You don't have permission to download this file."))
    34. 

  34.     except (Attachment.DoesNotExist, ACLError404):
    35. 

  35.         if thumb:
    36. 

  36.             return serve_404_image()
    37. 

  37.         return error404(request, _("Requested file could not be found."))
    38. 

  38. 

  39. 

  40. def serve_file(attachment, thumb):
    41. 

  41.     if thumb:
    42. 

  42.         response = StreamingHttpResponse(open(attachment.thumb_path), content_type=attachment.content_type)
    43. 

  43.     else:
    44. 

  44.         response = StreamingHttpResponse(open(attachment.file_path), content_type=attachment.content_type)
    45. 

  45.         response['Cache-Control'] = 'no-cache'
    46. 

  46.     if not attachment.is_image:
    47. 

  47.         response['Content-Disposition'] = 'attachment;filename="%s"' % attachment.name
    48. 

  48.     return response
    49. 

  49. 

  50. 

  51. def serve_403_image():
    52. 

  52.     response = StreamingHttpResponse(open('%s403.png' % settings.ATTACHMENTS_ROOT), content_type='image/png')
    53. 

  53.     response['Cache-Control'] = 'no-cache'
    54. 

  54.     return response
    55. 

  55. 

  56. 

  57. def serve_404_image():
    58. 

  58.     response = StreamingHttpResponse(open('%s404.png' % settings.ATTACHMENTS_ROOT), content_type='image/png')
    59. 

  59.     response['Cache-Control'] = 'no-cache'
    60. 

  60.     return response
    61.