unstablevortex
/
webshop
3
0
Fork 0
Code Pull Requests Releases Activity

Fixed user can download their own files

This commit is contained in:
Pünkösd Marcell 2020-11-28 23:08:07 +01:00
parent d73b63d85d
commit ed6d23c536
5 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/templates/item.html
View File

@ -4,14 +4,14 @@
<h3 class="card-header">Animation by {{ item.uploader.name }}</h3>
<div class="card-body">
<h4>
<p class="card-text">{{ item.name }}</p>
{{ item.name }}
</h4>
<img src="{{ url_for('ContentView:preview', id_=item.id) }}" class="card-img" style="padding: 30px"
alt="{{ item.name }}">
<div class="card-text text-center">
{% if purchased %}
{% if can_download %}
<a href="{{ url_for('ContentView:caff', id_=item.id) }}" class="btn btn-lg btn-success"
target="_self">Download</a>
{% else %}

3
src/utils/__init__.py
View File

@ -4,4 +4,5 @@ from .config import Config
from .storage import storage
from .md5stuffs import calculate_md5_sum_for_file, write_file_from_stream_to_file_like_while_calculating_md5
from .exceptions import FileIntegrityError
from .caff_previewer import create_caff_preview
from .caff_previewer import create_caff_preview
from .common_queries import user_can_access_caff

15
src/utils/common_queries.py Normal file
View File

@ -0,0 +1,15 @@
from flask_security import current_user
from models import db, Purchase, Item
def user_can_access_caff(item: Item) -> bool:
if not current_user.is_authenticated:
return False
else:
if item.uploader == current_user:
return True
else:
p = Purchase.query.filter(
db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == item.id)).first()
return bool(p)

17
src/views/contentview.py
View File

@ -7,7 +7,9 @@ from flask_security import login_required, current_user
from utils import storage
from minio.error import NoSuchKey
from models import db, Item, Purchase
from utils import user_can_access_caff
from models import db, Item
class ContentView(FlaskView):
@ -29,22 +31,21 @@ class ContentView(FlaskView):
def preview(self, id_: int):
i = Item.query.get_or_404(id_)
return self._stream_from_minio(current_app.config['MINIO_PREVIEW_BUCKET_NAME'], i.id)
@login_required
def caff(self, id_: int):
p = Purchase.query.filter(db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == id_)).first()
item = Item.query.get_or_404(id_)
if not p:
if not user_can_access_caff(item):
abort(403)
allowed_chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
filename = ''.join(filter(lambda x: x in allowed_chars, p.item.name)).lower()
filename = ''.join(filter(lambda x: x in allowed_chars, item.name)).lower()
if not filename:
filename = str(p.item.id)
filename = str(item.id)
filename += f'_{p.id}.caff'
filename += '.caff'
return self._stream_from_minio(current_app.config['MINIO_CAFF_BUCKET_NAME'], p.item.id, filename)
return self._stream_from_minio(current_app.config['MINIO_CAFF_BUCKET_NAME'], item.id, filename)

14
src/views/itemview.py
View File

@ -3,7 +3,9 @@ from flask import render_template, request, flash, redirect, url_for, current_ap
from flask_classful import FlaskView
from flask_security import current_user, login_required
from models import db, Comment, Item, Purchase
from utils import user_can_access_caff
from models import db, Comment, Item
import bleach
"""
@ -20,15 +22,9 @@ class ItemView(FlaskView):
def get(self, id_: int):
item = Item.query.get_or_404(id_)
can_download = user_can_access_caff(item)
if not current_user.is_authenticated:
purchased = False
else:
p = Purchase.query.filter(
db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == id_)).first()
purchased = bool(p)
return render_template('item.html', item=item, purchased=purchased)
return render_template('item.html', item=item, can_download=can_download)
@login_required
def post(self, id_: int):