Fixed user can download their own files
This commit is contained in:
parent
d73b63d85d
commit
ed6d23c536
@ -4,14 +4,14 @@
|
|||||||
<h3 class="card-header">Animation by {{ item.uploader.name }}</h3>
|
<h3 class="card-header">Animation by {{ item.uploader.name }}</h3>
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<h4>
|
<h4>
|
||||||
<p class="card-text">{{ item.name }}</p>
|
{{ item.name }}
|
||||||
</h4>
|
</h4>
|
||||||
|
|
||||||
<img src="{{ url_for('ContentView:preview', id_=item.id) }}" class="card-img" style="padding: 30px"
|
<img src="{{ url_for('ContentView:preview', id_=item.id) }}" class="card-img" style="padding: 30px"
|
||||||
alt="{{ item.name }}">
|
alt="{{ item.name }}">
|
||||||
|
|
||||||
<div class="card-text text-center">
|
<div class="card-text text-center">
|
||||||
{% if purchased %}
|
{% if can_download %}
|
||||||
<a href="{{ url_for('ContentView:caff', id_=item.id) }}" class="btn btn-lg btn-success"
|
<a href="{{ url_for('ContentView:caff', id_=item.id) }}" class="btn btn-lg btn-success"
|
||||||
target="_self">Download</a>
|
target="_self">Download</a>
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|||||||
@ -5,3 +5,4 @@ from .storage import storage
|
|||||||
from .md5stuffs import calculate_md5_sum_for_file, write_file_from_stream_to_file_like_while_calculating_md5
|
from .md5stuffs import calculate_md5_sum_for_file, write_file_from_stream_to_file_like_while_calculating_md5
|
||||||
from .exceptions import FileIntegrityError
|
from .exceptions import FileIntegrityError
|
||||||
from .caff_previewer import create_caff_preview
|
from .caff_previewer import create_caff_preview
|
||||||
|
from .common_queries import user_can_access_caff
|
||||||
15
src/utils/common_queries.py
Normal file
15
src/utils/common_queries.py
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
from flask_security import current_user
|
||||||
|
from models import db, Purchase, Item
|
||||||
|
|
||||||
|
|
||||||
|
def user_can_access_caff(item: Item) -> bool:
|
||||||
|
if not current_user.is_authenticated:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
|
||||||
|
if item.uploader == current_user:
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
p = Purchase.query.filter(
|
||||||
|
db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == item.id)).first()
|
||||||
|
return bool(p)
|
||||||
@ -7,7 +7,9 @@ from flask_security import login_required, current_user
|
|||||||
from utils import storage
|
from utils import storage
|
||||||
from minio.error import NoSuchKey
|
from minio.error import NoSuchKey
|
||||||
|
|
||||||
from models import db, Item, Purchase
|
from utils import user_can_access_caff
|
||||||
|
|
||||||
|
from models import db, Item
|
||||||
|
|
||||||
|
|
||||||
class ContentView(FlaskView):
|
class ContentView(FlaskView):
|
||||||
@ -29,22 +31,21 @@ class ContentView(FlaskView):
|
|||||||
|
|
||||||
def preview(self, id_: int):
|
def preview(self, id_: int):
|
||||||
i = Item.query.get_or_404(id_)
|
i = Item.query.get_or_404(id_)
|
||||||
|
|
||||||
return self._stream_from_minio(current_app.config['MINIO_PREVIEW_BUCKET_NAME'], i.id)
|
return self._stream_from_minio(current_app.config['MINIO_PREVIEW_BUCKET_NAME'], i.id)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def caff(self, id_: int):
|
def caff(self, id_: int):
|
||||||
p = Purchase.query.filter(db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == id_)).first()
|
item = Item.query.get_or_404(id_)
|
||||||
|
|
||||||
if not p:
|
if not user_can_access_caff(item):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
allowed_chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
|
allowed_chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
|
||||||
filename = ''.join(filter(lambda x: x in allowed_chars, p.item.name)).lower()
|
filename = ''.join(filter(lambda x: x in allowed_chars, item.name)).lower()
|
||||||
|
|
||||||
if not filename:
|
if not filename:
|
||||||
filename = str(p.item.id)
|
filename = str(item.id)
|
||||||
|
|
||||||
filename += f'_{p.id}.caff'
|
filename += '.caff'
|
||||||
|
|
||||||
return self._stream_from_minio(current_app.config['MINIO_CAFF_BUCKET_NAME'], p.item.id, filename)
|
return self._stream_from_minio(current_app.config['MINIO_CAFF_BUCKET_NAME'], item.id, filename)
|
||||||
|
|||||||
@ -3,7 +3,9 @@ from flask import render_template, request, flash, redirect, url_for, current_ap
|
|||||||
from flask_classful import FlaskView
|
from flask_classful import FlaskView
|
||||||
from flask_security import current_user, login_required
|
from flask_security import current_user, login_required
|
||||||
|
|
||||||
from models import db, Comment, Item, Purchase
|
from utils import user_can_access_caff
|
||||||
|
|
||||||
|
from models import db, Comment, Item
|
||||||
import bleach
|
import bleach
|
||||||
|
|
||||||
"""
|
"""
|
||||||
@ -20,15 +22,9 @@ class ItemView(FlaskView):
|
|||||||
|
|
||||||
def get(self, id_: int):
|
def get(self, id_: int):
|
||||||
item = Item.query.get_or_404(id_)
|
item = Item.query.get_or_404(id_)
|
||||||
|
can_download = user_can_access_caff(item)
|
||||||
|
|
||||||
if not current_user.is_authenticated:
|
return render_template('item.html', item=item, can_download=can_download)
|
||||||
purchased = False
|
|
||||||
else:
|
|
||||||
p = Purchase.query.filter(
|
|
||||||
db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == id_)).first()
|
|
||||||
purchased = bool(p)
|
|
||||||
|
|
||||||
return render_template('item.html', item=item, purchased=purchased)
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def post(self, id_: int):
|
def post(self, id_: int):
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user