diff --git a/app/main/views.py b/app/main/views.py index c2382881..9a573a9f 100644 --- a/app/main/views.py +++ b/app/main/views.py @@ -5,7 +5,7 @@ from flask_login import current_user, login_required from . import main from .forms import CreateCorpusForm, QueryForm from .. import db -from ..models import Corpus, CorpusFile, Job +from ..models import Corpus, CorpusFile, Job, JobInput, JobResult from werkzeug.utils import secure_filename import os import threading @@ -20,47 +20,30 @@ def index(): @main.route('/corpora/') @login_required def corpus(corpus_id): - if (current_user.is_administrator()): - corpus = Corpus.query.get_or_404(corpus_id) - else: - corpus = current_user.corpora.filter_by(id=corpus_id).first() - if not corpus: - print('Corpus not found.') - abort(404) - - dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(corpus.user_id), - 'corpora', - str(corpus.id)) - files = {} - for file in sorted(os.listdir(dir)): - files[file] = {} - files[file]['path'] = os.path.join(file) - + corpus = Corpus.query.get_or_404(corpus_id) + if not (corpus.creator == current_user + or current_user.is_administrator()): + abort(403) return render_template('main/corpora/corpus.html.j2', corpus=corpus, - files=files, - title='Corpus: ' + corpus.title) + title='Corpus') @main.route('/corpora//download') @login_required def corpus_download(corpus_id): - file = request.args.get('file') - if (current_user.is_administrator()): - corpus = Corpus.query.get_or_404(corpus_id) - else: - corpus = current_user.corpora.filter_by(id=corpus_id).first() - if not file or not corpus: - print('File not found.') + corpus_file_id = request.args.get('corpus_file_id') + corpus_file = CorpusFile.query.get_or_404(corpus_file_id) + if not corpus_file.corpus_id == corpus_id: abort(404) + if not (corpus_file.corpus.creator == current_user + or current_user.is_administrator()): + abort(403) dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(corpus.user_id), - 'corpora', - str(corpus.id)) + corpus_file.dir) return send_from_directory(as_attachment=True, directory=dir, - filename=file) + filename=corpus_file.filename) @main.route('/corpora//analysis', methods=['GET', 'POST']) @@ -83,20 +66,16 @@ def corpus_analysis(corpus_id): @login_required def dashboard(): create_corpus_form = CreateCorpusForm() - if create_corpus_form.validate_on_submit(): - app = current_app._get_current_object() corpus = Corpus(creator=current_user._get_current_object(), description=create_corpus_form.description.data, title=create_corpus_form.title.data) db.session.add(corpus) db.session.commit() - - dir = os.path.join(app.config['OPAQUE_STORAGE_DIRECTORY'], + dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], str(corpus.user_id), 'corpora', str(corpus.id)) - try: os.makedirs(dir) except OSError: @@ -115,7 +94,6 @@ def dashboard(): db.session.commit() flash('Corpus created!') return redirect(url_for('main.dashboard')) - return render_template('main/dashboard.html.j2', create_corpus_form=create_corpus_form, title='Dashboard') @@ -124,58 +102,33 @@ def dashboard(): @main.route('/jobs/') @login_required def job(job_id): - if (current_user.is_administrator()): - job = Job.query.get_or_404(job_id) - else: - job = current_user.jobs.filter_by(id=job_id).first() - if not job: - print('Job not found.') - abort(404) - - dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(job.user_id), - 'jobs', - str(job.id)) - files = {} - for file in sorted(os.listdir(dir)): - if file == 'output': - continue - files[file] = {} - files[file]['path'] = os.path.join(file) - if job.status == 'complete': - files[file]['results'] = {} - results_dir = os.path.join(dir, 'output', file) - for result in sorted(os.listdir(results_dir)): - result_type = result.rsplit(".", 1)[1] - files[file]['results'][result_type] = {} - files[file]['results'][result_type]['path'] = os.path.join( - 'output', files[file]['path'], result - ) - - return render_template('main/jobs/job.html.j2', - files=files, - job=job, - title='Job') + job = Job.query.get_or_404(job_id) + if not (job.creator == current_user or current_user.is_administrator()): + abort(403) + return render_template('main/jobs/job.html.j2', job=job, title='Job') @main.route('/jobs//download') @login_required def job_download(job_id): - file = request.args.get('file') - if (current_user.is_administrator()): - job = Job.query.get_or_404(job_id) + ressource_id = request.args.get('ressource_id') + ressource_type = request.args.get('ressource_type') + if ressource_type == 'input': + ressource = JobInput.query.get_or_404(ressource_id) + elif ressource_type == 'result': + ressource = JobResult.query.get_or_404(ressource_id) else: - job = current_user.jobs.filter_by(id=job_id).first() - if not file or not job: - print('File not found.') + abort(400) + if not ressource.job_id == job_id: abort(404) + if not (ressource.job.creator == current_user + or current_user.is_administrator()): + abort(403) dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(job.user_id), - 'jobs', - str(job.id)) + ressource.dir) return send_from_directory(as_attachment=True, directory=dir, - filename=file) + filename=ressource.filename) @main.route('/jobs//delete') diff --git a/app/templates/main/corpora/corpus.html.j2 b/app/templates/main/corpora/corpus.html.j2 index 321f9c28..1e47854c 100644 --- a/app/templates/main/corpora/corpus.html.j2 +++ b/app/templates/main/corpora/corpus.html.j2 @@ -1,85 +1,9 @@ {% extends "limited_width.html.j2" %} {% block page_content %} - - -
-

-

+

{{ corpus.title }}

+

{{ corpus.description }}

Actions:

@@ -106,29 +30,33 @@
- +
Files - +
- + + - {% for file in files %} + {% for file in corpus.files %} - + {% endfor %}
InputsFilenameDownload
- file_download{{ file }} + {{ file.filename }} + + file_download +
+
- {% endblock %} diff --git a/app/templates/main/jobs/job.html.j2 b/app/templates/main/jobs/job.html.j2 index 1a43d9db..3cdf3933 100644 --- a/app/templates/main/jobs/job.html.j2 +++ b/app/templates/main/jobs/job.html.j2 @@ -2,16 +2,16 @@ {% block page_content %}
-

-

+

{{ job.title }}

+

{{ job.description }}

Actions: