From 0a6bc055a061df46cc0bda070af940f688e6edf1 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Fri, 25 Oct 2019 14:27:37 +0200 Subject: [PATCH 1/3] Rewrite download function to use ressource ids instead of paths --- app/main/views.py | 105 +++------- app/templates/main/corpora/corpus.html.j2 | 98 ++------- app/templates/main/jobs/job.html.j2 | 230 ++++++---------------- 3 files changed, 99 insertions(+), 334 deletions(-) diff --git a/app/main/views.py b/app/main/views.py index 5ef53c42..4d955a3f 100644 --- a/app/main/views.py +++ b/app/main/views.py @@ -5,7 +5,7 @@ from flask_login import current_user, login_required from . import main from .forms import CreateCorpusForm from .. import db -from ..models import Corpus, CorpusFile, Job +from ..models import Corpus, CorpusFile, Job, JobInput, JobResult from werkzeug.utils import secure_filename import os import threading @@ -19,47 +19,29 @@ def index(): @main.route('/corpora/') @login_required def corpus(corpus_id): - if (current_user.is_administrator()): - corpus = Corpus.query.get_or_404(corpus_id) - else: - corpus = current_user.corpora.filter_by(id=corpus_id).first() - if not corpus: - print('Corpus not found.') - abort(404) - - dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(corpus.user_id), - 'corpora', - str(corpus.id)) - files = {} - for file in sorted(os.listdir(dir)): - files[file] = {} - files[file]['path'] = os.path.join(file) - + corpus = Corpus.query.get_or_404(corpus_id) + if not (corpus.creator == current_user or current_user.is_administrator()): + abort(403) return render_template('main/corpora/corpus.html.j2', corpus=corpus, - files=files, - title='Corpus: ' + corpus.title) + title='Corpus') @main.route('/corpora//download') @login_required def corpus_download(corpus_id): - file = request.args.get('file') - if (current_user.is_administrator()): - corpus = Corpus.query.get_or_404(corpus_id) - else: - corpus = current_user.corpora.filter_by(id=corpus_id).first() - if not file or not corpus: - print('File not found.') + corpus_file_id = request.args.get('corpus_file_id') + corpus_file = CorpusFile.query.get_or_404(corpus_file_id) + if not corpus_file.corpus_id == corpus_id: abort(404) + if not (corpus_file.corpus.creator == current_user + or current_user.is_administrator()): + abort(403) dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(corpus.user_id), - 'corpora', - str(corpus.id)) + corpus_file.dir) return send_from_directory(as_attachment=True, directory=dir, - filename=file) + filename=corpus_file.filename) @main.route('/corpora//analysis') @@ -68,7 +50,7 @@ def corpus_analysis(corpus_id): corpus = Corpus.query.get_or_404(corpus_id) return render_template('main/corpora/corpus_analysis.html.j2', corpus=corpus, - title='Corpus: ' + corpus.title) + title='Corpus Analysis') @main.route('/dashboard', methods=['GET', 'POST']) @@ -116,58 +98,33 @@ def dashboard(): @main.route('/jobs/') @login_required def job(job_id): - if (current_user.is_administrator()): - job = Job.query.get_or_404(job_id) - else: - job = current_user.jobs.filter_by(id=job_id).first() - if not job: - print('Job not found.') - abort(404) - - dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(job.user_id), - 'jobs', - str(job.id)) - files = {} - for file in sorted(os.listdir(dir)): - if file == 'output': - continue - files[file] = {} - files[file]['path'] = os.path.join(file) - if job.status == 'complete': - files[file]['results'] = {} - results_dir = os.path.join(dir, 'output', file) - for result in sorted(os.listdir(results_dir)): - result_type = result.rsplit(".", 1)[1] - files[file]['results'][result_type] = {} - files[file]['results'][result_type]['path'] = os.path.join( - 'output', files[file]['path'], result - ) - - return render_template('main/jobs/job.html.j2', - files=files, - job=job, - title='Job') + job = Job.query.get_or_404(job_id) + if not (job.creator == current_user or current_user.is_administrator()): + abort(403) + return render_template('main/jobs/job.html.j2', job=job, title='Job') @main.route('/jobs//download') @login_required def job_download(job_id): - file = request.args.get('file') - if (current_user.is_administrator()): - job = Job.query.get_or_404(job_id) + ressource_id = request.args.get('ressource_id') + ressource_type = request.args.get('ressource_type') + if ressource_type == 'input': + ressource = JobInput.query.get_or_404(ressource_id) + elif ressource_type == 'result': + ressource = JobResult.query.get_or_404(ressource_id) else: - job = current_user.jobs.filter_by(id=job_id).first() - if not file or not job: - print('File not found.') + abort(400) + if not ressource.job_id == job_id: abort(404) + if not (ressource.job.creator == current_user + or current_user.is_administrator()): + abort(403) dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'], - str(job.user_id), - 'jobs', - str(job.id)) + ressource.dir) return send_from_directory(as_attachment=True, directory=dir, - filename=file) + filename=ressource.filename) @main.route('/jobs//delete') diff --git a/app/templates/main/corpora/corpus.html.j2 b/app/templates/main/corpora/corpus.html.j2 index 321f9c28..1e47854c 100644 --- a/app/templates/main/corpora/corpus.html.j2 +++ b/app/templates/main/corpora/corpus.html.j2 @@ -1,85 +1,9 @@ {% extends "limited_width.html.j2" %} {% block page_content %} - - -
-

-

+

{{ corpus.title }}

+

{{ corpus.description }}

Actions:

@@ -106,29 +30,33 @@
- +
Files - +
- + + - {% for file in files %} + {% for file in corpus.files %} - + {% endfor %}
InputsFilenameDownload
- file_download{{ file }} + {{ file.filename }} + + file_download +
+
- {% endblock %} diff --git a/app/templates/main/jobs/job.html.j2 b/app/templates/main/jobs/job.html.j2 index 1a43d9db..3cdf3933 100644 --- a/app/templates/main/jobs/job.html.j2 +++ b/app/templates/main/jobs/job.html.j2 @@ -2,16 +2,16 @@ {% block page_content %}
-

-

+

{{ job.title }}

+

{{ job.description }}

Actions: