From 0a6bc055a061df46cc0bda070af940f688e6edf1 Mon Sep 17 00:00:00 2001
From: Patrick Jentsch
Date: Fri, 25 Oct 2019 14:27:37 +0200
Subject: [PATCH 1/3] Rewrite download function to use ressource ids instead of
paths
---
app/main/views.py | 105 +++-------
app/templates/main/corpora/corpus.html.j2 | 98 ++-------
app/templates/main/jobs/job.html.j2 | 230 ++++++----------------
3 files changed, 99 insertions(+), 334 deletions(-)
diff --git a/app/main/views.py b/app/main/views.py
index 5ef53c42..4d955a3f 100644
--- a/app/main/views.py
+++ b/app/main/views.py
@@ -5,7 +5,7 @@ from flask_login import current_user, login_required
from . import main
from .forms import CreateCorpusForm
from .. import db
-from ..models import Corpus, CorpusFile, Job
+from ..models import Corpus, CorpusFile, Job, JobInput, JobResult
from werkzeug.utils import secure_filename
import os
import threading
@@ -19,47 +19,29 @@ def index():
@main.route('/corpora/')
@login_required
def corpus(corpus_id):
- if (current_user.is_administrator()):
- corpus = Corpus.query.get_or_404(corpus_id)
- else:
- corpus = current_user.corpora.filter_by(id=corpus_id).first()
- if not corpus:
- print('Corpus not found.')
- abort(404)
-
- dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'],
- str(corpus.user_id),
- 'corpora',
- str(corpus.id))
- files = {}
- for file in sorted(os.listdir(dir)):
- files[file] = {}
- files[file]['path'] = os.path.join(file)
-
+ corpus = Corpus.query.get_or_404(corpus_id)
+ if not (corpus.creator == current_user or current_user.is_administrator()):
+ abort(403)
return render_template('main/corpora/corpus.html.j2',
corpus=corpus,
- files=files,
- title='Corpus: ' + corpus.title)
+ title='Corpus')
@main.route('/corpora//download')
@login_required
def corpus_download(corpus_id):
- file = request.args.get('file')
- if (current_user.is_administrator()):
- corpus = Corpus.query.get_or_404(corpus_id)
- else:
- corpus = current_user.corpora.filter_by(id=corpus_id).first()
- if not file or not corpus:
- print('File not found.')
+ corpus_file_id = request.args.get('corpus_file_id')
+ corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
+ if not corpus_file.corpus_id == corpus_id:
abort(404)
+ if not (corpus_file.corpus.creator == current_user
+ or current_user.is_administrator()):
+ abort(403)
dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'],
- str(corpus.user_id),
- 'corpora',
- str(corpus.id))
+ corpus_file.dir)
return send_from_directory(as_attachment=True,
directory=dir,
- filename=file)
+ filename=corpus_file.filename)
@main.route('/corpora//analysis')
@@ -68,7 +50,7 @@ def corpus_analysis(corpus_id):
corpus = Corpus.query.get_or_404(corpus_id)
return render_template('main/corpora/corpus_analysis.html.j2',
corpus=corpus,
- title='Corpus: ' + corpus.title)
+ title='Corpus Analysis')
@main.route('/dashboard', methods=['GET', 'POST'])
@@ -116,58 +98,33 @@ def dashboard():
@main.route('/jobs/')
@login_required
def job(job_id):
- if (current_user.is_administrator()):
- job = Job.query.get_or_404(job_id)
- else:
- job = current_user.jobs.filter_by(id=job_id).first()
- if not job:
- print('Job not found.')
- abort(404)
-
- dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'],
- str(job.user_id),
- 'jobs',
- str(job.id))
- files = {}
- for file in sorted(os.listdir(dir)):
- if file == 'output':
- continue
- files[file] = {}
- files[file]['path'] = os.path.join(file)
- if job.status == 'complete':
- files[file]['results'] = {}
- results_dir = os.path.join(dir, 'output', file)
- for result in sorted(os.listdir(results_dir)):
- result_type = result.rsplit(".", 1)[1]
- files[file]['results'][result_type] = {}
- files[file]['results'][result_type]['path'] = os.path.join(
- 'output', files[file]['path'], result
- )
-
- return render_template('main/jobs/job.html.j2',
- files=files,
- job=job,
- title='Job')
+ job = Job.query.get_or_404(job_id)
+ if not (job.creator == current_user or current_user.is_administrator()):
+ abort(403)
+ return render_template('main/jobs/job.html.j2', job=job, title='Job')
@main.route('/jobs//download')
@login_required
def job_download(job_id):
- file = request.args.get('file')
- if (current_user.is_administrator()):
- job = Job.query.get_or_404(job_id)
+ ressource_id = request.args.get('ressource_id')
+ ressource_type = request.args.get('ressource_type')
+ if ressource_type == 'input':
+ ressource = JobInput.query.get_or_404(ressource_id)
+ elif ressource_type == 'result':
+ ressource = JobResult.query.get_or_404(ressource_id)
else:
- job = current_user.jobs.filter_by(id=job_id).first()
- if not file or not job:
- print('File not found.')
+ abort(400)
+ if not ressource.job_id == job_id:
abort(404)
+ if not (ressource.job.creator == current_user
+ or current_user.is_administrator()):
+ abort(403)
dir = os.path.join(current_app.config['OPAQUE_STORAGE_DIRECTORY'],
- str(job.user_id),
- 'jobs',
- str(job.id))
+ ressource.dir)
return send_from_directory(as_attachment=True,
directory=dir,
- filename=file)
+ filename=ressource.filename)
@main.route('/jobs//delete')
diff --git a/app/templates/main/corpora/corpus.html.j2 b/app/templates/main/corpora/corpus.html.j2
index 321f9c28..1e47854c 100644
--- a/app/templates/main/corpora/corpus.html.j2
+++ b/app/templates/main/corpora/corpus.html.j2
@@ -1,85 +1,9 @@
{% extends "limited_width.html.j2" %}
{% block page_content %}
-
-
-
-
-
+
{{ corpus.title }}
+
{{ corpus.description }}
Actions:
@@ -106,29 +30,33 @@
Files
-
+
+
-
{% endblock %}
diff --git a/app/templates/main/jobs/job.html.j2 b/app/templates/main/jobs/job.html.j2
index 1a43d9db..3cdf3933 100644
--- a/app/templates/main/jobs/job.html.j2
+++ b/app/templates/main/jobs/job.html.j2
@@ -2,16 +2,16 @@
{% block page_content %}
-
-
+
{{ job.title }}
+
{{ job.description }}
Actions: