validate cover extension server-side
[redakcja.git] / apps / fileupload / views.py
1 # -*- coding: utf-8 -*-
2 #
3 # This file is part of MIL/PEER, licensed under GNU Affero GPLv3 or later.
4 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
5 #
6 import json
7 import os
8 from urllib import quote
9 from django.conf import settings
10 from django.http import HttpResponse, Http404
11 from django.utils.decorators import method_decorator
12 from django.views.decorators.vary import vary_on_headers
13 from django.views.generic import FormView
14 from .forms import UploadForm
15
16
17 # Use sorl.thumbnail if available.
18 try:
19     from sorl.thumbnail import default
20 except ImportError:
21     def thumbnail(relpath):
22         return settings.MEDIA_URL + relpath
23 else:
24     def thumbnail(relpath):
25         try:
26             return default.backend.get_thumbnail(relpath, "x50").url
27         except IOError:
28             # That's not an image. No thumb.
29             return None
30
31
32 class JSONResponse(HttpResponse):
33     """JSON response class."""
34     def __init__(self, obj='', mimetype="application/json", *args, **kwargs):
35         content = json.dumps(obj)
36         super(JSONResponse, self).__init__(content, mimetype, *args, **kwargs)
37
38
39 class UploadViewMixin(object):
40     def get_safe_path(self, filename=""):
41         """Finds absolute filesystem path of the browsed dir of file.
42         
43         Makes sure it's inside MEDIA_ROOT.
44         
45         """
46         path = os.path.abspath(os.path.join(
47                 settings.MEDIA_ROOT,
48                 self.get_directory(),
49                 filename))
50         if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)):
51             raise Http404
52         if filename:
53             if not path.startswith(self.get_safe_path()):
54                 raise Http404
55         return path
56
57
58 class UploadView(UploadViewMixin, FormView):
59     template_name = "fileupload/picture_form.html"
60     form_class = UploadForm
61
62     def get_object(self, request, *args, **kwargs):
63         """Get any data for later use."""
64         return None
65
66     def get_directory(self):
67         """Directory relative to MEDIA_ROOT. Must end with a slash."""
68         return self.kwargs['path']
69
70     def breadcrumbs(self):
71         """List of tuples (name, url) or just (name,) for breadcrumbs.
72
73         Probably only the last item (representing currently browsed dir)
74         should lack url.
75
76         """
77         directory = self.get_directory()
78         now_path = os.path.dirname(self.request.get_full_path())
79         directory = os.path.dirname(directory)
80         if directory:
81             crumbs = [
82                 (os.path.basename(directory),)
83             ]
84             directory = os.path.dirname(directory)
85             now_path = (os.path.dirname(now_path))
86             while directory:
87                 crumbs.insert(0, (os.path.basename(directory), now_path + '/'))
88                 directory = os.path.dirname(directory)
89                 now_path = os.path.dirname(now_path)
90             crumbs.insert(0, ('media', now_path))
91         else:
92             crumbs = [('media',)]
93         return crumbs
94
95     def get_url(self, filename):
96         """Finds URL of a file in browsed dir."""
97         return settings.MEDIA_URL + self.get_directory() + quote(filename.encode('utf-8'))
98
99     @method_decorator(vary_on_headers('Accept'))
100     def dispatch(self, request, *args, **kwargs):
101         self.object = self.get_object(request, *args, **kwargs)
102         return super(UploadView, self).dispatch(request, *args, **kwargs)
103
104     def get(self, request, *args, **kwargs):
105         if request.is_ajax():
106             files = []
107             path = self.get_safe_path()
108             if os.path.isdir(path):
109                 for f in sorted(os.listdir(path)):
110                     file_info = {
111                         "name": f,
112                     }
113                     if os.path.isdir(os.path.join(path, f)):
114                         file_info.update({
115                             "url": "%s%s/" % (request.get_full_path(), f),
116                         })
117                     else:
118                         file_info.update({
119                             "url": self.get_url(f),
120                             'thumbnail_url': thumbnail(self.get_directory() + f),
121                             'delete_url': "%s?file=%s" % (
122                                 request.get_full_path(),
123                                 quote(f.encode('utf-8'))),
124                             'delete_type': "DELETE"
125                         })
126                     files.append(file_info)
127             return JSONResponse(files)
128         else:
129             return super(UploadView, self).get(request, *args, **kwargs)
130
131     def form_valid(self, form):
132         flist = self.request.FILES.getlist('files')
133         path = self.get_safe_path()
134         if not os.path.isdir(path):
135             os.makedirs(path)
136         data = []
137         for f in flist:
138             with open(self.get_safe_path(f.name), 'w') as destination:
139                 for chunk in f.chunks():
140                     destination.write(chunk)
141             data.append({
142                 'name': f.name, 
143                 'url': self.get_url(f.name),
144                 'thumbnail_url': thumbnail(self.get_directory() + f.name),
145                 'delete_url': "%s?file=%s" % (
146                     self.request.get_full_path(),
147                     quote(f.name.encode('utf-8'))),
148                 'delete_type': "DELETE"
149             })
150         response = JSONResponse(data)
151         response['Content-Disposition'] = 'inline; filename=files.json'
152         return response
153
154     def delete(self, request, *args, **kwargs):
155         os.unlink(self.get_safe_path(request.GET.get('file')))
156         response = JSONResponse(True)
157         response['Content-Disposition'] = 'inline; filename=files.json'
158         return response