youtube videos
[redakcja.git] / apps / fileupload / views.py
index 9425515..89ccf08 100644 (file)
@@ -1,11 +1,16 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of MIL/PEER, licensed under GNU Affero GPLv3 or later.
+# Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
+#
 import json
 import os
 from urllib import quote
 from django.conf import settings
-from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden, Http404
+from django.http import HttpResponse, Http404
 from django.utils.decorators import method_decorator
 from django.views.decorators.vary import vary_on_headers
-from django.views.generic import FormView, View
+from django.views.generic import FormView
 from .forms import UploadForm
 
 
@@ -31,7 +36,26 @@ class JSONResponse(HttpResponse):
         super(JSONResponse, self).__init__(content, mimetype, *args, **kwargs)
 
 
-class UploadView(FormView):
+class UploadViewMixin(object):
+    def get_safe_path(self, filename=""):
+        """Finds absolute filesystem path of the browsed dir of file.
+        
+        Makes sure it's inside MEDIA_ROOT.
+        
+        """
+        path = os.path.abspath(os.path.join(
+                settings.MEDIA_ROOT,
+                self.get_directory(),
+                filename))
+        if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)):
+            raise Http404
+        if filename:
+            if not path.startswith(self.get_safe_path()):
+                raise Http404
+        return path
+
+
+class UploadView(UploadViewMixin, FormView):
     template_name = "fileupload/picture_form.html"
     form_class = UploadForm
 
@@ -60,7 +84,7 @@ class UploadView(FormView):
             directory = os.path.dirname(directory)
             now_path = (os.path.dirname(now_path))
             while directory:
-                crumbs.insert(0, (os.path.basename(directory), now_path+'/'))
+                crumbs.insert(0, (os.path.basename(directory), now_path + '/'))
                 directory = os.path.dirname(directory)
                 now_path = os.path.dirname(now_path)
             crumbs.insert(0, ('media', now_path))
@@ -68,23 +92,6 @@ class UploadView(FormView):
             crumbs = [('media',)]
         return crumbs
 
-    def get_safe_path(self, filename=""):
-        """Finds absolute filesystem path of the browsed dir of file.
-        
-        Makes sure it's inside MEDIA_ROOT.
-        
-        """
-        path = os.path.abspath(os.path.join(
-                settings.MEDIA_ROOT,
-                self.get_directory(),
-                filename))
-        if not path.startswith(settings.MEDIA_ROOT):
-            raise Http404
-        if filename:
-            if not path.startswith(self.get_safe_path()):
-                raise Http404
-        return path
-
     def get_url(self, filename):
         """Finds URL of a file in browsed dir."""
         return settings.MEDIA_URL + self.get_directory() + quote(filename.encode('utf-8'))
@@ -99,7 +106,7 @@ class UploadView(FormView):
             files = []
             path = self.get_safe_path()
             if os.path.isdir(path):
-                for f in os.listdir(path):
+                for f in sorted(os.listdir(path)):
                     file_info = {
                         "name": f,
                     }
@@ -116,7 +123,6 @@ class UploadView(FormView):
                                 quote(f.encode('utf-8'))),
                             'delete_type': "DELETE"
                         })
-                        thumbnail_url = thumbnail(self.get_directory() + f),
                     files.append(file_info)
             return JSONResponse(files)
         else:
@@ -136,9 +142,9 @@ class UploadView(FormView):
                 'name': f.name, 
                 'url': self.get_url(f.name),
                 'thumbnail_url': thumbnail(self.get_directory() + f.name),
-                        'delete_url': "%s?file=%s" % (
-                            request.get_full_path(),
-                            quote(f.name.encode('utf-8'))),
+                'delete_url': "%s?file=%s" % (
+                    self.request.get_full_path(),
+                    quote(f.name.encode('utf-8'))),
                 'delete_type': "DELETE"
             })
         response = JSONResponse(data)