opensourceprojects.eu / osp-allura / Diff of /Allura/allura/controllers/attachments.py

Diff of /Allura/allura/controllers/attachments.py [d69cb3] .. [0eda3c]

Switch to unified view


...
from webob import exc

from tg import expose, request, response, redirect
from ming.utils import LazyProperty

from allura.lib.security import require, has_access, require_access
from .base import BaseController

class AttachmentsController(BaseController):
    AttachmentControllerClass = None

...
class AttachmentController(BaseController):
    AttachmentClass = None
    edit_perm = 'edit'

    def _check_security(self):
        require_access(self.artifact, 'read')

    def __init__(self, filename, artifact):
        self.filename = filename
        self.artifact = artifact

...
        return attachment
        
    @expose()
    def index(self, delete=False, embed=True, **kw):
        if request.method == 'POST':
            require_access(self.artifact, self.edit_perm)
            if delete:
                self.attachment.delete()
                try:
                    if self.thumbnail:
                        self.thumbnail.delete()

	a/Allura/allura/controllers/attachments.py		b/Allura/allura/controllers/attachments.py
	...		...
2	from webob import exc	2	from webob import exc
3		3
4	from tg import expose, request, response, redirect	4	from tg import expose, request, response, redirect
5	from ming.utils import LazyProperty	5	from ming.utils import LazyProperty
6		6
7	from allura.lib.security import require, has_artifact_access	7	from allura.lib.security import require, has_access, require_access
8	from .base import BaseController	8	from .base import BaseController
9		9
10	class AttachmentsController(BaseController):	10	class AttachmentsController(BaseController):
11	AttachmentControllerClass = None	11	AttachmentControllerClass = None
12		12
	...		...
26	class AttachmentController(BaseController):	26	class AttachmentController(BaseController):
27	AttachmentClass = None	27	AttachmentClass = None
28	edit_perm = 'edit'	28	edit_perm = 'edit'
29		29
30	def _check_security(self):	30	def _check_security(self):
31	require(has_artifact_access('read', self.artifact))	31	require_access(self.artifact, 'read')
32		32
33	def __init__(self, filename, artifact):	33	def __init__(self, filename, artifact):
34	self.filename = filename	34	self.filename = filename
35	self.artifact = artifact	35	self.artifact = artifact
36		36
	...		...
53	return attachment	53	return attachment
54		54
55	@expose()	55	@expose()
56	def index(self, delete=False, embed=True, **kw):	56	def index(self, delete=False, embed=True, **kw):
57	if request.method == 'POST':	57	if request.method == 'POST':
58	require(has_artifact_access(self.edit_perm, self.artifact))	58	require_access(self.artifact, self.edit_perm)
59	if delete:	59	if delete:
60	self.attachment.delete()	60	self.attachment.delete()
61	try:	61	try:
62	if self.thumbnail:	62	if self.thumbnail:
63	self.thumbnail.delete()	63	self.thumbnail.delete()