--- a/web/ldt/ldt_utils/views.py Thu Sep 23 18:39:40 2010 +0200
+++ b/web/ldt/ldt_utils/views.py Wed Sep 29 10:10:07 2010 +0200
@@ -1,5 +1,5 @@
import django.core.urlresolvers
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
from django.shortcuts import render_to_response, get_object_or_404, get_list_or_404
from django.template import RequestContext
from django.core.urlresolvers import reverse
@@ -28,6 +28,9 @@
import urllib2
from urllib2 import urlparse
from jogging import logging
+import ldt.utils.path
+import ldt.auth as ldt_auth
+from django.utils.translation import ugettext as _
@@ -203,7 +206,7 @@
def project_json_id(request, id):
project = get_object_or_404(Project,ldt_id=id)
-
+
return project_json(request, project)
@@ -216,7 +219,10 @@
def project_json(request, project):
-
+
+ if not ldt_auth.checkAccess(request.user, project):
+ return HttpResponseForbidden(_("You can not access this project"))
+
mimetype = request.REQUEST.get("mimetype")
if mimetype is None:
mimetype = "application/json; charset=utf-8"
@@ -401,6 +407,7 @@
media = None
elif media_input_type == "link":
media = content_form.cleaned_data["media_obj"]
+ created = False
elif media_input_type == "url" or media_input_type == "upload" or media_input_type == "create":
# copy file
#complet src
@@ -419,12 +426,18 @@
source_file = request.FILES['media-media_file']
source_filename = source_file.name
-
+ source_filename = ldt.utils.path.sanitize_filename(source_filename)
destination_filepath = os.path.join(settings.STREAM_PATH, source_filename)
base_source_filename = source_filename
+ extension = base_source_filename.split(".")[-1]
+ if extension == base_source_filename:
+ extension = ""
+ base_basename_filename = base_source_filename
+ else:
+ base_basename_filename = base_source_filename[:-1 *(len(extension)+1)]
i = 0
while os.path.exists(destination_filepath):
- base_source_filename = source_filename+"(%d)" % (i)
+ base_source_filename = "%s.%d.%s" % (base_basename_filename,i,extension)
destination_filepath = os.path.join(settings.STREAM_PATH, base_source_filename)
i += 1
@@ -455,10 +468,13 @@
if not cleaned_data['videopath']:
cleaned_data['videopath'] = settings.STREAM_URL
media, created = Media.objects.get_or_create(src=cleaned_data['src'], defaults=cleaned_data)
- if not created:
- for attribute in ('external_id', 'external_permalink', 'external_publication_url', 'external_src_url', 'media_creation_date', 'videopath', 'duration', 'description', 'title'):
- setattr(media, attribute, cleaned_data.get(attribute))
- media.save()
+ else:
+ media = None
+
+ if media and not created:
+ for attribute in ('external_id', 'external_permalink', 'external_publication_url', 'external_src_url', 'media_creation_date', 'videopath', 'duration', 'description', 'title'):
+ setattr(media, attribute, cleaned_data.get(attribute))
+ media.save()
#except Exception as inst:
# logging.debug("write_content_base : POST error when saving media:" + str(inst))
# form_status = "error"