diff -r 674a65969a14 -r 97b12f5f2c7a web/ldt/ldt_utils/views.py --- a/web/ldt/ldt_utils/views.py Thu Sep 23 18:39:40 2010 +0200 +++ b/web/ldt/ldt_utils/views.py Wed Sep 29 10:10:07 2010 +0200 @@ -1,5 +1,5 @@ import django.core.urlresolvers -from django.http import HttpResponse, HttpResponseRedirect +from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden from django.shortcuts import render_to_response, get_object_or_404, get_list_or_404 from django.template import RequestContext from django.core.urlresolvers import reverse @@ -28,6 +28,9 @@ import urllib2 from urllib2 import urlparse from jogging import logging +import ldt.utils.path +import ldt.auth as ldt_auth +from django.utils.translation import ugettext as _ @@ -203,7 +206,7 @@ def project_json_id(request, id): project = get_object_or_404(Project,ldt_id=id) - + return project_json(request, project) @@ -216,7 +219,10 @@ def project_json(request, project): - + + if not ldt_auth.checkAccess(request.user, project): + return HttpResponseForbidden(_("You can not access this project")) + mimetype = request.REQUEST.get("mimetype") if mimetype is None: mimetype = "application/json; charset=utf-8" @@ -401,6 +407,7 @@ media = None elif media_input_type == "link": media = content_form.cleaned_data["media_obj"] + created = False elif media_input_type == "url" or media_input_type == "upload" or media_input_type == "create": # copy file #complet src @@ -419,12 +426,18 @@ source_file = request.FILES['media-media_file'] source_filename = source_file.name - + source_filename = ldt.utils.path.sanitize_filename(source_filename) destination_filepath = os.path.join(settings.STREAM_PATH, source_filename) base_source_filename = source_filename + extension = base_source_filename.split(".")[-1] + if extension == base_source_filename: + extension = "" + base_basename_filename = base_source_filename + else: + base_basename_filename = base_source_filename[:-1 *(len(extension)+1)] i = 0 while os.path.exists(destination_filepath): - base_source_filename = source_filename+"(%d)" % (i) + base_source_filename = "%s.%d.%s" % (base_basename_filename,i,extension) destination_filepath = os.path.join(settings.STREAM_PATH, base_source_filename) i += 1 @@ -455,10 +468,13 @@ if not cleaned_data['videopath']: cleaned_data['videopath'] = settings.STREAM_URL media, created = Media.objects.get_or_create(src=cleaned_data['src'], defaults=cleaned_data) - if not created: - for attribute in ('external_id', 'external_permalink', 'external_publication_url', 'external_src_url', 'media_creation_date', 'videopath', 'duration', 'description', 'title'): - setattr(media, attribute, cleaned_data.get(attribute)) - media.save() + else: + media = None + + if media and not created: + for attribute in ('external_id', 'external_permalink', 'external_publication_url', 'external_src_url', 'media_creation_date', 'videopath', 'duration', 'description', 'title'): + setattr(media, attribute, cleaned_data.get(attribute)) + media.save() #except Exception as inst: # logging.debug("write_content_base : POST error when saving media:" + str(inst)) # form_status = "error"