klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-07-09 19:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add token to counter to see pictures and to prevend misuses

Browse Source
This commit is contained in:
Skia
2016-09-26 11:17:00 +02:00
parent 37072e1640
commit a4ad7f0e85
5 changed files with 60 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/views/files.py
View File

@ -27,7 +27,12 @@ def send_file(request, file_id):
f = SithFile.objects.filter(id=file_id).first()
if f is None or f.is_folder:
return not_found(request)
if not can_view(f, request.user):
from counter.models import Counter
if not (can_view(f, request.user) or
('counter_token' in request.session.keys() and
request.session['counter_token'] and # check if not null for counters that have no token set
Counter.objects.filter(token=request.session['counter_token']).exists())
):
raise PermissionDenied
name = f.file.name
with open(settings.MEDIA_ROOT + name, 'rb') as filename: