[Hardening] A bit more robust logical check

GeoNode · Oct 17, 2019 · 48940dc · 48940dc
1 parent 0717787
commit 48940dc
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 21 deletions.
diff --git a/geonode/proxy/templatetags/proxy_lib_tags.py b/geonode/proxy/templatetags/proxy_lib_tags.py
@@ -39,8 +39,8 @@ def original_link_available(context, resourceid):
                               permission='base.download_resourcebase',
                               permission_msg=_not_permitted)
 
+    layer_files = []
     if isinstance(instance, Layer):
-        layer_files = []
         try:
             upload_session = instance.get_upload_session()
             if upload_session:
@@ -51,9 +51,9 @@ def original_link_available(context, resourceid):
                     for l in layer_files:
                         if not storage.exists(l.file):
                             return False
-                else:
-                    return False
         except BaseException:
             return False
+    if layer_files:
         return True
-    return False
+    else:
+        return False
diff --git a/geonode/proxy/views.py b/geonode/proxy/views.py
@@ -229,6 +229,13 @@ def download(request, resourceid, sender=Layer):
                               permission_msg=_not_permitted)
 
     if isinstance(instance, Layer):
+        # Create Target Folder
+        dirpath = tempfile.mkdtemp()
+        dir_time_suffix = get_dir_time_suffix()
+        target_folder = os.path.join(dirpath, dir_time_suffix)
+        if not os.path.exists(target_folder):
+            os.makedirs(target_folder)
+
         layer_files = []
         try:
             upload_session = instance.get_upload_session()
@@ -237,13 +244,6 @@ def download(request, resourceid, sender=Layer):
                     item for idx, item in enumerate(LayerFile.objects.filter(upload_session=upload_session))]
 
                 if layer_files:
-                    # Create Target Folder
-                    dirpath = tempfile.mkdtemp()
-                    dir_time_suffix = get_dir_time_suffix()
-                    target_folder = os.path.join(dirpath, dir_time_suffix)
-                    if not os.path.exists(target_folder):
-                        os.makedirs(target_folder)
-
                     # Copy all Layer related files into a temporary folder
                     for l in layer_files:
                         if storage.exists(l.file):
@@ -259,15 +259,17 @@ def download(request, resourceid, sender=Layer):
                                         'error_message': _no_files_found
                                     },
                                     request=request), status=404)
-                else:
-                    return HttpResponse(
-                        loader.render_to_string(
-                            '401.html',
-                            context={
-                                'error_title': _("No files found."),
-                                'error_message': _no_files_found
-                            },
-                            request=request), status=404)
+
+            # Check we can access the original files
+            if not layer_files:
+                return HttpResponse(
+                    loader.render_to_string(
+                        '401.html',
+                        context={
+                            'error_title': _("No files found."),
+                            'error_message': _no_files_found
+                        },
+                        request=request), status=404)
 
             # Let's check for associated SLD files (if any)
             try:
@@ -297,7 +299,6 @@ def download(request, resourceid, sender=Layer):
                         traceback.print_exc()
                         tb = traceback.format_exc()
                         logger.debug(tb)
-
             except BaseException:
                 traceback.print_exc()
                 tb = traceback.format_exc()