Skip to content

Commit

Permalink
views: records-ui file download view
Browse files Browse the repository at this point in the history
* Adds pluggable file download view for Records-UI.

Signed-off-by: Lars Holm Nielsen <lars.holm.nielsen@cern.ch>
  • Loading branch information
lnielsen committed Mar 21, 2016
1 parent 717a692 commit 8e6c077
Showing 1 changed file with 60 additions and 0 deletions.
60 changes: 60 additions & 0 deletions invenio_files_rest/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,66 @@
)


def file_download_ui(pid, record, filename=None, **kwargs):
"""File download view for a given record.
Plug this method into your ``RECORDS_UI_ENDPOINTS`` configuration:
.. code-block:: python
RECORDS_UI_ENDPOINTS = dict(
recid=dict(
# ...
route='/records/<pid_value/files/<filename>',
view_imp='invenio_files_rest.views.file_download_ui',
)
)
"""
# Extract file from record.
fileobj = None
for f in record.get('files', []):
if filename == f.get('filename'):
fileobj = f
break

if fileobj is None:
abort(404)

bucket_id = fileobj['bucket']
key = fileobj['filename']

bucket = Bucket.get(bucket_id)
if bucket is None:
abort(404, 'Bucket does not exist.')

permission = current_permission_factory(bucket, action='objects-read')

if permission is not None and not permission.can():
if current_user.is_authenticated:
abort(403, 'You do not have permissions to download the file.')
# TODO: Send user to login page.
abort(401)

obj = ObjectVersion.get(bucket_id, key)
if obj is None:
abort(404, 'Object does not exist.')

# TODO: implement access control
# TODO: implement support for tokens

chksum = fileobj.get('checksum')
if chksum and obj.file.checksum == chksum:
current_app.logger.warning(
'File checksum mismatch detected.',
extra=dict(
pid_type=pid.pid_type,
pid_value=pid.pid_value,
bucket=bucket_id,
))

return obj.file.send_file()


class BucketCollectionResource(ContentNegotiatedMethodView):
""""Bucket collection resource."""

Expand Down

0 comments on commit 8e6c077

Please sign in to comment.