chore: update auth

ckanext/files/assets/ts/files--queue.ts

@@ -168,7 +168,7 @@ ckan.module("files--queue", function ($) {
           widget
             .find("[data-upload-progress]")
             .removeClass("bg-primary bg-secondary")
-            .addClass("bg-success progress-bar-succes");
+            .addClass("bg-success progress-bar-success");
           this.sandbox.publish(
             ckan.CKANEXT_FILES.topics.queueItemUploaded,
             file,
@@ -200,7 +200,7 @@ ckan.module("files--queue", function ($) {
     toggleAnimation(widget: JQuery, state: boolean) {
       widget
         .find("[data-upload-progress]")
-        .toggleClass("progress-bar-animated", state);
+        .toggleClass("progress-bar-animated active", state);
     },
 
     _onWidgetResume(event: JQuery.TriggeredEvent) {

ckanext/files/logic/action.py

@@ -30,18 +30,22 @@ def files_file_search_by_user(context, data_dict):
     tk.check_access("files_file_search_by_user", context, data_dict)
     sess = context["session"]
 
+    user = model.User.get(data_dict.get("user", context["user"]))
+    if not user:
+        raise tk.ObjectNotFound("user")
+
+
     q = sess.query(File).join(
         Owner,
         sa.and_(File.id == Owner.item_id, Owner.item_type == "file"),  # type: ignore
     )
 
-    user = model.User.get(data_dict.get("user", context["user"]))
-    if not user:
-        raise tk.ObjectNotFound("user")
-
+    if "storage" in data_dict:
+        q = q.filter(File.storage == data_dict["storage"])
 
     q = q.filter(sa.and_(Owner.owner_type == "user", Owner.owner_id == user.id))
 
+
     total = q.count()
 
     parts = data_dict["sort"].split(".")
@@ -182,15 +186,10 @@ def files_file_show(context, data_dict):
     tk.check_access("files_file_show", context, data_dict)
 
     data_dict["id"]
-    fileobj = context["session"].query(File).filter_by(id=data_dict["id"]).one_or_none()
+    fileobj = context["session"].query(File).filter(File.id==data_dict["id"]).one_or_none()
     if not fileobj:
         raise tk.ObjectNotFound("file")
 
-    if context.get("update_access_time"):
-        fileobj.access()
-        if not context.get("defer_commit"):
-            context["session"].commit()
-
     return fileobj.dictize(context)
 
 
@@ -255,7 +254,7 @@ def files_upload_update(context, data_dict):
 
     extras = data_dict.get("__extras", {})
 
-    fileobj = context["session"].get(File, data_dict["id"])
+    fileobj = context["session"].query(File).filter_by(id=data_dict["id"]).one_or_none()
     if not fileobj:
         raise tk.ObjectNotFound("upload")
 
@@ -276,7 +275,7 @@ def files_upload_complete(context, data_dict):
     extras = data_dict.get("__extras", {})
 
     data_dict["id"]
-    fileobj = context["session"].get(File, data_dict["id"])
+    fileobj = context["session"].query(File).filter_by(id=data_dict["id"]).one_or_none()
     if not fileobj:
         raise tk.ObjectNotFound("upload")
 

ckanext/files/logic/auth.py

@@ -43,15 +43,30 @@ def _is_owner(user_id, file_id):
 
 
 @auth
+@tk.auth_disallow_anonymous_access
 def files_manage_files(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
     return {"success": False}
 
 
+@auth
+@tk.auth_disallow_anonymous_access
+def files_owns_file(context, data_dict):
+    # type: (types.Any, dict[str, types.Any]) -> types.Any
+    user = _get_user(context)
+    is_owner = bool(user and _is_owner(user.id, data_dict["id"]))
+
+    return {"success": is_owner, "msg": "Not an owner of the file"}
+
+
 @auth
 @tk.auth_disallow_anonymous_access
 def files_file_search_by_user(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
+    """Only user himself can view his own files."""
+
+    # `user` from context will be used used when it's not in data_dict, so it's
+    # an access to own files
     if "user" not in data_dict:
         return {"success": True}
 
@@ -64,46 +79,51 @@ def files_file_search_by_user(context, data_dict):
 
 
 @auth
+@tk.auth_disallow_anonymous_access
 def files_file_create(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
-    return authz.is_authorized("files_manage_files", context, data_dict)
+    return {"success": True}
 
 
 @auth
 @tk.auth_disallow_anonymous_access
 def files_file_delete(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
-    user = _get_user(context)
-    is_owner = bool(user and _is_owner(user.id, data_dict["id"]))
-
-    return {"success": is_owner, "msg": "Not authorized to remove the file"}
+    """Only owner can remove files."""
+    return authz.is_authorized("files_owns_file", context, data_dict)
 
 
 @auth
+@tk.auth_disallow_anonymous_access
 def files_file_show(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
-    return authz.is_authorized("files_manage_files", context, data_dict)
+    """Only owner can view files."""
+    return authz.is_authorized("files_owns_file", context, data_dict)
 
 
 @auth
+@tk.auth_disallow_anonymous_access
 def files_upload_show(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
-    return authz.is_authorized("files_manage_files", context, data_dict)
+    return authz.is_authorized("files_owns_file", context, data_dict)
 
 
 @auth
+@tk.auth_disallow_anonymous_access
 def files_upload_initialize(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
-    return authz.is_authorized("files_manage_files", context, data_dict)
+    return authz.is_authorized("files_file_create", context, data_dict)
 
 
 @auth
+@tk.auth_disallow_anonymous_access
 def files_upload_update(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
-    return authz.is_authorized("files_manage_files", context, data_dict)
+    return authz.is_authorized("files_owns_file", context, data_dict)
 
 
 @auth
+@tk.auth_disallow_anonymous_access
 def files_upload_complete(context, data_dict):
     # type: (types.Any, dict[str, types.Any]) -> types.Any
-    return authz.is_authorized("files_manage_files", context, data_dict)
+    return authz.is_authorized("files_owns_file", context, data_dict)

ckanext/files/logic/schema.py

@@ -18,14 +18,15 @@ def file_create(ignore_empty, unicode_safe, default, files_into_upload, not_miss
 
 
 @validator_args
-def _base_file_search(unicode_safe, default, int_validator, boolean_validator, one_of):
+def _base_file_search(unicode_safe, default, int_validator, boolean_validator, ignore_empty):
     # type: (types.Any, types.Any, types.Any, types.Any, types.Any) -> types.Any
 
     return {
         "start": [default(0), int_validator],
         "rows": [default(10), int_validator],
         "sort": [default("name"), unicode_safe],
         "reverse": [boolean_validator],
+        "storage": [ignore_empty, unicode_safe],
     }
 
 

ckanext/files/storage/google_cloud.py

@@ -21,6 +21,12 @@ class GCStorageData(GCAdditionalData, types.MinimalStorageData):
 
 RE_RANGE = re.compile(r"bytes=(?P<first_byte>\d+)-(?P<last_byte>\d+)")
 
+def decode(value):
+    # type: (bytes) -> str
+    if six.PY3:
+        return base64.decodebytes(value).hex()
+
+    return base64.decodestring(value).encode("hex")
 
 class GoogleCloudUploader(Uploader):
     storage = None  # type: GoogleCloudStorage # pyright: ignore
@@ -39,7 +45,7 @@ def upload(self, name, upload, extras):
         client = self.storage.client
         blob = client.bucket(self.storage.settings["bucket"]).blob(filepath)
         blob.upload_from_file(upload.stream)
-        filehash = base64.decodebytes(blob.md5_hash.encode()).hex()
+        filehash = decode(blob.md5_hash.encode())
         return {
             "filename": filename,
             "content_type": upload.content_type,
@@ -222,7 +228,7 @@ def complete_multipart_upload(self, upload_data, extras):
                 },
             )
 
-        filehash = base64.decodebytes(upload_data["result"]["md5Hash"].encode()).hex()
+        filehash = decode(upload_data["result"]["md5Hash"].encode())
 
         return {
             "filename": os.path.relpath(

ckanext/files/templates/files/snippets/file_table.html

@@ -76,17 +76,23 @@
                         <td>
                             {% block file_actions %}
                                 {% if owner_type == "user" and owner_id and h.check_access("files_file_delete", {"id": file.id})%}
-                                    {% set delete_extras = {"user_id": owner_id} %}
                                     <a class="btn btn-danger btn-sm" title="Remove the file"
-                                       href="{{ h.url_for('files.delete_file', file_id=file.id, **delete_extras) }}">
+                                       href="{{ h.url_for('files.delete_file',
+                                             file_id=file.id,
+                                             came_from=request.path, user_id=owner_id) }}">
                                         <i class="fa fa-remove"></i>
                                     </a>
                                 {% endif %}
 
                                 {% if not file.completed and h.check_access("files_upload_update", {"id": file.id})%}
                                     <label class="files--no-after-content btn btn-sm btn-primary" title="Resume upload">
                                         <i class="fa fa-upload"></i>
-                                        <input type="file" hidden data-module="files--restorer"
+                                        {% set extension = "." ~ file.name.rsplit('.', 1)|last %}
+
+                                        <input type="file" hidden data-module="files--restorer" class="hidden"
+                                               {% if extnension|length < file.name|length %}
+                                               accept="{{ extension }}"
+                                               {% endif %}
                                                data-module-name="{{ file.name }}"
                                                data-module-size="{{ file.storage_data.size }}"
                                                data-module-uploaded="{{ file.storage_data.uploaded }}"

ckanext/files/templates/files/snippets/uploader.html → ckanext/files/templates/files/snippets/uploader_v1.html

@@ -1,15 +1,11 @@
 {#
-storage
-uploader
-file_attrs
+storage?
+uploader?
+file_attrs?
 #}
 
 {% import 'macros/form.html' as form %}
 
-{% set storage = storage or "default" %}
-{% set uploader = uploader or "Standard" %}
-
-
 {% block uploader %}
     <div class="file-uploader">
         {% block form %}
@@ -22,7 +18,10 @@
         {% endblock form %}
 
         {% block progress %}
-            <div data-module="files--queue" data-module-storage="{{ storage }}" data-module-uploader="{{ uploader }}">
+            <div data-module="files--queue"
+                 {% if storage is defined %} data-module-storage="{{ storage }}"{% endif %}
+                 {% if uploader is defined %} data-module-uploader="{{ uploader }}"{% endif %}
+            >
 
                 <div data-upload-template hidden class="card file-uploader__queue_item my-1">
                     <div class="card-header">

ckanext/files/templates/files/user.html → ckanext/files/templates/files/user/index.html

@@ -1,10 +1,15 @@
+{#
+storage?
+uploader?
+#}
+
 {% extends "user/read_base.html" %}
 
 {% block page_primary_action %}
 
     {% if (g.userobj or current_user or {}).id == user_dict.id and h.check_access('files_file_create') %}
 
-        {% snippet "files/snippets/uploader.html" %}
+        {% snippet "files/snippets/uploader_v1.html", storage=storage, uploader=uploader %}
 
     {% endif %}
 {% endblock %}