| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 |
- from account.decorators import login_required
- from file.models import File
- from django.http import FileResponse
- from django.utils.http import urlquote
- from folder.models import Folder
- from .judgement_function import judge_filepath
- from account.models import get_user
- from utils.debug import debug_view
- from utils.http import make_json_response
- from utils.permission import can_delete
- from utils.crypto import secure_transport
- from utils.crypto import get_file_encrypt_cipher
- import base64
- # Create your views here.
- @secure_transport
- @debug_view(template_name='upload_file.html')
- @login_required
- def upload_file(request):
- data = request.POST
- user = get_user(request)
- key = data.get('key', '')
- if key:
- file_b64 = data.get('file_b64')
- if not file_b64:
- return make_json_response(code=400, error='文件不存在')
- file_name = data.get('file_name')
- else:
- try:
- file_obj = request.FILES.get('file')
- except:
- return make_json_response(code=400, error='文件不存在')
- file_name = file_obj.name
- file_type = judge_filepath(file_name.split('.')[-1].lower()) if '.' in file_name else ''
- father_folder_id = data.get('father_folder_id')
- try:
- folder = Folder.objects.get(folder_id=father_folder_id)
- except:
- return make_json_response(code=402, error='文件夹不存在')
- if not folder.check_permission(user=user):
- return make_json_response(code=404, error='没有上传文件的权限')
- file = File.objects.create(file_name=file_name,
- father_folder=folder,
- file_type=file_type,
- owner=user,
- group=folder.group,
- key=key)
- try:
- file_path = file.get_path()
- with open(file_path, 'wb+') as f:
- if key:
- file_bytes = base64.b64decode(file_b64)
- enc_file_bytes = get_file_encrypt_cipher().encrypt(file_bytes)
- f.write(enc_file_bytes)
- else:
- for chunk in file_obj.chunks():
- f.write(chunk)
- except Exception as e:
- file.delete()
- return make_json_response(code=500, error='文件保存失败')
- return make_json_response()
- @secure_transport
- # @debug_view('file_id')
- @login_required
- def download_file(request):
- user = get_user(request)
- file_id = request.POST.get('file_id')
- try:
- file = File.objects.get(file_id=file_id)
- except:
- return make_json_response(code=402, error='文件不存在')
- if not file.father_folder.check_permission(user=user):
- return make_json_response(code=404, error='没有下载文件的权限')
- try:
- file_path = file.get_path()
- f = open(file_path, 'rb')
- except:
- return make_json_response(code=500, error='文件读取失败')
- if file.key:
- try:
- enc_file_bytes = f.read()
- file_bytes = get_file_encrypt_cipher().decrypt(enc_file_bytes)
- file_b64 = base64.b64encode(file_bytes).decode()
- f.close()
- except:
- return make_json_response(code=500, error='文件读取失败')
- return make_json_response(file_b64=file_b64, **file.to_json())
- else:
- file_name = file.file_name
- response = FileResponse(f)
- response['Content-Type'] = 'application/octet-stream'
- response['Content-Disposition'] = 'attachment;filename={}'.format(urlquote(file_name))
- return response
- @secure_transport
- # @debug_view('file_id')
- @login_required
- def delete_file(request):
- data = request.POST
- user = get_user(request)
- file_id = data.get('file_id')
- try:
- file = File.objects.get(file_id=file_id)
- except:
- return make_json_response(code=402, error='文件不存在')
- if not can_delete(user=user, f=file):
- return make_json_response(code=404, error='没有删除文件的权限')
- file.delete()
- return make_json_response()
|
