# HG changeset patch # User Thierry Florac # Date 1530612875 -7200 # Node ID bc6e355911d181d977387e5d062f1f73c6de5bcc # Parent 7c0f6dfc63873ec0d0ad969ec91c983cb5c36b87 Added custom file view to check for publication status before allowing access diff -r 7c0f6dfc6387 -r bc6e355911d1 src/pyams_content/component/file/__init__.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/pyams_content/component/file/__init__.py Tue Jul 03 12:14:35 2018 +0200 @@ -0,0 +1,41 @@ +# +# Copyright (c) 2008-2018 Thierry Florac +# All Rights Reserved. +# +# This software is subject to the provisions of the Zope Public License, +# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +# FOR A PARTICULAR PURPOSE. +# + +__docformat__ = 'restructuredtext' + + +# import standard library + +# import interfaces +from pyams_file.interfaces import IFile +from pyams_skin.layer import IPyAMSUserLayer +from pyams_utils.interfaces import VIEW_SYSTEM_PERMISSION +from pyams_workflow.interfaces import IWorkflowPublicationInfo + +# import packages +from pyams_file.views.file import FileView +from pyramid.exceptions import NotFound +from pyramid.location import lineage +from pyramid.view import view_config + + +@view_config(context=IFile, request_type=IPyAMSUserLayer) +def ProtectedFileView(request): + """Protected file view""" + context = request.context + if not request.has_permission(VIEW_SYSTEM_PERMISSION, context=context): # authenticated operator + for parent in lineage(context): + publication_info = IWorkflowPublicationInfo(parent, None) + if (publication_info is not None) and not publication_info.is_visible(request): + raise NotFound() + + return FileView(request)