Added custom file view to check for publication status before allowing access
authorThierry Florac <thierry.florac@onf.fr>
Tue, 03 Jul 2018 12:14:35 +0200
changeset 790 bc6e355911d1
parent 789 7c0f6dfc6387
child 791 29c778c100e0
Added custom file view to check for publication status before allowing access
src/pyams_content/component/file/__init__.py
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/pyams_content/component/file/__init__.py	Tue Jul 03 12:14:35 2018 +0200
@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2008-2018 Thierry Florac <tflorac AT ulthar.net>
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+
+__docformat__ = 'restructuredtext'
+
+
+# import standard library
+
+# import interfaces
+from pyams_file.interfaces import IFile
+from pyams_skin.layer import IPyAMSUserLayer
+from pyams_utils.interfaces import VIEW_SYSTEM_PERMISSION
+from pyams_workflow.interfaces import IWorkflowPublicationInfo
+
+# import packages
+from pyams_file.views.file import FileView
+from pyramid.exceptions import NotFound
+from pyramid.location import lineage
+from pyramid.view import view_config
+
+
+@view_config(context=IFile, request_type=IPyAMSUserLayer)
+def ProtectedFileView(request):
+    """Protected file view"""
+    context = request.context
+    if not request.has_permission(VIEW_SYSTEM_PERMISSION, context=context):  # authenticated operator
+        for parent in lineage(context):
+            publication_info = IWorkflowPublicationInfo(parent, None)
+            if (publication_info is not None) and not publication_info.is_visible(request):
+                raise NotFound()
+
+    return FileView(request)