dani/django-ram
1
0
Fork 0
mirror of https://github.com/daniviga/django-ram.git synced 2026-02-03 17:40:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix a bug with deduplicated file download

Browse Source
This commit is contained in:
Daniele Viganò
2026-01-14 11:36:09 +01:00
parent 8d899e4d9f
commit a254786ddc
1 changed files with 36 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
ram/ram/views.py
View File

@@ -85,12 +85,20 @@ class DownloadFile(View):
# Find all models inheriting from PublishableFile # Find all models inheriting from PublishableFile
for model in apps.get_models(): for model in apps.get_models():
if issubclass(model, PrivateDocument) and not model._meta.abstract: if issubclass(model, PrivateDocument) and not model._meta.abstract:
try: # Due to deduplication, multiple documents may have
doc = model.objects.get(file__endswith=filename) # the same file name; if any is private, use a failsafe
if doc.private and not request.user.is_staff: # approach enforce access control
docs = model.objects.filter(file__endswith=filename)
if not docs.exists():
continue
if (
any(doc.private for doc in docs)
and not request.user.is_staff
):
break break
file = doc.file file = docs.first().file
if not os.path.exists(file.path): if not os.path.exists(file.path):
break break
@@ -110,14 +118,9 @@ class DownloadFile(View):
open(file.path, "rb"), as_attachment=True open(file.path, "rb"), as_attachment=True
) )
response["Content-Disposition"] = ( response["Content-Disposition"] = '{}; filename="{}"'.format(
'{}; filename="{}"'.format( disposition, smart_str(os.path.basename(file.path))
disposition,
smart_str(os.path.basename(file.path))
)
) )
return response return response
except model.DoesNotExist:
continue
raise Http404("File not found") raise Http404("File not found")