Commits

Kai Diefenbach committed eca5040

Fixed upload of images and files via SWFUpload.

Comments (0)

Files changed (4)

lfs/manage/utils.py

 # django imports
+from django.conf import settings
+from django.contrib.auth import SESSION_KEY
+from django.contrib.auth import BACKEND_SESSION_KEY
+from django.contrib.auth import load_backend
+from django.contrib.auth.models import AnonymousUser
 from django.core.exceptions import ObjectDoesNotExist
 from django.template import RequestContext
 from django.template.loader import render_to_string
                     yield item
         else:
             yield comb
-    
+
     return rloop(seqin, [])
-    
+
 if __name__ == "__main__":
     for x in cartesian_product([u'5|11', u'7|15', u'6|12']):
         print x
     i = 1
     for child in Category.objects.filter(parent=category):
         child.position = i
-        child.save()        
-        i+= 2
+        child.save()
+        i+= 2
+
+
+def get_user_from_session_key(session_key):
+    """Returns the user from the passed session_key.
+
+    This is a workaround for jquery.upload, which is used to mass upload images
+    and files.
+    """
+    try:
+        session_engine = __import__(settings.SESSION_ENGINE, {}, {}, [''])
+        session_wrapper = session_engine.SessionStore(session_key)
+        user_id = session_wrapper.get(SESSION_KEY)
+        auth_backend = load_backend(session_wrapper.get(BACKEND_SESSION_KEY))
+        if user_id and auth_backend:
+            return auth_backend.get_user(user_id)
+        else:
+            return AnonymousUser()
+    except AttributeError:
+        return AnonymousUser()

lfs/manage/views/product/images.py

 # django imports
 from django.contrib.auth.decorators import permission_required
+from django.contrib.auth.models import AnonymousUser
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.urlresolvers import reverse
 from django.http import HttpResponse
 from lfs.catalog.models import Product
 from lfs.core.signals import product_changed
 from lfs.core.utils import LazyEncoder
+from lfs.manage.utils import get_user_from_session_key
 
 @permission_required("core.manage_shop", login_url="/login/")
 def manage_images(request, product_id, as_string=False, template_name="manage/product/images.html"):
 
         return HttpResponse(result)
 
+
 # Actions
-@permission_required("core.manage_shop", login_url="/login/")
 def add_image(request, product_id):
     """Adds an image to product with passed product_id.
     """
+    user = get_user_from_session_key(request.POST.get("sessionid"))
+    if not user.has_perm("core.manage_shop"):
+        return HttpResponseRedirect("/login/")
     product = lfs_get_object_or_404(Product, pk=product_id)
     if request.method == "POST":
         for file_content in request.FILES.values():

lfs/manage/views/static_blocks.py

 from lfs.caching.utils import lfs_get_object_or_404
 from lfs.catalog.models import StaticBlock
 from lfs.catalog.models import File
+from lfs.manage.utils import get_user_from_session_key
 
 class StaticBlockForm(ModelForm):
     """Form to add and edit a static block.
 
     return HttpResponse(result)
 
-@permission_required("core.manage_shop", login_url="/login/")
 def add_files(request, id):
     """Adds files to static block with passed id.
     """
+    user = get_user_from_session_key(request.POST.get("sessionid"))
+    if not user.has_perm("core.manage_shop"):
+        return HttpResponseRedirect("/login/")
     static_block = lfs_get_object_or_404(StaticBlock, pk=id)
     if request.method == "POST":
         for file_content in request.FILES.values():

lfs/templates/manage/manage_base.html

 
         <script type="text/javascript" src="{{ MEDIA_URL }}lfs/swfupload/swfupload.js"></script>
         <script type="text/javascript" src="{{ MEDIA_URL }}lfs/swfupload/swfupload.queue.js"></script>
+        <script type="text/javascript" src="{{ MEDIA_URL }}lfs/swfupload/swfupload.cookies.js"></script>
         <script type="text/javascript" src="{{ MEDIA_URL }}lfs/swfupload/fileprogress.js"></script>
         <script type="text/javascript" src="{{ MEDIA_URL }}lfs/swfupload/handlers.js"></script>
         <link rel="stylesheet" type="text/css" href="{{ MEDIA_URL }}lfs/swfupload/default.css" />
                 </tr>
             </table>
         </div>
-        
+
         <table class="main">
             <tr>
                 {% block left-slot-wrapper %}
 
         <div id="dialog" title="LFS Dialog"></div>
     </body>
-</html>
+</html>