details: http://www.bx.psu.edu/hg/galaxy/rev/037374950cc9 changeset: 2864:037374950cc9 user: Kanwei Li <kanwei@gmail.com> date: Fri Oct 09 16:59:35 2009 -0400 description: Encode HDA ids when peeking and saving. Fixes #110 5 file(s) affected in this change: lib/galaxy/web/controllers/dataset.py lib/galaxy/web/controllers/root.py templates/dataset/large_file.mako templates/root/history_common.mako test/base/twilltestcase.py diffs (187 lines): diff -r 5d63e4eee122 -r 037374950cc9 lib/galaxy/web/controllers/dataset.py --- a/lib/galaxy/web/controllers/dataset.py Fri Oct 09 16:02:31 2009 -0400 +++ b/lib/galaxy/web/controllers/dataset.py Fri Oct 09 16:59:35 2009 -0400 @@ -199,8 +199,9 @@ return 'This link may not be followed from within Galaxy.' @web.expose - def display(self, trans, dataset_id=None, filename=None, show_all=False, **kwd): + def display(self, trans, encoded_id=None, show_all=False, to_ext=False, **kwd): """Catches the dataset id and displays file contents as directed""" + dataset_id = trans.security.decode_id( encoded_id ) data = trans.app.model.HistoryDatasetAssociation.get( dataset_id ) if not data: raise paste.httpexceptions.HTTPRequestRangeNotSatisfiable( "Invalid reference dataset id: %s." % str( dataset_id ) ) @@ -208,27 +209,29 @@ if trans.app.security_agent.can_access_dataset( roles, data.dataset ): if data.state == trans.model.Dataset.states.UPLOAD: return trans.show_error_message( "Please wait until this dataset finishes uploading before attempting to view it." ) - if filename is None or filename.lower() == "index": - file_path = data.file_name - mime = trans.app.datatypes_registry.get_mimetype_by_extension( data.extension.lower() ) - trans.response.set_content_type(mime) - trans.log_event( "Display dataset id: %s" % str( dataset_id ) ) - - else: - file_path = os.path.join( data.extra_files_path, filename ) - mime, encoding = mimetypes.guess_type( file_path ) - if mime is None: - mime = trans.app.datatypes_registry.get_mimetype_by_extension( ".".split( file_path )[-1] ) - trans.response.set_content_type( mime ) + + mime = trans.app.datatypes_registry.get_mimetype_by_extension( data.extension.lower() ) + trans.response.set_content_type(mime) + trans.log_event( "Display dataset id: %s" % str( dataset_id ) ) + + if to_ext: # Saving the file + trans.response.headers['Content-Length'] = int( os.stat( data.file_name ).st_size ) + if to_ext[0] != ".": + to_ext = "." + to_ext + valid_chars = '.,^_-()[]0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' + fname = data.name + fname = ''.join(c in valid_chars and c or '_' for c in fname)[0:150] + trans.response.headers["Content-Disposition"] = "attachment; filename=GalaxyHistoryItem-%s-[%s]%s" % (data.hid, fname, to_ext) + return open( data.file_name ) - if os.path.exists( file_path ): + if os.path.exists( data.file_name ): max_peek_size = 1000000 # 1 MB - if show_all or os.stat( file_path ).st_size < max_peek_size: - return open( file_path ) + if show_all or os.stat( data.file_name ).st_size < max_peek_size: + return open( data.file_name ) else: trans.response.set_content_type( "text/html" ) - return trans.fill_template( "/dataset/large_file.mako", - truncated_data = open( file_path ).read(max_peek_size), + return trans.stream_template_mako( "/dataset/large_file.mako", + truncated_data = open( data.file_name ).read(max_peek_size), data = data ) else: raise paste.httpexceptions.HTTPNotFound( "File Not Found (%s)." % ( filename ) ) diff -r 5d63e4eee122 -r 037374950cc9 lib/galaxy/web/controllers/root.py --- a/lib/galaxy/web/controllers/root.py Fri Oct 09 16:02:31 2009 -0400 +++ b/lib/galaxy/web/controllers/root.py Fri Oct 09 16:59:35 2009 -0400 @@ -134,72 +134,6 @@ return rval ## ---- Dataset display / editing ---------------------------------------- - - @web.expose - def display( self, trans, id=None, hid=None, tofile=None, toext=".txt", **kwd ): - """ - Returns data directly into the browser. - Sets the mime-type according to the extension - """ - if hid is not None: - try: - hid = int( hid ) - except: - return "hid '%s' is invalid" %str( hid ) - history = trans.get_history() - for dataset in history.datasets: - if dataset.hid == hid: - data = dataset - break - else: - raise Exception( "No dataset with hid '%d'" % hid ) - else: - try: - data = self.app.model.HistoryDatasetAssociation.get( id ) - except: - return "Dataset id '%s' is invalid" %str( id ) - if data: - user, roles = trans.get_user_and_roles() - if trans.app.security_agent.can_access_dataset( roles, data.dataset ): - mime = trans.app.datatypes_registry.get_mimetype_by_extension( data.extension.lower() ) - trans.response.set_content_type(mime) - if tofile: - fStat = os.stat(data.file_name) - trans.response.headers['Content-Length'] = int(fStat.st_size) - if toext[0:1] != ".": - toext = "." + toext - valid_chars = '.,^_-()[]0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' - fname = data.name - fname = ''.join(c in valid_chars and c or '_' for c in fname)[0:150] - trans.response.headers["Content-Disposition"] = "attachment; filename=GalaxyHistoryItem-%s-[%s]%s" % (data.hid, fname, toext) - trans.log_event( "Display dataset id: %s" % str(id) ) - try: - return open( data.file_name ) - except: - return "This dataset contains no content" - else: - return "You are not allowed to access this dataset" - else: - return "No dataset with id '%s'" % str( id ) - - @web.expose - def display_child(self, trans, parent_id=None, designation=None, tofile=None, toext=".txt"): - """ - Returns child data directly into the browser, based upon parent_id and designation. - """ - try: - data = self.app.model.HistoryDatasetAssociation.get( parent_id ) - if data: - child = data.get_child_by_designation( designation ) - if child: - user, roles = trans.get_user_and_roles() - if trans.app.security_agent.can_access_dataset( roles, child ): - return self.display( trans, id=child.id, tofile=tofile, toext=toext ) - else: - return "You are not privileged to access this dataset." - except Exception: - pass - return "A child named %s could not be found for data %s" % ( designation, parent_id ) @web.expose def display_as( self, trans, id=None, display_app=None, **kwd ): diff -r 5d63e4eee122 -r 037374950cc9 templates/dataset/large_file.mako --- a/templates/dataset/large_file.mako Fri Oct 09 16:02:31 2009 -0400 +++ b/templates/dataset/large_file.mako Fri Oct 09 16:59:35 2009 -0400 @@ -2,8 +2,8 @@ <div class="warningmessagelarge"> This dataset is large and only the first megabyte is shown below.<br /> - <a href="${h.url_for( controller='dataset', action='display', dataset_id=data.id, show_all=True )}">Show all</a> | - <a href="${h.url_for( controller='root', action='display', id=data.id, tofile='yes', toext=data.ext )}">Save</a> + <a href="${h.url_for( controller='dataset', action='display', encoded_id=trans.security.encode_id( data.id ), show_all=True )}">Show all</a> | + <a href="${h.url_for( controller='dataset', action='display', encoded_id=trans.security.encode_id( data.id ), to_ext=data.ext )}">Save</a> </div> <pre> diff -r 5d63e4eee122 -r 037374950cc9 templates/root/history_common.mako --- a/templates/root/history_common.mako Fri Oct 09 16:02:31 2009 -0400 +++ b/templates/root/history_common.mako Fri Oct 09 16:59:35 2009 -0400 @@ -32,7 +32,7 @@ <img src="${h.url_for('/static/images/pencil_icon_grey.png')}" width='16' height='16' alt='edit attributes' title='edit attributes' class='button edit' border='0'> %endif %else: - <a class="icon-button display" title="display data" href="${h.url_for( controller='dataset', dataset_id=data.id, action='display', filename='index')}" target="galaxy_main"></a> + <a class="icon-button display" title="display data" href="${h.url_for( controller='dataset', action='display', encoded_id=trans.security.encode_id( data.id ))}" target="galaxy_main"></a> %if user_owns_dataset: <a class="icon-button edit" title="edit attributes" href="${h.url_for( controller='root', action='edit', id=data.id )}" target="galaxy_main"></a> %endif @@ -86,7 +86,7 @@ <div class="info">${_('Info: ')}${data.display_info()}</div> <div> %if data.has_data: - <a href="${h.url_for( controller='root', action='display', id=data.id, tofile='yes', toext=data.ext )}" target="_blank">save</a> + <a href="${h.url_for( controller='dataset', action='display', encoded_id=trans.security.encode_id( data.id ), to_ext=data.ext )}">save</a> %if user_owns_dataset: | <a href="${h.url_for( controller='tool_runner', action='rerun', id=data.id )}" target="galaxy_main">rerun</a> %endif diff -r 5d63e4eee122 -r 037374950cc9 test/base/twilltestcase.py --- a/test/base/twilltestcase.py Fri Oct 09 16:02:31 2009 -0400 +++ b/test/base/twilltestcase.py Fri Oct 09 16:59:35 2009 -0400 @@ -390,9 +390,9 @@ self.visit_url( "%s/dataset/undelete?id=%s" % ( self.url, hda_id ) ) if check_str: self.check_page_for_string( check_str ) - def display_history_item( self, id, check_str='' ): + def display_history_item( self, hda_id, check_str='' ): """Displays a history item - simulates eye icon click""" - self.visit_url( '%s/datasets/%s/display/index' % ( self.url, id ) ) + self.visit_url( '%s/dataset/display?encoded_id=%s' % ( self.url, self.security.encode_id( hda_id ) ) ) if check_str: self.check_page_for_string( check_str ) self.home()