Skip to content

Instantly share code, notes, and snippets.

@cdw9
Created August 20, 2020 21:10
Show Gist options
  • Save cdw9/1217ba75613cb5de04321bae5308dcc7 to your computer and use it in GitHub Desktop.
Save cdw9/1217ba75613cb5de04321bae5308dcc7 to your computer and use it in GitHub Desktop.
Restrict access to a custom Plone File type
<!-- custom template -->
<browser:page
name="ofs_file_view"
class=".ofs.OFSFileView"
template="ofs_file_view.pt"
permission="zope2.View"
for="plone.app.contenttypes.interfaces.IFile"
/>
<!-- custom @@download for the type -->
<browser:page
name="download"
for="intranet.ofs.content.ofs_file.IOFSFile"
class=".ofs.OFSFileDownload"
permission="zope2.View"
/>
from plone.app.contenttypes.browser.file import FileView
from plone.namedfile.browser import Download
from plone.namedfile.utils import stream_data
def user_is_authorized(self):
user = self.request['AUTHENTICATED_USER']
roles = user.getRolesInContext(self.context)
return 'Manager' in roles or \
'Site Administrator' in roles
class OFSFileView(FileView):
"""define functions to be accessed by the template
"""
def is_authorized(self):
return user_is_authorized(self)
class OFSFileDownload(Download):
"""custom download permissions - check that user is
authorized before allowing download
"""
def __call__(self):
if user_is_authorized(self):
file = self._getFile()
self.set_headers(file)
return stream_data(file)
self.request.response.redirect(self.context.absolute_url())
<?xml version="1.0"?>
<object name="ofs_file" meta_type="Dexterity FTI" i18n:domain="plone"
xmlns:i18n="http://xml.zope.org/namespaces/i18n">
<property name="title" i18n:translate="">ofs File</property>
<property name="description" i18n:translate="">ofs File type</property>
<property name="icon_expr">string:${portal_url}/document_icon.png</property>
<property name="factory">ofs_file</property>
<property
name="add_view_expr">string:${folder_url}/++add++ofs_file</property>
<property name="link_target"></property>
<property name="immediate_view">ofs_file_view</property>
<property name="global_allow">False</property>
<property name="filter_content_types">True</property>
<property name="allowed_content_types"/>
<property name="allow_discussion">False</property>
<property name="default_view">ofs_file_view</property>
<property name="view_methods"/>
<property name="default_view_fallback">False</property>
<property name="add_permission">cmf.AddPortalContent</property>
<property name="klass">intranet.ofs.content.ofs_file.OFSFile</property>
<property name="model_file">plone.app.contenttypes.schema:file.xml</property>
<property name="model_source"></property>
<property name="schema"></property>
<property name="behaviors">
<element value="plone.app.dexterity.behaviors.filename.INameFromFileName"/>
<element value="plone.app.dexterity.behaviors.metadata.IPublication"/>
</property>
<property name="schema_policy">dexterity</property>
<alias from="(Default)" to="(dynamic view)"/>
<alias from="edit" to="@@edit"/>
<alias from="sharing" to="@@sharing"/>
<alias from="view" to="(selected layout)"/>
<action title="View" action_id="view" category="object" condition_expr=""
description="" icon_expr="" link_target="" url_expr="string:${object_url}"
visible="True">
<permission value="View"/>
</action>
<action title="Edit" action_id="edit" category="object" condition_expr=""
description="" icon_expr="" link_target=""
url_expr="string:${object_url}/edit" visible="True">
<permission value="Modify portal content"/>
</action>
</object>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
xmlns:tal="http://xml.zope.org/namespaces/tal"
xmlns:metal="http://xml.zope.org/namespaces/metal"
xmlns:i18n="http://xml.zope.org/namespaces/i18n"
lang="en"
metal:use-macro="context/main_template/macros/master"
i18n:domain="plone">
<body>
<metal:content-core fill-slot="content-core">
<metal:block define-macro="content-core"
tal:define="content_type context/file/contentType|nothing;
download_url string:${context/absolute_url}/@@download/file/${context/file/filename}">
<tal:authorized condition="view/is_authorized">
<p>
<a tal:attributes="href download_url">
<img tal:attributes="src view/get_mimetype_icon;
alt content_type;" border="0" />
<tal:name tal:content="context/file/filename" >Filename</tal:name>
</a>
<span class="discreet">&mdash; <span tal:replace="view/human_readable_size" /></span>
</p>
<video tal:condition="view/is_videotype" controls="controls">
<source tal:attributes="src download_url; type content_type"></source>
</video>
<audio tal:condition="view/is_audiotype" controls="controls">
<source tal:attributes="src download_url; type content_type"></source>
</audio>
<div tal:condition="python: content_type.startswith('text')">
<h2 i18n:translate="heading_file_contents">File contents</h2>
<pre tal:content="context/file/data|nothing" />
</div>
</tal:authorized>
<tal:unauthorized condition="not:view/is_authorized">
<h2>You are not authorized to view this resource</h2>
</tal:unauthorized>
</metal:block>
</metal:content-core>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment