From 6394d83da267abff80be0a81909e9f211e89ea1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Mon, 2 May 2016 16:21:06 +0200
Subject: [PATCH] Prevent video processing for non-admin users.

---
 pillar/application/modules/file_storage.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pillar/application/modules/file_storage.py b/pillar/application/modules/file_storage.py
index e1159ab5..26f6879f 100644
--- a/pillar/application/modules/file_storage.py
+++ b/pillar/application/modules/file_storage.py
@@ -25,7 +25,7 @@ from werkzeug.exceptions import NotFound, InternalServerError
 
 from application import utils
 from application.utils import remove_private_keys
-from application.utils.authorization import require_login
+from application.utils.authorization import require_login, user_has_role
 from application.utils.cdn import hash_file_path
 from application.utils.encoding import Encoder
 from application.utils.gcs import GoogleCloudStorageBucket
@@ -194,6 +194,12 @@ def process_file(gcs, file_id, local_file):
     # TODO: overrule the content type based on file extention & magic numbers.
     mime_category, src_file['format'] = src_file['content_type'].split('/', 1)
 
+    # Prevent video handling for non-admins.
+    if not user_has_role(u'admin') and mime_category == 'video':
+        src_file['content_type'] = 'application/x-%s' % src_file['format']
+        mime_category = 'application'
+        log.info('Not processing video file %s for non-admin user', file_id)
+
     # Run the required processor, based on the MIME category.
     processors = {
         'image': _process_image,