archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Prevent video processing for non-admin users.

Browse Source
This commit is contained in:
Sybren A. Stüvel
2016-05-02 16:21:06 +02:00
parent b4327f22e8
commit 6394d83da2
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pillar/application/modules/file_storage.py
View File

@@ -25,7 +25,7 @@ from werkzeug.exceptions import NotFound, InternalServerError
from application import utils
from application.utils import remove_private_keys
from application.utils.authorization import require_login
from application.utils.authorization import require_login, user_has_role
from application.utils.cdn import hash_file_path
from application.utils.encoding import Encoder
from application.utils.gcs import GoogleCloudStorageBucket
@@ -194,6 +194,12 @@ def process_file(gcs, file_id, local_file):
# TODO: overrule the content type based on file extention & magic numbers.
mime_category, src_file['format'] = src_file['content_type'].split('/', 1)
# Prevent video handling for non-admins.
if not user_has_role(u'admin') and mime_category == 'video':
src_file['content_type'] = 'application/x-%s' % src_file['format']
mime_category = 'application'
log.info('Not processing video file %s for non-admin user', file_id)
# Run the required processor, based on the MIME category.
processors = {
'image': _process_image,