Changeset 8467 for main/waeup.kofa/trunk/src/waeup/kofa

Timestamp:

18 May 2012, 00:13:37 (12 years ago)

Author:

uli

Message:

Use fileformat recognition when uploading student files.

Location:

main/waeup.kofa/trunk/src/waeup/kofa/students

Files:

• tests/test_browser.py (modified) (11 diffs)
• tests/test_image.bmp (added)
• tests/test_student.py (modified) (3 diffs)
• viewlets.py (modified) (7 diffs)

main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_browser.py

@@ -26 +26 @@
 import grok
 from zope.event import notify
-from zope.component import createObject, queryUtility, getUtility
+from zope.component import createObject, queryUtility
 from zope.component.hooks import setSite, clearSite
 from zope.catalog.interfaces import ICatalog
@@ -35 +35 @@
 from waeup.kofa.testing import FunctionalLayer, FunctionalTestCase
 from waeup.kofa.app import University
-from waeup.kofa.configuration import SessionConfiguration
 from waeup.kofa.students.student import Student
 from waeup.kofa.students.studylevel import StudentStudyLevel
 from waeup.kofa.university.faculty import Faculty
 from waeup.kofa.university.department import Department
-from waeup.kofa.interfaces import IUserAccount, IKofaUtils
+from waeup.kofa.interfaces import IUserAccount
 from waeup.kofa.authentication import LocalRoleSetEvent
 from waeup.kofa.hostels.hostel import Hostel, Bed, NOT_OCCUPIED
 
 PH_LEN = 2059  # Length of placeholder file
+
+SAMPLE_IMAGE = os.path.join(os.path.dirname(__file__), 'test_image.jpg')
+SAMPLE_IMAGE_BMP = os.path.join(os.path.dirname(__file__), 'test_image.bmp')
 
 def lookup_submit_value(name, value, browser):
@@ -522 +524 @@
         # as birth certificate
         self.browser.open(self.manage_clearance_path)
-        pseudo_image = StringIO('I pretend to be a graphics file')
+        image = open(SAMPLE_IMAGE, 'rb')
         ctrl = self.browser.getControl(name='birthcertificateupload')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_birth_certificate.jpg')
+        file_ctrl.add_file(image, filename='my_birth_certificate.jpg')
         # The Save action does not upload files
         self.browser.getControl("Save").click() # submit form
@@ -532 +534 @@
             in self.browser.contents)
         # ... but the correct upload submit button does
-        pseudo_image = StringIO('I pretend to be a graphics file')
+        image = open(SAMPLE_IMAGE)
         ctrl = self.browser.getControl(name='birthcertificateupload')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_birth_certificate.jpg')
+        file_ctrl.add_file(image, filename='my_birth_certificate.jpg')
         self.browser.getControl(
             name='upload_birthcertificateupload').click()
@@ -546 +548 @@
         self.assertEqual(
             self.browser.headers['content-type'], 'image/jpeg')
-        self.assertEqual(len(self.browser.contents), 31)
+        self.assertEqual(len(self.browser.contents), 2787)
         # Reuploading a file which is bigger than 150k will raise an error
         self.browser.open(self.manage_clearance_path)
-        photo_content = 'A' * 1024 * 151  # A string of 21 KB size
-        pseudo_image = StringIO(photo_content)
+        # An image > 150K
+        big_image = StringIO(open(SAMPLE_IMAGE, 'rb').read() * 75)
         ctrl = self.browser.getControl(name='birthcertificateupload')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_birth_certificate.jpg')
+        file_ctrl.add_file(big_image, filename='my_birth_certificate.jpg')
         self.browser.getControl(
             name='upload_birthcertificateupload').click()
         self.assertTrue(
             'Uploaded file is too big' in self.browser.contents)
-        # File names must meet several conditions
-        pseudo_image = StringIO('I pretend to be a graphics file')
+        # we do not rely on filename extensions given by uploaders
+        image = open(SAMPLE_IMAGE, 'rb') # a jpg-file
         ctrl = self.browser.getControl(name='birthcertificateupload')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my.photo.jpg')
+        # tell uploaded file is bmp
+        file_ctrl.add_file(image, filename='my_birth_certificate.bmp')
         self.browser.getControl(
             name='upload_birthcertificateupload').click()
-        self.assertTrue('File name contains more than one dot'
-            in self.browser.contents)
+        self.assertTrue(
+            # jpg file was recognized
+            'File birth_certificate.jpg uploaded.' in self.browser.contents)
+        # File names must meet several conditions
+        bmp_image = open(SAMPLE_IMAGE_BMP, 'rb')
         ctrl = self.browser.getControl(name='birthcertificateupload')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_birth_certificate')
-        self.browser.getControl(
-            name='upload_birthcertificateupload').click()
-        self.assertTrue('File name has no extension' in self.browser.contents)
-        ctrl = self.browser.getControl(name='birthcertificateupload')
-        file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_birth_certificate.bmp')
+        file_ctrl.add_file(bmp_image, filename='my_birth_certificate.bmp')
         self.browser.getControl(
             name='upload_birthcertificateupload').click()
@@ -586 +586 @@
         # Managers can add and delete second file
         self.browser.open(self.manage_clearance_path)
-        pseudo_image = StringIO('I pretend to be a graphics file')
+        image = open(SAMPLE_IMAGE, 'rb')
         ctrl = self.browser.getControl(name='birthcertificateupload')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_acceptance_letter.jpg')
+        file_ctrl.add_file(image, filename='my_acceptance_letter.jpg')
         self.browser.getControl(
             name='upload_acceptanceletterupload').click()
@@ -597 +597 @@
         ctrl = self.browser.getControl(name='acceptanceletterupload')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_acceptance_letter.jpg')
+        image.seek(0)
+        file_ctrl.add_file(image, filename='my_acceptance_letter.jpg')
         self.browser.getControl(
             name='upload_acceptanceletterupload').click()
@@ -610 +611 @@
         # Managers can upload a file via the StudentBaseManageFormPage
         self.browser.open(self.manage_student_path)
-        pseudo_image = StringIO('I pretend to be a graphics file')
+        image = open(SAMPLE_IMAGE_BMP, 'rb')
         ctrl = self.browser.getControl(name='passportuploadmanage')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_photo.bmp')
+        file_ctrl.add_file(image, filename='my_photo.bmp')
         self.browser.getControl(
             name='upload_passportuploadmanage').click()
@@ -620 +621 @@
         ctrl = self.browser.getControl(name='passportuploadmanage')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_photo.jpg')
+        image = open(SAMPLE_IMAGE, 'rb')
+        file_ctrl.add_file(image, filename='my_photo.jpg')
         self.browser.getControl(
             name='upload_passportuploadmanage').click()
@@ -631 +633 @@
         self.browser.open(self.student_path + '/clearance.pdf')
         self.assertEqual(self.browser.headers['Status'], '200 Ok')
-        self.assertEqual(self.browser.headers['Content-Type'], 'application/pdf')
+        self.assertEqual(self.browser.headers['Content-Type'],
+                         'application/pdf')
 
     def test_manage_course_lists(self):
@@ -1426 +1429 @@
         IWorkflowInfo(self.student).fireTransition('admit')
         self.browser.open(self.student_path + '/change_portrait')
-        pseudo_image = StringIO('I pretend to be a graphics file')
+        image = open(SAMPLE_IMAGE, 'rb')
         ctrl = self.browser.getControl(name='passportuploadedit')
         file_ctrl = ctrl.mech_control
-        file_ctrl.add_file(pseudo_image, filename='my_photo.jpg')
+        file_ctrl.add_file(image, filename='my_photo.jpg')
         self.browser.getControl(
             name='upload_passportuploadedit').click()

main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_student.py

@@ -130 +130 @@
 
     def create_passport_img(self, student):
-        # create some faked passport file for `student`
+        # create some passport file for `student`
         storage = getUtility(IExtFileStore)
+        image_path = os.path.join(os.path.dirname(__file__), 'test_image.jpg')
+        self.image_contents = open(image_path, 'rb').read()
         file_id = IFileStoreNameChooser(student).chooseName(
             attr='passport.jpg')
-        storage.createFile(file_id, StringIO('I am a fake image.'))
+        storage.createFile(file_id, StringIO(self.image_contents))
 
     def test_backup_single_student_data(self):
@@ -144 +146 @@
         del_dir = self.app['datacenter'].deleted_path
         del_img_path = os.path.join(
-            del_dir, 'media', 'students', '00111', 'A111111',
+            del_dir, 'media', 'students', '00110', 'A111111',
             'passport_A111111.jpg')
 
@@ -151 +153 @@
         self.assertEqual(
             open(del_img_path, 'rb').read(),
-            'I am a fake image.')
+            self.image_contents)
 
         # The student data were put into CSV files

main/waeup.kofa/trunk/src/waeup/kofa/students/viewlets.py

@@ -22 +22 @@
 from zope.i18n import translate
 from waeup.kofa.interfaces import (
-    IKofaObject, IExtFileStore, IFileStoreNameChooser, IKofaUtils)
+    IKofaObject, IExtFileStore, IFileStoreNameChooser)
 from waeup.kofa.interfaces import MessageFactory as _
 from waeup.kofa.utils.helpers import string_from_bytes, file_size
@@ -29 +29 @@
     PrimaryNavTab, ManageActionButton, AddActionButton)
 from waeup.kofa.browser.layout import (
-    default_primary_nav_template,
-    default_filedisplay_template, default_fileupload_template)
-from waeup.kofa.students.workflow import (ADMITTED, PAID,
-    CLEARANCE, REQUESTED, RETURNING, CLEARED, REGISTERED, VALIDATED)
+    default_primary_nav_template, default_filedisplay_template,
+    default_fileupload_template)
+from waeup.kofa.students.workflow import (
+    ADMITTED, PAID, REQUESTED, RETURNING, CLEARED, REGISTERED,
+    VALIDATED)
 from waeup.kofa.students.browser import (
-    StudentClearanceManageFormPage,
-    write_log_message, StudentBaseManageFormPage,
-    StudentFilesUploadPage, ExportPDFClearanceSlipPage, StudentsContainerPage,
+    StudentClearanceManageFormPage, write_log_message,
+    StudentBaseManageFormPage, StudentFilesUploadPage,
+    ExportPDFClearanceSlipPage, StudentsContainerPage,
     StudentsContainerManagePage, StudentBaseDisplayFormPage,
     StudentClearanceDisplayFormPage, StudentPersonalDisplayFormPage,
@@ -44 +45 @@
     StudentClearanceEditFormPage, StudentPersonalEditFormPage)
 from waeup.kofa.students.interfaces import (
-    IStudentsContainer, IStudent,
-    IStudentStudyCourse, IStudentAccommodation, IStudentStudyLevel,
-    ICourseTicket, IStudentOnlinePayment, IBedTicket,
+    IStudentsContainer, IStudent, IStudentStudyCourse, IStudentAccommodation,
+    IStudentStudyLevel, ICourseTicket, IStudentOnlinePayment, IBedTicket,
     )
-
-from waeup.kofa.interfaces import MessageFactory as _
+from waeup.kofa.utils.helpers import get_fileformat
 
 grok.context(IKofaObject) # Make IKofaObject the default context
@@ -512 +511 @@
     grok.order(1)
     grok.require('waeup.Authenticated')
-    pnav = 0 
+    pnav = 0
     tab_title = u'Some Text'
 
@@ -553 +552 @@
         targets += [
             {'url':student_url, 'title':'Base Data'},
-            {'url':student_url + '/view_clearance', 'title':_('Clearance Data')},
+            {'url':student_url + '/view_clearance',
+             'title':_('Clearance Data')},
             {'url':student_url + '/view_personal', 'title':_('Personal Data')},
             {'url':student_url + '/studycourse', 'title':_('Study Course')},
             {'url':student_url + '/payments', 'title':_('Payments')},
-            {'url':student_url + '/accommodation', 'title':_('Accommodation Data')},
+            {'url':student_url + '/accommodation',
+             'title':_('Accommodation Data')},
             {'url':student_url + '/history', 'title':_('History')},
             ]
@@ -581 +582 @@
     """
     # Check some file requirements first
-    if upload.filename.count('.') == 0:
-        view.flash(_('File name has no extension.'))
-        return False
-    if upload.filename.count('.') > 1:
-        view.flash(_('File name contains more than one dot.'))
-        return False
-    basename, expected_ext = os.path.splitext(download_name)
-    dummy, ext = os.path.splitext(upload.filename)
-    ext.lower()
-    if expected_ext:
-        if ext != expected_ext:
-            view.flash(_('${a} file extension expected.',
-                mapping = {'a':expected_ext.replace('.','')}))
-            return False
-    else:
-        if not ext.replace('.','') in ALLOWED_FILE_EXTENSIONS:
-            view.flash(
-                _('Only the following extension are allowed: ${a}',
-                mapping = {'a':', '.join(ALLOWED_FILE_EXTENSIONS)}))
-            return False
-        download_name += ext
     size = file_size(upload)
     if size > max_size:
@@ -607 +587 @@
         return False
     upload.seek(0) # file pointer moved when determining size
+    file_format = get_fileformat(None, upload.read(512))
+    upload.seek(0) # same here
+    if file_format is None:
+        view.flash(_('Could not determine file type.'))
+        return False
+    basename, expected_ext = os.path.splitext(download_name)
+    if expected_ext:
+        if '.' + file_format != expected_ext:
+            view.flash(_('${a} file extension expected.',
+                mapping = {'a':expected_ext[1:]}))
+            return False
+    else:
+        if not file_format in ALLOWED_FILE_EXTENSIONS:
+            view.flash(
+                _('Only the following extensions are allowed: ${a}',
+                mapping = {'a':', '.join(ALLOWED_FILE_EXTENSIONS)}))
+            return False
+        download_name += '.' + file_format
     store = getUtility(IExtFileStore)
     file_id = IFileStoreNameChooser(context).chooseName(attr=download_name)
     store.createFile(file_id, upload)
-    write_log_message(view, 'uploaded: %s (%s)' % (download_name,upload.filename))
+    write_log_message(view, 'uploaded: %s (%s)' % (
+        download_name,upload.filename))
     view.flash(_('File ${a} uploaded.', mapping = {'a':download_name}))
     return True