Permissions control and slugify for filenames

filebrowser/settings.py

@@ -83,6 +83,8 @@
 NORMALIZE_FILENAME = getattr(settings, "FILEBROWSER_NORMALIZE_FILENAME", False)
 # Convert Filename (replace spaces and convert to lowercase)
 CONVERT_FILENAME = getattr(settings, "FILEBROWSER_CONVERT_FILENAME", True)
+SLUGIFY_FILENAME = getattr(settings, "FILEBROWSER_SLUGIFY_FILENAME", False)
+
 # Max. Entries per Page
 # Loading a Sever-Directory with lots of files might take a while
 # Use this setting to limit the items shown

filebrowser/sites.py

@@ -26,20 +26,32 @@
 from django.views.decorators.cache import never_cache
 from django.views.decorators.clickjacking import xframe_options_sameorigin
 from django.views.decorators.csrf import csrf_exempt
+from django.core.exceptions import PermissionDenied
 
 from filebrowser import signals
 from filebrowser.base import FileListing, FileObject
 from filebrowser.decorators import path_exists, file_exists
 from filebrowser.storage import FileSystemStorageMixin
 from filebrowser.templatetags.fb_tags import query_helper
 from filebrowser.utils import convert_filename
-from filebrowser.settings import (DIRECTORY, EXTENSIONS, SELECT_FORMATS, ADMIN_VERSIONS, ADMIN_THUMBNAIL, 
-    MAX_UPLOAD_SIZE, NORMALIZE_FILENAME, CONVERT_FILENAME, SEARCH_TRAVERSE, EXCLUDE, VERSIONS, 
+from filebrowser.settings import (DIRECTORY, EXTENSIONS, SELECT_FORMATS, ADMIN_VERSIONS, ADMIN_THUMBNAIL,
+    MAX_UPLOAD_SIZE, NORMALIZE_FILENAME, CONVERT_FILENAME, SEARCH_TRAVERSE, EXCLUDE, VERSIONS,
     VERSIONS_BASEDIR, EXTENSION_LIST, DEFAULT_SORTING_BY, DEFAULT_SORTING_ORDER, LIST_PER_PAGE,
     OVERWRITE_EXISTING, DEFAULT_PERMISSIONS, UPLOAD_TEMPDIR, ADMIN_CUSTOM
 )
 
 
+def check_permission(perm):
+
+    def decorator(view_func):
+        def wrap(instance, request, *args, **kwargs):
+            if not request.user.has_perm(perm):
+                raise PermissionDenied
+            else:
+                return view_func(instance, request, *args, **kwargs)
+        return wrap
+    return decorator
+
 
 # This use admin_custom and not admin.sites.site of Django.
 admin_site = import_string(ADMIN_CUSTOM) if ADMIN_CUSTOM else admin_site
@@ -271,6 +283,7 @@ def urls(self):
         "filebrowser.site URLs"
         return self.get_urls(), self.app_name, self.name
 
+    @check_permission('filebrowser.add_filebrowser')
     def browse(self, request):
         "Browse Files/Directories."
         filter_re = []
@@ -357,6 +370,7 @@ def filter_browse(item):
             }
         ))
 
+    @check_permission('filebrowser.add_filebrowser')
     def createdir(self, request):
         "Create Directory"
         from filebrowser.forms import CreateDirForm
@@ -398,6 +412,7 @@ def createdir(self, request):
             }
         ))
 
+    @check_permission('filebrowser.add_filebrowser')
     def upload(self, request):
         "Multipe File Upload."
         query = request.GET
@@ -416,6 +431,7 @@ def upload(self, request):
             }
         ))
 
+    @check_permission('filebrowser.delete_filebrowser')
     def delete_confirm(self, request):
         "Delete existing File/Directory."
         query = request.GET
@@ -454,6 +470,7 @@ def delete_confirm(self, request):
             }
         ))
 
+    @check_permission('filebrowser.delete_filebrowser')
     def delete(self, request):
         "Delete existing File/Directory."
         query = request.GET
@@ -473,6 +490,7 @@ def delete(self, request):
         redirect_url = reverse("filebrowser:fb_browse", current_app=self.name) + query_helper(query, "", "filename,filetype")
         return HttpResponseRedirect(redirect_url)
 
+    @check_permission('filebrowser.change_filebrowser')
     def detail(self, request):
         """
         Show detail page for a file.
@@ -532,6 +550,7 @@ def detail(self, request):
             }
         ))
 
+    @check_permission('filebrowser.add_filebrowser')
     def version(self, request):
         """
         Version detail.
@@ -552,6 +571,7 @@ def version(self, request):
             }
         ))
 
+    @check_permission('filebrowser.add_filebrowser')
     def _upload_file(self, request):
         """
         Upload file to the server.

filebrowser/utils.py

@@ -4,11 +4,13 @@
 import os
 import unicodedata
 import math
+from unidecode import unidecode
 
 from django.utils import six
 from django.utils.module_loading import import_string
-
-from filebrowser.settings import STRICT_PIL, NORMALIZE_FILENAME, CONVERT_FILENAME
+from django.utils.encoding import smart_unicode
+from django.template.defaultfilters import slugify
+from filebrowser.settings import STRICT_PIL, NORMALIZE_FILENAME, CONVERT_FILENAME, SLUGIFY_FILENAME
 from filebrowser.settings import VERSION_PROCESSORS
 
 if STRICT_PIL:
@@ -24,6 +26,18 @@ def convert_filename(value):
     """
     Convert Filename.
     """
+    if SLUGIFY_FILENAME:
+        chunks = value.split(os.extsep)
+        normalized = []
+        for v in chunks:
+            cleaned_val = re.sub(r'[_.,:;@#$%^&?*|()\[\]]', '-', v)
+            cleaned_val = slugify(unidecode(smart_unicode(cleaned_val)))
+            normalized.append(cleaned_val)
+
+        if len(normalized) > 1:
+            value = '.'.join(normalized)
+        else:
+            value = normalized[0]
 
     if NORMALIZE_FILENAME:
         chunks = value.split(os.extsep)