diff --git a/airlock/views/request.py b/airlock/views/request.py index e63a2593..8439ce4e 100644 --- a/airlock/views/request.py +++ b/airlock/views/request.py @@ -81,6 +81,7 @@ def request_view(request, request_id: str, path: str = ""): "request_release_files", kwargs={"request_id": request_id}, ) + withdraw_file_url = reverse( "request_withdraw", kwargs={"request_id": request_id}, ) @@ -121,6 +122,43 @@ def request_view(request, request_id: str, path: str = ""): "is_output_checker": request.user.output_checker, "file_approve_url": file_approve_url, "file_reject_url": file_reject_url, + "request_submit_url": request_submit_url, + "request_reject_url": request_reject_url, + "release_files_url": release_files_url, + "withdraw_file_url": withdraw_file_url, + } + + return TemplateResponse(request, template, context) + + +@instrument(func_attributes={"release_request": "request_id"}) +@require_http_methods(["GET"]) +def request_contents(request, request_id: str, path: str): + release_request = get_release_request_or_raise(request.user, request_id) + + try: + abspath = release_request.abspath(path) + except bll.FileNotFound: + raise Http404() + + download = "download" in request.GET + # Downloads are only allowed for output checkers + # Downloads are not allowed for request authors (including those that are also + # output checkers) + if download: + if not request.user.output_checker or ( + release_request.author == request.user.username + ): + raise PermissionDenied() + + bll.audit_request_file_download(release_request, UrlPath(path), request.user) + return download_file(abspath, filename=path) + + bll.audit_request_file_access(release_request, UrlPath(path), request.user) + return serve_file(request, abspath, release_request.get_request_file(path)) + + +@instrument(func_attributes={"release_request": "request_id"}) @require_http_methods(["POST"]) def request_submit(request, request_id): release_request = get_release_request_or_raise(request.user, request_id)