mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Fixed #8454: added a FILE_UPLOAD_PERMISSIONS setting to control the permissoin of files uploaded by the built-in file storage system. Thanks, dcwatson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -252,6 +252,10 @@ FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 # i.e. 2.5 MB | |||||||
| # (i.e. "/tmp" on *nix systems). | # (i.e. "/tmp" on *nix systems). | ||||||
| FILE_UPLOAD_TEMP_DIR = None | FILE_UPLOAD_TEMP_DIR = None | ||||||
|  |  | ||||||
|  | # The numeric mode to set newly-uploaded files to. The value should be a mode | ||||||
|  | # you'd pass directly to os.chmod; see http://docs.python.org/lib/os-file-dir.html. | ||||||
|  | FILE_UPLOAD_PERMISSIONS = None | ||||||
|  |  | ||||||
| # Default formatting for date objects. See all available format strings here: | # Default formatting for date objects. See all available format strings here: | ||||||
| # http://www.djangoproject.com/documentation/templates/#now | # http://www.djangoproject.com/documentation/templates/#now | ||||||
| DATE_FORMAT = 'N j, Y' | DATE_FORMAT = 'N j, Y' | ||||||
|   | |||||||
| @@ -173,6 +173,9 @@ class FileSystemStorage(Storage): | |||||||
|                 # OK, the file save worked. Break out of the loop. |                 # OK, the file save worked. Break out of the loop. | ||||||
|                 break |                 break | ||||||
|          |          | ||||||
|  |         if settings.FILE_UPLOAD_PERMISSIONS is not None: | ||||||
|  |             os.chmod(full_path, settings.FILE_UPLOAD_PERMISSIONS) | ||||||
|  |          | ||||||
|         return name |         return name | ||||||
|  |  | ||||||
|     def delete(self, name): |     def delete(self, name): | ||||||
|   | |||||||
| @@ -453,6 +453,8 @@ Default: ``'utf-8'`` | |||||||
| The character encoding used to decode any files read from disk. This includes | The character encoding used to decode any files read from disk. This includes | ||||||
| template files and initial SQL data files. | template files and initial SQL data files. | ||||||
|  |  | ||||||
|  | .. setting:: FILE_UPLOAD_HANDLERS | ||||||
|  |  | ||||||
| FILE_UPLOAD_HANDLERS | FILE_UPLOAD_HANDLERS | ||||||
| -------------------- | -------------------- | ||||||
|  |  | ||||||
| @@ -465,6 +467,8 @@ Default:: | |||||||
|  |  | ||||||
| A tuple of handlers to use for uploading. See :ref:`topics-files` for details. | A tuple of handlers to use for uploading. See :ref:`topics-files` for details. | ||||||
|  |  | ||||||
|  | .. setting:: FILE_UPLOAD_MAX_MEMORY_SIZE | ||||||
|  |  | ||||||
| FILE_UPLOAD_MAX_MEMORY_SIZE | FILE_UPLOAD_MAX_MEMORY_SIZE | ||||||
| --------------------------- | --------------------------- | ||||||
|  |  | ||||||
| @@ -475,6 +479,8 @@ Default: ``2621440`` (i.e. 2.5 MB). | |||||||
| The maximum size (in bytes) that an upload will be before it gets streamed to | The maximum size (in bytes) that an upload will be before it gets streamed to | ||||||
| the file system. See :ref:`topics-files` for details. | the file system. See :ref:`topics-files` for details. | ||||||
|  |  | ||||||
|  | .. setting:: FILE_UPLOAD_TEMP_DIR | ||||||
|  |  | ||||||
| FILE_UPLOAD_TEMP_DIR | FILE_UPLOAD_TEMP_DIR | ||||||
| -------------------- | -------------------- | ||||||
|  |  | ||||||
| @@ -488,6 +494,34 @@ example, this will default to '/tmp' on \*nix-style operating systems. | |||||||
|  |  | ||||||
| See :ref:`topics-files` for details. | See :ref:`topics-files` for details. | ||||||
|  |  | ||||||
|  | .. setting:: FILE_UPLOAD_PERMISSIONS | ||||||
|  |  | ||||||
|  | FILE_UPLOAD_PERMISSIONS | ||||||
|  | ----------------------- | ||||||
|  |  | ||||||
|  | Default: ``None`` | ||||||
|  |  | ||||||
|  | The numeric mode (i.e. ``0644``) to set newly uploaded files to. For | ||||||
|  | more information about what these modes mean, see the `documentation for | ||||||
|  | os.chmod`_ | ||||||
|  |  | ||||||
|  | If this isn't given or is ``None``, you'll get operating-system | ||||||
|  | dependent behavior. On most platforms, temporary files will have a mode | ||||||
|  | of ``0600``, and files saved from memory will be saved using the | ||||||
|  | system's standard umask. | ||||||
|  |  | ||||||
|  | .. warning:: | ||||||
|  |  | ||||||
|  |     **Always prefix the mode with a 0.** | ||||||
|  |      | ||||||
|  |     If you're not familiar with file modes, please note that the leading | ||||||
|  |     ``0`` is very important: it indicates an octal number, which is the | ||||||
|  |     way that modes must be specified. If you try to use ``644``, you'll | ||||||
|  |     get totally incorrect behavior. | ||||||
|  |      | ||||||
|  |  | ||||||
|  | .. _documentation for os.chmod: http://docs.python.org/lib/os-file-dir.html  | ||||||
|  |  | ||||||
| .. setting:: FIXTURE_DIRS | .. setting:: FIXTURE_DIRS | ||||||
|  |  | ||||||
| FIXTURE_DIRS | FIXTURE_DIRS | ||||||
|   | |||||||
| @@ -122,25 +122,43 @@ Changing upload handler behavior | |||||||
|  |  | ||||||
| Three settings control Django's file upload behavior: | Three settings control Django's file upload behavior: | ||||||
|  |  | ||||||
|     ``FILE_UPLOAD_MAX_MEMORY_SIZE`` |     :setting:`FILE_UPLOAD_MAX_MEMORY_SIZE` | ||||||
|         The maximum size, in bytes, for files that will be uploaded |         The maximum size, in bytes, for files that will be uploaded into memory. | ||||||
|         into memory. Files larger than ``FILE_UPLOAD_MAX_MEMORY_SIZE`` |         Files larger than :setting:`FILE_UPLOAD_MAX_MEMORY_SIZE` will be | ||||||
|         will be streamed to disk. |         streamed to disk. | ||||||
|  |  | ||||||
|         Defaults to 2.5 megabytes. |         Defaults to 2.5 megabytes. | ||||||
|  |  | ||||||
|     ``FILE_UPLOAD_TEMP_DIR`` |     :setting:`FILE_UPLOAD_TEMP_DIR` | ||||||
|         The directory where uploaded files larger than ``FILE_UPLOAD_TEMP_DIR`` |         The directory where uploaded files larger than | ||||||
|         will be stored. |         :setting:`FILE_UPLOAD_TEMP_DIR` will be stored. | ||||||
|  |  | ||||||
|         Defaults to your system's standard temporary directory (i.e. ``/tmp`` on |         Defaults to your system's standard temporary directory (i.e. ``/tmp`` on | ||||||
|         most Unix-like systems). |         most Unix-like systems). | ||||||
|          |          | ||||||
|     ``FILE_UPLOAD_HANDLERS`` |     :setting:`FILE_UPLOAD_PERMISSIONS` | ||||||
|         The actual handlers for uploaded files. Changing this setting |         The numeric mode (i.e. ``0644``) to set newly uploaded files to. For | ||||||
|         allows complete customization -- even replacement -- of |         more information about what these modes mean, see the `documentation for | ||||||
|         Django's upload process. See `upload handlers`_, below, |         os.chmod`_ | ||||||
|         for details. |          | ||||||
|  |         If this isn't given or is ``None``, you'll get operating-system | ||||||
|  |         dependent behavior. On most platforms, temporary files will have a mode | ||||||
|  |         of ``0600``, and files saved from memory will be saved using the | ||||||
|  |         system's standard umask. | ||||||
|  |          | ||||||
|  |         .. warning:: | ||||||
|  |          | ||||||
|  |             If you're not familiar with file modes, please note that the leading | ||||||
|  |             ``0`` is very important: it indicates an octal number, which is the | ||||||
|  |             way that modes must be specified. If you try to use ``644``, you'll | ||||||
|  |             get totally incorrect behavior. | ||||||
|  |              | ||||||
|  |             **Always prefix the mode with a ``0``.** | ||||||
|  |  | ||||||
|  |     :setting:`FILE_UPLOAD_HANDLERS` | ||||||
|  |         The actual handlers for uploaded files. Changing this setting allows | ||||||
|  |         complete customization -- even replacement -- of Django's upload | ||||||
|  |         process. See `upload handlers`_, below, for details. | ||||||
|  |  | ||||||
|         Defaults to:: |         Defaults to:: | ||||||
|  |  | ||||||
| @@ -150,6 +168,8 @@ Three settings control Django's file upload behavior: | |||||||
|         Which means "try to upload to memory first, then fall back to temporary |         Which means "try to upload to memory first, then fall back to temporary | ||||||
|         files." |         files." | ||||||
|  |  | ||||||
|  | .. _documentation for os.chmod: http://docs.python.org/lib/os-file-dir.html  | ||||||
|  |  | ||||||
| ``UploadedFile`` objects | ``UploadedFile`` objects | ||||||
| ======================== | ======================== | ||||||
|  |  | ||||||
|   | |||||||
| @@ -86,9 +86,10 @@ u'custom_storage.2' | |||||||
| # Tests for a race condition on file saving (#4948). | # Tests for a race condition on file saving (#4948). | ||||||
| # This is written in such a way that it'll always pass on platforms  | # This is written in such a way that it'll always pass on platforms  | ||||||
| # without threading. | # without threading. | ||||||
|  | import os | ||||||
| import time | import time | ||||||
| from unittest import TestCase | from unittest import TestCase | ||||||
|  | from django.conf import settings | ||||||
| from django.core.files.base import ContentFile | from django.core.files.base import ContentFile | ||||||
| from models import temp_storage | from models import temp_storage | ||||||
| try: | try: | ||||||
| @@ -117,3 +118,15 @@ class FileSaveRaceConditionTest(TestCase): | |||||||
|         temp_storage.delete('conflict') |         temp_storage.delete('conflict') | ||||||
|         temp_storage.delete('conflict_') |         temp_storage.delete('conflict_') | ||||||
|  |  | ||||||
|  | class FileStoragePermissions(TestCase): | ||||||
|  |     def setUp(self): | ||||||
|  |         self.old_perms = settings.FILE_UPLOAD_PERMISSIONS | ||||||
|  |         settings.FILE_UPLOAD_PERMISSIONS = 0666 | ||||||
|  |          | ||||||
|  |     def test_file_upload_permissions(self): | ||||||
|  |         name = temp_storage.save("the_file", ContentFile("data")) | ||||||
|  |         actual_mode = os.stat(temp_storage.path(name))[0] & 0777 | ||||||
|  |         self.assertEqual(actual_mode, 0666) | ||||||
|  |          | ||||||
|  |     def tearDown(self): | ||||||
|  |         settings.FILE_UPLOAD_PERMISSIONS = self.old_perms | ||||||
		Reference in New Issue
	
	Block a user