Merge pull request #18 from seatable/external_app_thumbnail

external_app thumbnail
seatable · Apr 27, 2022 · 9aac582 · 9aac582
2 parents dab76a7 + f2e4f71
commit 9aac582
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -29,7 +29,7 @@ RUN rm -f /usr/bin/python && \
     ln -s /usr/local/bin/pip3.6 /usr/bin/pip && \
     ln -s /usr/local/bin/pip3.6 /usr/bin/pip3
 
-RUN pip3 install uvicorn pillow sqlalchemy==1.4.6 pymysql future requests redis django==3.2.* \
+RUN pip3 install uvicorn==0.16.0 pillow sqlalchemy==1.4.6 pymysql future requests redis django==3.2.* \
     -i https://mirrors.aliyun.com/pypi/simple && rm -r /root/.cache/pip
 
 

diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
-uvicorn
+uvicorn==0.16.0
 pillow
 sqlalchemy==1.4.6
 pymysql

diff --git a/seatable_thumbnail/permissions.py b/seatable_thumbnail/permissions.py
@@ -38,13 +38,15 @@ def set_cache_permission(self):
 
     def has_dtable_asset_read_permission(self):
         # four ways to access asset
-        # 1. through external link to get image
+        # 1. through external link or external app to get image
         # 2. through collection table to get image
         # 3. through dtable perm, including dtable share, dtable custom share
         # 4. through view share perm
 
         if self.can_access_image_through_external_link():
             return True
+        if self.can_access_image_through_external_app():
+            return True
         if self.has_collection_table_permission():
             return True
         if self.check_dtable_permission():
@@ -62,6 +64,14 @@ def can_access_image_through_external_link(self):
 
         return self.external_link['dtable_uuid'] == self.dtable_uuid
 
+    def can_access_image_through_external_app(self):
+        if not hasattr(self, 'external_app'):
+            return False
+        if not self.external_app.get('dtable_uuid'):
+            return False
+
+        return self.external_app['dtable_uuid'] == self.dtable_uuid
+
     def has_collection_table_permission(self):
         if not hasattr(self, 'collection_table'):
             return False

diff --git a/seatable_thumbnail/serializers.py b/seatable_thumbnail/serializers.py
@@ -51,10 +51,11 @@ def session_check(self):
         username = self.session_data.get('_auth_user_name')
         external_link = self.session_data.get('external_link')
         collection_table = self.session_data.get('collection_table')
+        external_app = self.session_data.get('external_app')
         if username:
             self.session_data['username'] = username
 
-        if not username and not external_link and not collection_table:
+        if not username and not external_link and not collection_table and not external_app:
             raise AssertionError(400, 'django session invalid.')
 
     def get_enable_file_type(self):