(self, root, absolute_path)
| 646 | |
| 647 | @check_authorization_sync |
| 648 | def validate_absolute_path(self, root, absolute_path): |
| 649 | audit_name = get_audit_name_from_request(self) |
| 650 | user_id = identify_user(self) |
| 651 | |
| 652 | file_download_feature = self.application.file_download_feature |
| 653 | |
| 654 | file_path = file_utils.relative_path(absolute_path, os.path.abspath(root)) |
| 655 | if not file_download_feature.allowed_to_download(file_path, user_id): |
| 656 | LOGGER.warning('Access attempt from ' + user_id + '(' + audit_name + ') to ' + absolute_path) |
| 657 | raise tornado.web.HTTPError(403) |
| 658 | |
| 659 | return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path) |
| 660 | |
| 661 | |
| 662 | # Use for testing only |
no test coverage detected