I have a project that requires users to upload transaction files. These files
are sqlite databases created with a desktop application. I'm trying to figure
out a way to ensure that the files uploaded by the various users are infact
valid transaction files from the proper version of the appropriate application.
Since they are sqlite3 this _should_ be pretty easy with Python.
I've crated an onvalidation function that can pass off parameters to another
function that checks for the appropriate fields in the transaction file. The
problem is that I can't seem to get the name of the uploaded file as a string
that I can pass along to transaction_test().
My question(s):
How can I access the name of the file (as stored on disk)?
Is the name of the file only accessible after the form has been accepted?
model:
...
db.define_table('transaction',
Field('property', 'string',
requires=IS_MATCH('^[\w.-]{2,32}$',
error_message = 'Invalid characters')),
Field('owner', db.auth_user, default=auth.user_id,
readable=False, writable=False,),
Field('visibility', 'boolean', label='List publicly', default=True),
Field('description', 'text'),
Field('created_on', 'datetime', readable=True, writable=False,),
Field('file', 'upload', uploadseparate=True),
)
controller:
...
@auth.requires_login()
def create():
mechanism = request.args(0)
if mechanism == 'upload':
message = "Upload your Transaction"
db.transaction.file.writable=True
db.transaction.file.readable=True
form = crud.create(db.transaction, onvalidation=upload_proc)
else:
message = "Create a new Transaction"
db.transaction.file.writable=False
db.transaction.file.readable=False
form = crud.create(db.transaction, onvalidation=scratch_proc)
return dict(message=T(message), form=form)
def upload_proc(form):
form.vars.created_on = request.now #set time stamp properly
print form.vars.file.filename
if transaction_test(form.vars.file):
import os.popen2
popen2(transaction_BIN+' rebuild '+ form.vars.file)
else:
form.errors.file = "File is not a valid transaction repo"
...
def transaction_test(transaction_file):
#simple test to see whether 'transaction_file' is actually a sqlite3
database
#with some key tables required for transactions from (REDACTED)
import sqlite3
dbobj = sqlite3.connect(str(transaction_file.upload))
dbcursor = connection.cursor()
query_string = "SELECT name FROM sqlite_master WHERE type='table' AND " +\
"name='receiver' OR name='bursar' OR name='clagent' " +\
"name='lbroker' OR name='bbroker' OR name='loc';"
dbcursor.execute(query_string)
rows_returned = len(db.fetchall())
...
Thanks in advance...
--Cliff
