1 files changed, 54 insertions, 0 deletions
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py
index d5727f301..3db471b84 100644
--- a/ishtar_common/utils.py
+++ b/ishtar_common/utils.py
@@ -23,15 +23,19 @@ from functools import wraps
 from itertools import chain
 from inspect import currentframe, getframeinfo
 import hashlib
+from importlib import import_module
+import io
 import os
 import random
 import re
 import requests
+from secretary import Renderer as MainSecretaryRenderer, UndefinedSilently
 import shutil
 import six
 import subprocess
 import sys
 import tempfile
+import zipfile
 
 from django import forms
 from django.apps import apps
@@ -41,6 +45,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.contrib.gis.geos import GEOSGeometry
 from django.contrib.sessions.backends.db import SessionStore
 from django.core.cache import cache
+from django.core.exceptions import SuspiciousOperation
 from django.core.files import File
 from django.core.validators import EMPTY_VALUES
 from django.core.urlresolvers import reverse
@@ -95,6 +100,33 @@ class BColors:
 CSV_OPTIONS = {'delimiter': ',', 'quotechar': '"', 'quoting': QUOTE_ALL}
 
 
+def is_safe_path(basedir, path, follow_symlinks=True):
+    # resolves symbolic links
+    if follow_symlinks:
+        return os.path.realpath(path).startswith(basedir)
+
+    return os.path.abspath(path).startswith(basedir)
+
+
+def import_class(full_path_classname):
+    """
+    Return the model class from the full path
+    """
+    mods = full_path_classname.split('.')
+    if len(mods) == 1:
+        mods = ['ishtar_common', 'models', mods[0]]
+    elif 'models' not in mods and 'models_finds' not in mods \
+            and 'models_treatments' not in mods:
+        raise SuspiciousOperation(
+            u"Try to import a non model from a string")
+    module = import_module('.'.join(mods[:-1]))
+    model = getattr(module, mods[-1])
+    if not issubclass(model, models.Model):
+        raise SuspiciousOperation(
+            u"Try to import a non model from a string")
+    return model
+
+
 def check_rights(rights=None, redirect_url='/'):
     """
     Decorator that checks the rights to access the view.
@@ -324,6 +356,28 @@ def force_cached_label_changed(sender, **kwargs):
     cached_label_changed(sender, **kwargs)
 
 
+class SecretaryRenderer(MainSecretaryRenderer):
+    def _pack_document(self, files):
+        """
+        Overload _pack_document: obsolete files can be referenced - continue
+        on null content for files
+        """
+        self.log.debug('packing document')
+        zip_file = io.BytesIO()
+
+        zipdoc = zipfile.ZipFile(zip_file, 'a')
+        for fname, content in files.items():
+            if isinstance(content, UndefinedSilently):
+                continue
+            if sys.version_info >= (2, 7):
+                zipdoc.writestr(fname, content, zipfile.ZIP_DEFLATED)
+            else:
+                zipdoc.writestr(fname, content)
+        self.log.debug('Document packing completed')
+        return zip_file
+
+
+
 def serialize_args_for_tasks(sender, instance, kwargs, extra_kwargs=None):
     if 'instance' in kwargs:
         kwargs['instance'] = kwargs["instance"].pk