serve disabled files internally (bug 625099)

apps/files/models.py

@@ -73,6 +73,8 @@ class File(amo.models.ModelBase):
         # at: http://bit.ly/h5qm4o
         if attachment:
             host = posixpath.join(settings.LOCAL_MIRROR_URL, '_attachments')
+        elif addon.is_disabled or self.status == amo.STATUS_DISABLED:
+            host = settings.PRIVATE_MIRROR_URL
         elif (addon.status == amo.STATUS_PUBLIC
               and not addon.disabled_by_user
               and self.status in (amo.STATUS_PUBLIC, amo.STATUS_BETA)

apps/versions/tests.py

@@ -252,6 +252,12 @@ class TestDownloadsBase(test_utils.TestCase):
             '%s/%s/%s' % (host, self.addon.id, file_.filename))
         eq_(response['X-Target-Digest'], file_.hash)
 
+    def assert_served_internally(self, response):
+        eq_(response.status_code, 200)
+        eq_(response['Location'],
+            os.path.join(settings.PRIVATE_MIRROR_URL, str(self.addon.id),
+                          self.file.filename))
+
     def assert_served_locally(self, response, file_=None, attachment=False):
         host = settings.LOCAL_MIRROR_URL
         if attachment:
@@ -291,27 +297,41 @@ class TestDownloads(TestDownloadsBase):
         self.addon.update(disabled_by_user=True)
         eq_(self.client.get(self.file_url).status_code, 404)
 
+    def test_file_disabled_404(self):
+        self.file.update(status=amo.STATUS_DISABLED)
+        eq_(self.client.get(self.file_url).status_code, 404)
+
+    def test_file_disabled_ok_for_author(self):
+        self.file.update(status=amo.STATUS_DISABLED)
+        assert self.client.login(username='g@gmail.com', password='password')
+        self.assert_served_internally(self.client.get(self.file_url))
+
+    def test_file_disabled_ok_for_admin(self):
+        self.file.update(status=amo.STATUS_DISABLED)
+        self.client.login(username='jbalogh@mozilla.com', password='password')
+        self.assert_served_internally(self.client.get(self.file_url))
+
     def test_admin_disabled_ok_for_author(self):
         # downloads_controller.php claims that add-on authors should be able to
         # download their disabled files.
         self.addon.update(status=amo.STATUS_DISABLED)
         assert self.client.login(username='g@gmail.com', password='password')
-        self.assert_served_locally(self.client.get(self.file_url))
+        self.assert_served_internally(self.client.get(self.file_url))
 
     def test_admin_disabled_ok_for_admin(self):
         self.addon.update(status=amo.STATUS_DISABLED)
         self.client.login(username='jbalogh@mozilla.com', password='password')
-        self.assert_served_locally(self.client.get(self.file_url))
+        self.assert_served_internally(self.client.get(self.file_url))
 
     def test_user_disabled_ok_for_author(self):
         self.addon.update(disabled_by_user=True)
         assert self.client.login(username='g@gmail.com', password='password')
-        self.assert_served_locally(self.client.get(self.file_url))
+        self.assert_served_internally(self.client.get(self.file_url))
 
     def test_user_disabled_ok_for_admin(self):
         self.addon.update(disabled_by_user=True)
         self.client.login(username='jbalogh@mozilla.com', password='password')
-        self.assert_served_locally(self.client.get(self.file_url))
+        self.assert_served_internally(self.client.get(self.file_url))
 
     def test_type_attachment(self):
         self.assert_served_by_mirror(self.client.get(self.file_url))

apps/versions/views.py

@@ -52,14 +52,26 @@ def _find_version_page(qs, addon, version_num):
         raise http.Http404()
 
 
+def sendfile(request, path):
+    # If mod_wsgi sees a 200 with a Location header Apache does an internal
+    # redirect to that URL. HTTP_X_FORWARDED_HOST is the empty string so that
+    # Django's fix_location_header doesn't try to add a hostname.
+    request.META['HTTP_X_FORWARDED_HOST'] = ''
+    response = http.HttpResponse()
+    response['Location'] = path
+    return response
+
+
 # Should accept junk at the end for filename goodness.
 def download_file(request, file_id, type=None):
     file = get_object_or_404(File.objects, pk=file_id)
     addon = get_object_or_404(Addon.objects, pk=file.version.addon_id)
 
-    if (addon.is_disabled and not
-        acl.has_perm(request, addon, viewer=True, ignore_disabled=True)):
-        raise http.Http404()
+    if addon.is_disabled or file.status == amo.STATUS_DISABLED:
+        if acl.has_perm(request, addon, viewer=True, ignore_disabled=True):
+            return sendfile(request, file.get_mirror(addon))
+        else:
+            raise http.Http404()
 
     attachment = (type == 'attachment' or not request.APP.browser)
 

settings.py

@@ -497,6 +497,7 @@ MONGO_PASSWORD = None
 MIRROR_DELAY = 30  # Minutes before we serve downloads from mirrors.
 MIRROR_URL = 'http://releases.mozilla.org/pub/mozilla.org/addons'
 LOCAL_MIRROR_URL = 'https://static.addons.mozilla.net/_files'
+PRIVATE_MIRROR_URL = '/_privatefiles'
 
 # File paths
 ADDON_ICONS_PATH = UPLOADS_PATH + '/addon_icons'