Search code examples
pythondjangofilefield

Suspiciousoperation error when trying to read the default value of a django filefield

I need to set up a model with a FileField in django, but, if the user doesn't give a value, i should set a default.

However, my model definition is the following

class AutoAttendant(models.Model):
    name = models.CharField(max_length=32)
    t_menu_id = models.IntegerField()
    t_menu_prompt = models.FileField(upload_to='user_menus', default='%suser_menus/ringtu_default.mp3' % settings.MEDIA_URL, \
            blank=True, null=False)

I was reading and django prevents access to this field to any other path rather than the specified on the upload_to parameter, so i guess this should be correct

But, then, I need to read this file and send it to an external web service and when i do the following:

send_to_ws(autoattendant_instance.t_menu_prompt.path)

i get a SuspiciousOperation error, any clue here?

Thank you very much.

EDIT: Adding more info

Here is what send_to_ws does:

def add_menu(self, filepath, menu='ROOT'):
    method = self.service.set_menu_prompt
    f = open(filepath, 'rb')
    data = f.read()
    mime_type = 'audio/mpeg'
    bin_param = (data, mime_type)
    request = self.factory.create('ns0:SetMenuPromptRequest')
    request.i_menu = self.get_menu_id(menu)
    request.prompt_type = 'menu'
    request.prompt = f.name.split('/')[-1]

    response = attach(method, bin_param, ATT_EP, request)
    return response

In this function i build a suds soap_request object and attach the file as a binary attachment.

I think the real problem is that I do an open(file) directly in this function, is there any way to work around this?

also, here is the traceback

Environment:


Request Method: GET
Request URL: http://127.0.0.1:8000/account/finish/

Django Version: 1.5
Python Version: 2.7.3
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'django.contrib.admindocs',
 'gunicorn',
 'django_extensions',
 'south',
 'compressor',
 'ringtu',
 'localization',
 'profiles',
 'services')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')


Traceback:
File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  115.                         response = callback(request, *callback_args, **callback_kwargs)
File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
  25.                 return view_func(request, *args, **kwargs)
File "/home/israelord/Work/RingTu/proyecto/code/profiles/views.py" in account_finish
  351.     upload = ph.add_menu(user)
File "/home/israelord/Work/RingTu/proyecto/code/profiles/helpers.py" in add_menu
  57.     response_upload = attwpr.add_menu(att)
File "/home/israelord/Work/RingTu/proyecto/code/services/decorators.py" in _wrap
  33.             result = f(*args, **kwargs)
File "/home/israelord/Work/RingTu/proyecto/code/services/autoattendant_wrapper.py" in add_menu
  111.         data = att_instance.t_menu_prompt.read()
File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/utils.py" in <lambda>
  16.     read = property(lambda self: self.file.read)
File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/db/models/fields/files.py" in _get_file
  46.             self._file = self.storage.open(self.name, 'rb')
File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/storage.py" in open
  36.         return self._open(name, mode)
File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/storage.py" in _open
  159.         return File(open(self.path(name), mode))
File "/home/israelord/.virtualenvs/ringtu-env/local/lib/python2.7/site-packages/django/core/files/storage.py" in path
  259.             raise SuspiciousOperation("Attempted access to '%s' denied." % name)

Exception Type: SuspiciousOperation at /account/finish/
Exception Value: Attempted access to '/media/user_menus/ringtu_default.mp3' denied.
Solution

  • In the end, the problem was the definition of the upload_to attribute on my FileField()

    This was how i did it at first 

    class AutoAttendant(models.Model):
    name = models.CharField(max_length=32)
    t_menu_id = models.IntegerField()
    t_menu_prompt = models.FileField(upload_to='user_menus', default='%suser_menus/ringtu_default.mp3' % settings.MEDIA_URL, \
            blank=True, null=False)

    And this is how i changed it thanks to some answers to this question Suspicious Operation Django

    class AutoAttendant(models.Model):
    name = models.CharField(max_length=32)
    t_menu_id = models.IntegerField()
    t_menu_prompt = models.FileField(upload_to='user_menus/', default='%suser_menus/ringtu_default.mp3' % settings.MEDIA_URL, \
                                     blank=True, null=False)

    notice the slash in the end of the upload_to definition.

    I have no idea why it works now, i guess I'll dig into it later