From 8b9486fc5f788c7c818f126decb915a1ea74914a Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Sun, 16 Feb 2020 04:59:02 +0000
Subject: [PATCH] Add API route to get backup URL

---
 apiserver/apiserver/api/permissions.py | 11 ++++++++++-
 apiserver/apiserver/api/views.py       | 25 +++++++++++++++++++++++--
 apiserver/apiserver/urls.py            |  1 +
 3 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/apiserver/apiserver/api/permissions.py b/apiserver/apiserver/api/permissions.py
index 46e999f..bde5278 100644
--- a/apiserver/apiserver/api/permissions.py
+++ b/apiserver/apiserver/api/permissions.py
@@ -5,7 +5,16 @@ class AllowMetadata(BasePermission):
         return request.method in ['OPTIONS', 'HEAD']
 
 def is_admin_director(user):
-    return bool(user.is_staff or user.member.is_director or user.member.is_staff)
+    if user.is_staff:
+        return True
+
+    if hasattr(user, 'member'):
+        if user.member.is_director:
+            return True
+        if user.member.is_staff:
+            return True
+
+    return False
 
 class IsObjOwnerOrAdmin(BasePermission):
     def has_object_permission(self, request, view, obj):
diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index daa2179..cbe7910 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -1,7 +1,7 @@
 from django.contrib.auth.models import User, Group
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, redirect
 from django.db.models import Max
-from django.http import HttpResponse
+from django.http import HttpResponse, Http404
 from django.core.files.base import File
 from django.core.cache import cache
 from rest_framework import viewsets, views, mixins, generics, exceptions
@@ -26,6 +26,7 @@ from .permissions import (
     IsAdminOrReadOnly,
     IsInstructorOrReadOnly
 )
+from .. import settings
 
 # define some shortcuts
 Base = viewsets.GenericViewSet
@@ -331,6 +332,26 @@ class StatsView(views.APIView):
         return Response(stats)
 
 
+class BackupView(views.APIView):
+    def get(self, request):
+        if not is_admin_director(self.request.user):
+            raise exceptions.PermissionDenied()
+
+        backup_path = cache.get('backup_path')
+        backup_url = 'https://static.{}/backups/{}'.format(
+            settings.PRODUCTION_HOST,
+            backup_path,
+        )
+
+        if not backup_path:
+            raise Http404
+
+        if request.META['HTTP_USER_AGENT'].lower().startswith('wget'):
+            return redirect(backup_url)
+        else:
+            return Response(dict(url=backup_url))
+
+
 
 class RegistrationView(RegisterView):
     serializer_class = serializers.MyRegisterSerializer
diff --git a/apiserver/apiserver/urls.py b/apiserver/apiserver/urls.py
index ef38f41..12d50b3 100644
--- a/apiserver/apiserver/urls.py
+++ b/apiserver/apiserver/urls.py
@@ -30,5 +30,6 @@ urlpatterns = [
     url(r'^user/', views.UserView.as_view(), name='user'),
     url(r'^ping/', views.PingView.as_view(), name='ping'),
     url(r'^stats/', views.StatsView.as_view(), name='stats'),
+    url(r'^backup/', views.BackupView.as_view(), name='backup'),
     url(IPN_ROUTE, views.IpnView.as_view(), name='ipn'),
 ]