From 46fb02376e00750c29222952e5cdeaa5dad89ba1 Mon Sep 17 00:00:00 2001 From: vabene1111 Date: Sun, 21 Feb 2021 16:37:04 +0100 Subject: [PATCH] recipe share basics --- cookbook/helper/permission_helper.py | 2 +- cookbook/helper/scope_middleware.py | 4 +- cookbook/templates/no_groups_info.html | 7 +- cookbook/templates/no_perm_info.html | 20 +++++ cookbook/templates/no_space_info.html | 2 +- cookbook/urls.py | 1 + cookbook/views/api.py | 7 +- cookbook/views/views.py | 106 ++++++++++--------------- 8 files changed, 80 insertions(+), 69 deletions(-) create mode 100644 cookbook/templates/no_perm_info.html diff --git a/cookbook/helper/permission_helper.py b/cookbook/helper/permission_helper.py index ebd7d0828..e170063f7 100644 --- a/cookbook/helper/permission_helper.py +++ b/cookbook/helper/permission_helper.py @@ -108,7 +108,7 @@ def group_required(*groups_required): def in_groups(u): return has_group_permission(u, groups_required) - return user_passes_test(in_groups, login_url='view_no_group') + return user_passes_test(in_groups, login_url='view_no_perm') class GroupRequiredMixin(object): diff --git a/cookbook/helper/scope_middleware.py b/cookbook/helper/scope_middleware.py index 6dacc5b99..6b5191df0 100644 --- a/cookbook/helper/scope_middleware.py +++ b/cookbook/helper/scope_middleware.py @@ -28,4 +28,6 @@ class ScopeMiddleware: with scope(space=request.space): return self.get_response(request) else: - return self.get_response(request) + with scopes_disabled(): + request.space = None + return self.get_response(request) diff --git a/cookbook/templates/no_groups_info.html b/cookbook/templates/no_groups_info.html index eac51be12..1059e11a6 100644 --- a/cookbook/templates/no_groups_info.html +++ b/cookbook/templates/no_groups_info.html @@ -12,7 +12,12 @@

{% trans 'No Permissions' %}


- {% trans 'You do not have any groups and therefor cannot use this application. Please contact your administrator.' %}
+ + + {% trans 'You do not have any groups and therefor cannot use this application.' %} + {% trans 'Please contact your administrator.' %} + +
diff --git a/cookbook/templates/no_perm_info.html b/cookbook/templates/no_perm_info.html new file mode 100644 index 000000000..a2cb50cc8 --- /dev/null +++ b/cookbook/templates/no_perm_info.html @@ -0,0 +1,20 @@ +{% extends "base.html" %} +{% load static %} +{% load i18n %} + +{% block title %}{% trans "No Permission" %}{% endblock %} + + +{% block content %} + +
+ +

{% trans 'No Permission' %}

+
+ + {% trans 'You do not have the required permissions to view this page or perform this action.' %} {% trans 'Please contact your administrator.' %}
+ +
+ +{% endblock %} + diff --git a/cookbook/templates/no_space_info.html b/cookbook/templates/no_space_info.html index f8ad26e84..e8525f5c5 100644 --- a/cookbook/templates/no_space_info.html +++ b/cookbook/templates/no_space_info.html @@ -12,7 +12,7 @@

{% trans 'No Space' %}


- {% trans 'You are not a member of any space. Please contact your administrator.' %}
+ {% trans 'You are not a member of any space.' %} {% trans 'Please contact your administrator.' %}
diff --git a/cookbook/urls.py b/cookbook/urls.py index c446a1b6a..4f0557033 100644 --- a/cookbook/urls.py +++ b/cookbook/urls.py @@ -41,6 +41,7 @@ urlpatterns = [ path('setup/', views.setup, name='view_setup'), path('no-group', views.no_groups, name='view_no_group'), path('no-space', views.no_space, name='view_no_space'), + path('no-perm', views.no_perm, name='view_no_perm'), path('signup/', views.signup, name='view_signup'), path('system/', views.system, name='view_system'), path('search/', views.search, name='view_search'), diff --git a/cookbook/views/api.py b/cookbook/views/api.py index a4add1ccd..59c8b2615 100644 --- a/cookbook/views/api.py +++ b/cookbook/views/api.py @@ -289,13 +289,14 @@ class RecipeViewSet(viewsets.ModelViewSet, StandardFilterMixin): permission_classes = [CustomIsShare | CustomIsGuest] def get_queryset(self): - queryset = self.queryset.filter(space=self.request.user.userpreference.space) + if self.request.space: + self.queryset = self.queryset.filter(space=self.request.space) internal = self.request.query_params.get('internal', None) if internal: - queryset = queryset.filter(internal=True) + self.queryset = self.queryset.filter(internal=True) - return queryset + return self.queryset # TODO write extensive tests for permissions diff --git a/cookbook/views/views.py b/cookbook/views/views.py index 748861456..d2f2faefc 100644 --- a/cookbook/views/views.py +++ b/cookbook/views/views.py @@ -50,15 +50,12 @@ def index(request): return HttpResponseRedirect(page_map.get(request.user.userpreference.default_page)) except UserPreference.DoesNotExist: - return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path) + return HttpResponseRedirect(reverse('view_search')) def search(request): if has_group_permission(request.user, ('guest',)): - f = RecipeFilter( - request.GET, - queryset=Recipe.objects.filter(space=request.user.userpreference.space).all().order_by('name') - ) + f = RecipeFilter(request.GET, queryset=Recipe.objects.filter(space=request.user.userpreference.space).all().order_by('name')) if request.user.userpreference.search_style == UserPreference.LARGE: table = RecipeTable(f.qs) @@ -82,7 +79,10 @@ def search(request): return render(request, 'index.html', {'recipes': table, 'filter': f, 'last_viewed': last_viewed}) else: - return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path) + if request.user.is_authenticated: + return HttpResponseRedirect(reverse('view_no_group')) + else: + return HttpResponseRedirect(reverse('account_login') + '?next=' + request.path) def no_groups(request): @@ -93,76 +93,58 @@ def no_space(request): return render(request, 'no_space_info.html') +def no_perm(request): + return render(request, 'no_perm_info.html') + + def recipe_view(request, pk, share=None): with scopes_disabled(): recipe = get_object_or_404(Recipe, pk=pk) - if not (has_group_permission(request.user, ('guest',)) and recipe.space == request.space) and not share_link_valid(recipe, share): - messages.add_message(request, messages.ERROR, _('You do not have the required permissions to view this page!')) - return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path) + if not request.user.is_authenticated and not share_link_valid(recipe, share): + messages.add_message(request, messages.ERROR, _('You do not have the required permissions to view this page!')) + return HttpResponseRedirect(reverse('account_login') + '?next=' + request.path) - comments = Comment.objects.filter(recipe__space=request.space, recipe=recipe) + if not (has_group_permission(request.user, ('guest',)) and recipe.space == request.space) and not share_link_valid(recipe, share): + messages.add_message(request, messages.ERROR, _('You do not have the required permissions to view this page!')) + return HttpResponseRedirect(reverse('index')) - if request.method == "POST": - if not request.user.is_authenticated: - messages.add_message( - request, - messages.ERROR, - _('You do not have the required permissions to perform this action!') # noqa: E501 - ) - return HttpResponseRedirect( - reverse( - 'view_recipe', - kwargs={'pk': recipe.pk, 'share': share} - ) - ) + comments = Comment.objects.filter(recipe__space=request.space, recipe=recipe) - comment_form = CommentForm(request.POST, prefix='comment') - if comment_form.is_valid(): - comment = Comment() - comment.recipe = recipe - comment.text = comment_form.cleaned_data['text'] - comment.created_by = request.user + if request.method == "POST": + if not request.user.is_authenticated: + messages.add_message(request, messages.ERROR, _('You do not have the required permissions to perform this action!')) + return HttpResponseRedirect(reverse('view_recipe', kwargs={'pk': recipe.pk, 'share': share})) - comment.save() + comment_form = CommentForm(request.POST, prefix='comment') + if comment_form.is_valid(): + comment = Comment() + comment.recipe = recipe + comment.text = comment_form.cleaned_data['text'] + comment.created_by = request.user + comment.save() - messages.add_message( - request, messages.SUCCESS, _('Comment saved!') - ) + messages.add_message(request, messages.SUCCESS, _('Comment saved!')) - bookmark_form = RecipeBookEntryForm(request.POST, prefix='bookmark', space=request.space) - if bookmark_form.is_valid(): - bookmark = RecipeBookEntry() - bookmark.recipe = recipe - bookmark.book = bookmark_form.cleaned_data['book'] + comment_form = CommentForm() - try: - bookmark.save() - except IntegrityError as e: - if 'UNIQUE constraint' in str(e.args): - messages.add_message(request, messages.ERROR, _('This recipe is already linked to the book!')) - else: - messages.add_message(request, messages.SUCCESS, _('Bookmark saved!')) + user_servings = None + if request.user.is_authenticated: + user_servings = CookLog.objects.filter( + recipe=recipe, + created_by=request.user, + servings__gt=0, + space=request.space, + ).all().aggregate(Avg('servings'))['servings__avg'] - comment_form = CommentForm() + if not user_servings: + user_servings = 0 - user_servings = None - if request.user.is_authenticated: - user_servings = CookLog.objects.filter( - recipe=recipe, - created_by=request.user, - servings__gt=0, - space=request.space, - ).all().aggregate(Avg('servings'))['servings__avg'] + if request.user.is_authenticated: + if not ViewLog.objects.filter(recipe=recipe, created_by=request.user, created_at__gt=(timezone.now() - timezone.timedelta(minutes=5)), space=request.space).exists(): + ViewLog.objects.create(recipe=recipe, created_by=request.user, space=request.space) - if not user_servings: - user_servings = 0 - - if request.user.is_authenticated: - if not ViewLog.objects.filter(recipe=recipe, created_by=request.user, created_at__gt=(timezone.now() - timezone.timedelta(minutes=5)), space=request.space).exists(): - ViewLog.objects.create(recipe=recipe, created_by=request.user, space=request.space) - - return render(request, 'recipe_view.html', {'recipe': recipe, 'comments': comments, 'comment_form': comment_form, 'share': share, 'user_servings': user_servings}) + return render(request, 'recipe_view.html', {'recipe': recipe, 'comments': comments, 'comment_form': comment_form, 'share': share, 'user_servings': user_servings}) @group_required('user')