Merge branch 'develop' into dependabot/pip/cryptography-41.0.2

cookbook/helper/permission_helper.py

@@ -322,7 +322,7 @@ class CustomRecipePermission(permissions.BasePermission):
 
     def has_permission(self, request, view):  # user is either at least a guest or a share link is given and the request is safe
         share = request.query_params.get('share', None)
-        return has_group_permission(request.user, ['guest']) or (share and request.method in SAFE_METHODS and 'pk' in view.kwargs)
+        return ((has_group_permission(request.user, ['guest']) and request.method in SAFE_METHODS) or has_group_permission(request.user, ['user'])) or (share and request.method in SAFE_METHODS and 'pk' in view.kwargs)
 
     def has_object_permission(self, request, view, obj):
         share = request.query_params.get('share', None)
@@ -332,7 +332,7 @@ class CustomRecipePermission(permissions.BasePermission):
             if obj.private:
                 return ((obj.created_by == request.user) or (request.user in obj.shared.all())) and obj.space == request.space
             else:
-                return has_group_permission(request.user, ['guest']) and obj.space == request.space
+                return ((has_group_permission(request.user, ['guest']) and request.method in SAFE_METHODS) or has_group_permission(request.user, ['user'])) and obj.space == request.space
 
 
 class CustomUserPermission(permissions.BasePermission):

cookbook/serializer.py

@@ -478,7 +478,7 @@ class UnitSerializer(UniqueFieldsMixin, ExtendedRecipeMixin, OpenDataModelMixin)
 
     class Meta:
         model = Unit
-        fields = ('id', 'name', 'plural_name', 'description', 'numrecipe', 'image', 'open_data_slug')
+        fields = ('id', 'name', 'plural_name', 'description', 'base_unit', 'numrecipe', 'image', 'open_data_slug')
         read_only_fields = ('id', 'numrecipe', 'image')
 
 

cookbook/tests/api/test_api_recipe.py

@@ -81,10 +81,10 @@ def test_share_permission(recipe_1_s1, u1_s1, u1_s2, u2_s1, a_u):
 
 @pytest.mark.parametrize("arg", [
     ['a_u', 403],
-    ['g1_s1', 200],
+    ['g1_s1', 403],
     ['u1_s1', 200],
     ['a1_s1', 200],
-    ['g1_s2', 404],
+    ['g1_s2', 403],
     ['u1_s2', 404],
     ['a1_s2', 404],
 ])
@@ -140,7 +140,7 @@ def test_update_private_recipe(u1_s1, u2_s1, recipe_1_s1):
 
 @pytest.mark.parametrize("arg", [
     ['a_u', 403],
-    ['g1_s1', 201],
+    ['g1_s1', 403],
     ['u1_s1', 201],
     ['a1_s1', 201],
 ])

cookbook/tests/api/test_api_space.py

@@ -15,9 +15,9 @@ DETAIL_URL = 'api:space-detail'
 @pytest.mark.parametrize("arg", [
     ['a_u', 403, 0],
     ['g1_s1', 403, 0],
-    ['u1_s1', 403, 0],
+    ['u1_s1', 200, 1],
     ['a1_s1', 200, 1],
-    ['a2_s1', 200, 0],
+    ['a2_s1', 200, 1],
 ])
 def test_list_permission(arg, request, space_1, a1_s1):
     space_1.created_by = auth.get_user(a1_s1)
@@ -29,16 +29,6 @@ def test_list_permission(arg, request, space_1, a1_s1):
         assert len(json.loads(result.content)) == arg[2]
 
 
-def test_list_permission_owner(u1_s1, a1_s1, space_1):
-    space_1.created_by = auth.get_user(a1_s1)
-    space_1.save()
-    assert len(json.loads(a1_s1.get(reverse(LIST_URL)).content)) == 1
-    assert u1_s1.get(reverse(LIST_URL)).status_code == 403
-    space_1.created_by = auth.get_user(u1_s1)
-    space_1.save()
-    assert u1_s1.get(reverse(LIST_URL)).status_code == 403
-
-
 @pytest.mark.parametrize("arg", [
     ['a_u', 403],
     ['g1_s1', 403],

cookbook/views/api.py

@@ -60,7 +60,7 @@ from cookbook.helper.permission_helper import (CustomIsAdmin, CustomIsOwner,
                                                CustomIsSpaceOwner, CustomIsUser, group_required,
                                                is_space_owner, switch_user_active_space, above_space_limit,
                                                CustomRecipePermission, CustomUserPermission,
-                                               CustomTokenHasReadWriteScope, CustomTokenHasScope, has_group_permission)
+                                               CustomTokenHasReadWriteScope, CustomTokenHasScope, has_group_permission, IsReadOnlyDRF)
 from cookbook.helper.recipe_search import RecipeFacet, RecipeSearch
 from cookbook.helper.recipe_url_import import get_from_youtube_scraper, get_images_from_soup, clean_dict
 from cookbook.helper.scrapers.scrapers import text_scraper
@@ -402,11 +402,11 @@ class GroupViewSet(viewsets.ModelViewSet):
 class SpaceViewSet(viewsets.ModelViewSet):
     queryset = Space.objects
     serializer_class = SpaceSerializer
-    permission_classes = [CustomIsOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
+    permission_classes = [IsReadOnlyDRF & CustomIsUser | CustomIsOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
     http_method_names = ['get', 'patch']
 
     def get_queryset(self):
-        return self.queryset.filter(id=self.request.space.id, created_by=self.request.user)
+        return self.queryset.filter(id=self.request.space.id)
 
 
 class UserSpaceViewSet(viewsets.ModelViewSet):

requirements.txt

@@ -1,5 +1,5 @@
-Django==4.1.9
+Django==4.1.10
-cryptography==41.0.2
+cryptography===41.0.2
 django-annoying==0.10.6
 django-autocomplete-light==3.9.4
 django-cleanup==7.0.0

vue/src/i18n.js

@@ -4,6 +4,8 @@ import VueI18n from 'vue-i18n'
 Vue.use(VueI18n)
 
 function loadLocaleMessages () {
+  const start_time = Date.now();
+  console.log('started loading locale messages')
   const locales = require.context('./locales', true, /[A-Za-z0-9-_,\s]+\.json$/i)
   const messages = {}
   locales.keys().forEach(key => {
@@ -13,6 +15,7 @@ function loadLocaleMessages () {
       messages[locale] = locales(key)
     }
   })
+  console.log('finished loading messages in ', Date.now() - start_time, ' ms')
   return messages
 }
 

vue/src/locales/de.json

@@ -140,6 +140,7 @@
     "advanced_search_settings": "Erweiterte Sucheinstellungen",
     "View": "Ansicht",
     "Recipes": "Rezepte",
+    "Welcome": "Willkommen",
     "Move": "Verschieben",
     "Merge": "Zusammenführen",
     "Parent": "Eltern",

vue/src/locales/en.json

@@ -148,6 +148,7 @@
     "Search Settings": "Search Settings",
     "View": "View",
     "Recipes": "Recipes",
+    "Welcome": "Welcome",
     "Move": "Move",
     "Merge": "Merge",
     "Parent": "Parent",
@@ -491,6 +492,26 @@
     "Combine_All_Steps": "Combine all steps into a single field.",
     "Plural": "Plural",
     "plural_short": "plural",
+
+    "g": "gram [g] (metric, weight)",
+    "kg": "kilogram [kg] (metric, weight)",
+    "ounce": "ounce [oz] (weight)",
+    "pound": "pound (weight)",
+    "ml": "millilitre [ml] (metric, volume)",
+    "l": "litre [l] (metric, volume)",
+    "fluid_ounce": "fluid ounce [fl oz] (US, volume)",
+    "pint": "pint [pt] (US, volume)",
+    "quart": "quart [qt] (US, volume)",
+    "gallon": "gallon [gal] (US, volume)",
+    "tbsp": "tablespoon [tbsp] (US, volume)",
+    "tsp": "teaspoon [tsp] (US, volume)",
+    "imperial_fluid_ounce": "imperial fluid ounce [imp fl oz] (UK, volume)",
+    "imperial_pint": "imperial pint [imp pt] (UK, volume)",
+    "imperial_quart": "imperial quart [imp qt] (UK, volume)",
+    "imperial_gallon": "imperial gal [imp gal] (UK, volume)",
+    "imperial_tbsp": "imperial tablespoon [imp tbsp] (UK, volume)",
+    "imperial_tsp": "imperial teaspoon [imp tsp] (UK, volume)",
+
     "Use_Plural_Unit_Always": "Use plural form for unit always",
     "Use_Plural_Unit_Simple": "Use plural form for unit dynamically",
     "Use_Plural_Food_Always": "Use plural form for food always",

vue/src/utils/models.js

@@ -281,7 +281,7 @@ export class Models {
         apiName: "Unit",
         paginated: true,
         create: {
-            params: [["name", "plural_name", "description", "open_data_slug",]],
+            params: [["name", "plural_name", "description", "base_unit","open_data_slug",]],
             form: {
                 show_help: true,
                 name: {
@@ -307,6 +307,34 @@ export class Models {
                     placeholder: "",
                     optional: true,
                 },
+                base_unit: {
+                    form_field: true,
+                    type: "choice",
+                    options: [
+                        {value: "g", text: "g"},
+                        {value: "kg", text: "kg"},
+                        {value: "ounce", text: "ounce"},
+                        {value: "pound", text: "pound"},
+                        {value: "ml", text: "ml"},
+                        {value: "l", text: "l"},
+                        {value: "fluid_ounce", text: "fluid_ounce"},
+                        {value: "pint", text: "pint"},
+                        {value: "quart", text: "quart"},
+                        {value: "gallon", text: "gallon"},
+                        {value: "tbsp", text: "tbsp"},
+                        {value: "tsp", text: "tsp"},
+                        {value: "imperial_fluid_ounce", text: "imperial_fluid_ounce"},
+                        {value: "imperial_pint", text: "imperial_pint"},
+                        {value: "imperial_quart", text: "imperial_quart"},
+                        {value: "imperial_gallon", text: "imperial_gallon"},
+                        {value: "imperial_tbsp", text: "imperial_tbsp"},
+                        {value: "imperial_tsp", text: "imperial_tsp"},
+                    ],
+                    field: "base_unit",
+                    label: "Base Unit",
+                    placeholder: "",
+                    optional: true,
+                },
                 open_data_slug: {
                     form_field: true,
                     type: "text",

vue/yarn.lock

@@ -9769,19 +9769,19 @@ selfsigned@^2.1.1:
     node-forge "^1"
 
 "semver@2 || 3 || 4 || 5", semver@^5.5.0, semver@^5.6.0:
-  version "5.7.1"
+  version "5.7.2"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8"
-  integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
+  integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==
 
 semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0:
-  version "6.3.0"
+  version "6.3.1"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
-  integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
+  integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==
 
 semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8:
-  version "7.5.2"
+  version "7.5.4"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e"
-  integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==
+  integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==
   dependencies:
     lru-cache "^6.0.0"