fixed external recipes not sharable

cookbook/templates/pdf_viewer.html

@@ -5,7 +5,8 @@
     <meta charset="UTF-8">
     <title>PDF</title>
 
-    <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>PDF</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>PDF</title>
     <style>
         html, body {
             height: 100%;
@@ -23,9 +24,13 @@
     </style>
 
 </head>
-<body >
+<body>
 
-    <iframe  src="{% static 'pdfjs/web/viewer.html' %}?file={% url 'api_get_recipe_file' recipe_id %}" ></iframe>
+{% if share %}
+    <iframe src="{% static 'pdfjs/web/viewer.html' %}?file={% url 'api_get_recipe_file' recipe_id %}?share={{ share }}"></iframe>
+{% else %}
+    <iframe src="{% static 'pdfjs/web/viewer.html' %}?file={% url 'api_get_recipe_file' recipe_id %}"></iframe>
+{% endif %}
 
 </body>
 </html>

cookbook/urls.py

@@ -114,8 +114,8 @@ urlpatterns = [
     path('api/import/', api.AppImportView.as_view(), name='view_import'),
     path('api/export/', api.AppExportView.as_view(), name='api_export'),
     path('data/import/url', data.import_url, name='data_import_url'),
-    path('api/get_external_file_link/<int:recipe_id>/', api.get_external_file_link, name='api_get_external_file_link'),
-    path('api/get_recipe_file/<int:recipe_id>/', api.get_recipe_file, name='api_get_recipe_file'),
+    path('api/get_external_file_link/<int:pk>/', api.get_external_file_link, name='api_get_external_file_link'),
+    path('api/get_recipe_file/<int:pk>/', api.get_recipe_file, name='api_get_recipe_file'),
     path('api/sync_all/', api.sync_all, name='api_sync'),
     path('api/recipe-from-source/', api.RecipeUrlImportView.as_view(), name='api_recipe_from_source'),
     path('api/ai-import/', api.AiImportView.as_view(), name='api_ai_import'),

cookbook/views/api.py

@@ -2283,8 +2283,8 @@ def get_recipe_provider(recipe):
 )
 @api_view(['GET'])
 @permission_classes([CustomIsUser & CustomTokenHasReadWriteScope])
-def get_external_file_link(request, recipe_id):
-    recipe = get_object_or_404(Recipe, pk=recipe_id, space=request.space)
+def get_external_file_link(request, pk):
+    recipe = get_object_or_404(Recipe, pk=pk, space=request.space)
     if not recipe.link:
         recipe.link = get_recipe_provider(recipe).get_share_link(recipe)
         recipe.save()
@@ -2297,9 +2297,9 @@ def get_external_file_link(request, recipe_id):
     responses=None,
 )
 @api_view(['GET'])
-@permission_classes([(CustomIsGuest | CustomIsUser) & CustomTokenHasReadWriteScope])
-def get_recipe_file(request, recipe_id):
-    recipe = get_object_or_404(Recipe, pk=recipe_id, space=request.space)
+@permission_classes([CustomRecipePermission & CustomTokenHasReadWriteScope])
+def get_recipe_file(request, pk):
+    recipe = get_object_or_404(Recipe, pk=pk) # space check handled by CustomRecipePermission
     if recipe.storage:
         return FileResponse(get_recipe_provider(recipe).get_file(recipe), filename=f'{recipe.name}.pdf')
     else:

cookbook/views/views.py

@@ -24,6 +24,7 @@ from django.utils.datetime_safe import date
 from django.utils.translation import gettext as _
 from django_scopes import scopes_disabled
 from drf_spectacular.views import SpectacularRedocView, SpectacularSwaggerView
+from rest_framework.response import Response
 
 from cookbook.forms import CommentForm, Recipe, SearchPreferenceForm, SpaceCreateForm, SpaceJoinForm, User, UserCreateForm, UserPreference
 from cookbook.helper.HelperFunctions import str2bool
@@ -197,10 +198,14 @@ def meal_plan(request):
     return render(request, 'meal_plan.html', {})
 
 
-@group_required('guest')
 def recipe_pdf_viewer(request, pk):
-    recipe = get_object_or_404(Recipe, pk=pk, space=request.space)
-    return render(request, 'pdf_viewer.html', {'recipe_id': pk})
+    with scopes_disabled():
+        recipe = get_object_or_404(Recipe, pk=pk)
+        if share_link_valid(recipe, request.GET.get('share', None)) or (has_group_permission(
+                request.user, ['guest']) and recipe.space == request.space):
+
+            return render(request, 'pdf_viewer.html', {'recipe_id': pk, 'share': request.GET.get('share', None)})
+        return HttpResponseRedirect(reverse('index'))
 
 
 @group_required('guest')