Merge branch 'develop' into feature/vue3

# Conflicts: # cookbook/views/api.py # vue/src/utils/models.js
2026-01-01 12:18:45 -05:00 · 2024-08-20 11:54:19 +02:00
parent 6a3534da76 f6f6754669
commit b5e0055876
91 changed files with 6344 additions and 2937 deletions
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -14,7 +14,6 @@ from zipfile import ZipFile

 import PIL.Image
 import requests
-import validators
 from PIL import UnidentifiedImageError
 from django.contrib import messages
 from django.contrib.auth.models import Group, User
@@ -57,7 +56,7 @@ from treebeard.exceptions import InvalidMoveToDescendant, InvalidPosition, PathO

 from cookbook.forms import ImportForm
 from cookbook.helper import recipe_url_import as helper
-from cookbook.helper.HelperFunctions import str2bool
+from cookbook.helper.HelperFunctions import str2bool, validate_import_url
 from cookbook.helper.image_processing import handle_image
 from cookbook.helper.ingredient_parser import IngredientParser
 from cookbook.helper.open_data_importer import OpenDataImporter
@@ -419,8 +418,7 @@ class GroupViewSet(viewsets.ModelViewSet):
 class SpaceViewSet(viewsets.ModelViewSet):
    queryset = Space.objects
    serializer_class = SpaceSerializer
-    permission_classes = [IsReadOnlyDRF & CustomIsUser | CustomIsOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
-    pagination_disabled = True
+    permission_classes = [IsReadOnlyDRF & CustomIsGuest | CustomIsOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
    http_method_names = ['get', 'patch']

    def get_queryset(self):
@@ -546,7 +544,7 @@ class KeywordViewSet(TreeMixin):
    queryset = Keyword.objects
    model = Keyword
    serializer_class = KeywordSerializer
-    permission_classes = [CustomIsUser & CustomTokenHasReadWriteScope]
+    permission_classes = [(CustomIsGuest & IsReadOnlyDRF | CustomIsUser) & CustomTokenHasReadWriteScope]
    pagination_class = DefaultPagination


@@ -574,7 +572,7 @@ class FoodViewSet(TreeMixin):
    queryset = Food.objects
    model = Food
    serializer_class = FoodSerializer
-    permission_classes = [CustomIsUser & CustomTokenHasReadWriteScope]
+    permission_classes = [(CustomIsGuest & IsReadOnlyDRF | CustomIsUser) & CustomTokenHasReadWriteScope]
    pagination_class = DefaultPagination

    def get_queryset(self):
@@ -1046,7 +1044,7 @@ class RecipeViewSet(viewsets.ModelViewSet):
            elif 'image_url' in serializer.validated_data:
                try:
                    url = serializer.validated_data['image_url']
-                    if validators.url(url, public=True):
+                    if validate_import_url(url):
                        response = requests.get(url, headers={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"})
                        image = File(io.BytesIO(response.content))
                        filetype = mimetypes.guess_extension(response.headers['content-type']) or filetype
@@ -1480,7 +1478,7 @@ class RecipeUrlImportView(APIView):

            elif url and not data:
                if re.match('^(https?://)?(www\\.youtube\\.com|youtu\\.be)/.+$', url):
-                    if validators.url(url, public=True):
+                    if validate_import_url(url):
                        return Response({'recipe_json': get_from_youtube_scraper(url, request), 'recipe_images': [], }, status=status.HTTP_200_OK)
                if re.match('^(.)*/view/recipe/[0-9]+/[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$', url):
                    recipe_json = requests.get(
@@ -1490,7 +1488,7 @@ class RecipeUrlImportView(APIView):
                    serialized_recipe = RecipeExportSerializer(data=recipe_json, context={'request': request})
                    if serialized_recipe.is_valid():
                        recipe = serialized_recipe.save()
-                        if validators.url(recipe_json['image'], public=True):
+                        if validate_import_url(recipe_json['image']):
                            recipe.image = File(handle_image(request,
                                                             File(io.BytesIO(requests.get(recipe_json['image']).content), name='image'),
                                                             filetype=pathlib.Path(recipe_json['image']).suffix),
@@ -1499,7 +1497,7 @@ class RecipeUrlImportView(APIView):
                        return Response({'link': request.build_absolute_uri(reverse('view_recipe', args={recipe.pk}))}, status=status.HTTP_201_CREATED)
                else:
                    try:
-                        if validators.url(url, public=True):
+                        if validate_import_url(url):
                            html = requests.get(
                                url,
                                headers={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0"}