mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-11-14 16:55:42 +00:00
Merge branch 'public-corpus' of gitlab.ub.uni-bielefeld.de:sfb1288inf/nopaque into public-corpus
This commit is contained in:
commit
144bb38d75
@ -9,14 +9,13 @@ def corpus_follower_permission_required(*permissions):
|
|||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
corpus_id = kwargs.get('corpus_id')
|
corpus_id = kwargs.get('corpus_id')
|
||||||
corpus = Corpus.query.get_or_404(corpus_id)
|
cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first()
|
||||||
if current_user == corpus.user or current_user.is_administrator():
|
if cfa is None:
|
||||||
return f(*args, **kwargs)
|
|
||||||
if not current_user.is_following_corpus(corpus):
|
|
||||||
abort(403)
|
|
||||||
corpus_follower_association = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first_or_404()
|
|
||||||
if not all([corpus_follower_association.role.has_permission(p) for p in permissions]):
|
|
||||||
abort(403)
|
abort(403)
|
||||||
|
corpus = cfa.corpus
|
||||||
|
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||||
|
if not all([cfa.role.has_permission(p) for p in permissions]):
|
||||||
|
abort(403)
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
return decorated_function
|
return decorated_function
|
||||||
return decorator
|
return decorator
|
||||||
@ -27,8 +26,8 @@ def corpus_owner_or_admin_required(f):
|
|||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
corpus_id = kwargs.get('corpus_id')
|
corpus_id = kwargs.get('corpus_id')
|
||||||
corpus = Corpus.query.get_or_404(corpus_id)
|
corpus = Corpus.query.get_or_404(corpus_id)
|
||||||
if current_user == corpus.user or current_user.is_administrator():
|
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||||
return f(*args, **kwargs)
|
abort(403)
|
||||||
abort(403)
|
return f(*args, **kwargs)
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
from flask import current_app
|
from flask import abort, current_app
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
from app import db
|
from app import db
|
||||||
from app.decorators import content_negotiation
|
from app.decorators import content_negotiation
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
from flask import abort, request
|
from flask import abort, request
|
||||||
from flask_login import current_user
|
|
||||||
from app import db
|
from app import db
|
||||||
from app.decorators import content_negotiation
|
from app.decorators import content_negotiation
|
||||||
from app.models import (
|
from app.models import (
|
||||||
@ -8,12 +7,12 @@ from app.models import (
|
|||||||
CorpusFollowerRole,
|
CorpusFollowerRole,
|
||||||
User
|
User
|
||||||
)
|
)
|
||||||
from ..decorators import corpus_owner_or_admin_required
|
from ..decorators import corpus_follower_permission_required
|
||||||
from . import bp
|
from . import bp
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/followers', methods=['POST'])
|
@bp.route('/<hashid:corpus_id>/followers', methods=['POST'])
|
||||||
@corpus_owner_or_admin_required
|
@corpus_follower_permission_required('ADD_FOLLOWER')
|
||||||
@content_negotiation(consumes='application/json', produces='application/json')
|
@content_negotiation(consumes='application/json', produces='application/json')
|
||||||
def create_corpus_followers(corpus_id):
|
def create_corpus_followers(corpus_id):
|
||||||
usernames = request.json
|
usernames = request.json
|
||||||
@ -32,7 +31,7 @@ def create_corpus_followers(corpus_id):
|
|||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/role', methods=['PUT'])
|
@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/role', methods=['PUT'])
|
||||||
@corpus_owner_or_admin_required
|
@corpus_follower_permission_required('UPDATE_FOLLOWER')
|
||||||
@content_negotiation(consumes='application/json', produces='application/json')
|
@content_negotiation(consumes='application/json', produces='application/json')
|
||||||
def update_corpus_follower_role(corpus_id, follower_id):
|
def update_corpus_follower_role(corpus_id, follower_id):
|
||||||
role_name = request.json
|
role_name = request.json
|
||||||
@ -52,19 +51,17 @@ def update_corpus_follower_role(corpus_id, follower_id):
|
|||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>', methods=['DELETE'])
|
@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>', methods=['DELETE'])
|
||||||
|
@corpus_follower_permission_required('REMOVE_FOLLOWER')
|
||||||
@content_negotiation(produces='application/json')
|
@content_negotiation(produces='application/json')
|
||||||
def delete_corpus_follower(corpus_id, follower_id):
|
def delete_corpus_follower(corpus_id, follower_id):
|
||||||
corpus = Corpus.query.get_or_404(corpus_id)
|
cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404()
|
||||||
follower = User.query.get_or_404(follower_id)
|
cfa.follower.unfollow_corpus(cfa.corpus)
|
||||||
if not (corpus.user == current_user or follower == current_user or current_user.is_administrator()):
|
|
||||||
abort(403)
|
|
||||||
if not follower.is_following_corpus(corpus):
|
|
||||||
abort(409)
|
|
||||||
follower.unfollow_corpus(corpus)
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
response_data = {
|
response_data = {
|
||||||
'message': \
|
'message': (
|
||||||
f'"{follower.username}" is not following "{corpus.title}" anymore',
|
f'"{cfa.follower.username}" is not following '
|
||||||
|
f'"{cfa.corpus.title}" anymore'
|
||||||
|
),
|
||||||
'category': 'corpus'
|
'category': 'corpus'
|
||||||
}
|
}
|
||||||
return response_data, 200
|
return response_data, 200
|
||||||
|
@ -2,11 +2,11 @@ from datetime import datetime
|
|||||||
from flask import abort, current_app, request, url_for
|
from flask import abort, current_app, request, url_for
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
from .decorators import corpus_follower_permission_required, corpus_owner_or_admin_required
|
from app import db
|
||||||
from app import db, hashids
|
|
||||||
from app.decorators import content_negotiation
|
from app.decorators import content_negotiation
|
||||||
from app.models import Corpus, CorpusFollowerRole
|
from app.models import Corpus, CorpusFollowerRole
|
||||||
from . import bp
|
from . import bp
|
||||||
|
from .decorators import corpus_follower_permission_required, corpus_owner_or_admin_required
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>', methods=['DELETE'])
|
@bp.route('/<hashid:corpus_id>', methods=['DELETE'])
|
||||||
@ -58,10 +58,9 @@ def build_corpus(corpus_id):
|
|||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/generate-share-link', methods=['POST'])
|
@bp.route('/<hashid:corpus_id>/generate-share-link', methods=['POST'])
|
||||||
@corpus_follower_permission_required('GENERATE_SHARE_LINK')
|
@corpus_follower_permission_required('ADD_FOLLOWER')
|
||||||
@content_negotiation(consumes='application/json', produces='application/json')
|
@content_negotiation(consumes='application/json', produces='application/json')
|
||||||
def generate_corpus_share_link(corpus_id):
|
def generate_corpus_share_link(corpus_id):
|
||||||
corpus_hashid = hashids.encode(corpus_id)
|
|
||||||
data = request.json
|
data = request.json
|
||||||
if not isinstance(data, dict):
|
if not isinstance(data, dict):
|
||||||
abort(400)
|
abort(400)
|
||||||
@ -75,7 +74,8 @@ def generate_corpus_share_link(corpus_id):
|
|||||||
cfr = CorpusFollowerRole.query.filter_by(name=role_name).first()
|
cfr = CorpusFollowerRole.query.filter_by(name=role_name).first()
|
||||||
if cfr is None:
|
if cfr is None:
|
||||||
abort(400)
|
abort(400)
|
||||||
token = current_user.generate_follow_corpus_token(corpus_hashid, role_name, expiration_date)
|
corpus = Corpus.query.get_or_404(corpus_id)
|
||||||
|
token = current_user.generate_follow_corpus_token(corpus.hashid, role_name, expiration_date)
|
||||||
corpus_share_link = url_for(
|
corpus_share_link = url_for(
|
||||||
'corpora.follow_corpus',
|
'corpora.follow_corpus',
|
||||||
corpus_id=corpus_id,
|
corpus_id=corpus_id,
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
from flask import abort, flash, redirect, render_template, url_for
|
from flask import abort, flash, redirect, render_template, url_for
|
||||||
from flask_breadcrumbs import register_breadcrumb
|
from flask_breadcrumbs import register_breadcrumb
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
from .decorators import corpus_follower_permission_required
|
|
||||||
from app import db
|
from app import db
|
||||||
from app.models import (
|
from app.models import (
|
||||||
Corpus,
|
Corpus,
|
||||||
@ -10,6 +9,7 @@ from app.models import (
|
|||||||
User
|
User
|
||||||
)
|
)
|
||||||
from . import bp
|
from . import bp
|
||||||
|
from .decorators import corpus_follower_permission_required
|
||||||
from .forms import CreateCorpusForm
|
from .forms import CreateCorpusForm
|
||||||
from .utils import (
|
from .utils import (
|
||||||
corpus_endpoint_arguments_constructor as corpus_eac,
|
corpus_endpoint_arguments_constructor as corpus_eac,
|
||||||
@ -73,8 +73,8 @@ def corpus(corpus_id):
|
|||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/analyse')
|
@bp.route('/<hashid:corpus_id>/analyse')
|
||||||
@register_breadcrumb(bp, '.entity.analyse', 'Analyse', endpoint_arguments_constructor=corpus_eac)
|
|
||||||
@corpus_follower_permission_required('VIEW')
|
@corpus_follower_permission_required('VIEW')
|
||||||
|
@register_breadcrumb(bp, '.entity.analyse', 'Analyse', endpoint_arguments_constructor=corpus_eac)
|
||||||
def analyse_corpus(corpus_id):
|
def analyse_corpus(corpus_id):
|
||||||
corpus = Corpus.query.get_or_404(corpus_id)
|
corpus = Corpus.query.get_or_404(corpus_id)
|
||||||
return render_template(
|
return render_template(
|
||||||
@ -101,6 +101,7 @@ def import_corpus():
|
|||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/export')
|
@bp.route('/<hashid:corpus_id>/export')
|
||||||
|
@corpus_follower_permission_required('VIEW')
|
||||||
@register_breadcrumb(bp, '.entity.export', 'Export', endpoint_arguments_constructor=corpus_eac)
|
@register_breadcrumb(bp, '.entity.export', 'Export', endpoint_arguments_constructor=corpus_eac)
|
||||||
def export_corpus(corpus_id):
|
def export_corpus(corpus_id):
|
||||||
abort(503)
|
abort(503)
|
||||||
|
@ -116,9 +116,9 @@ class CorpusFollowerPermission(IntEnum):
|
|||||||
ADD_CORPUS_FILE = 2
|
ADD_CORPUS_FILE = 2
|
||||||
UPDATE_CORPUS_FILE = 4
|
UPDATE_CORPUS_FILE = 4
|
||||||
REMOVE_CORPUS_FILE = 8
|
REMOVE_CORPUS_FILE = 8
|
||||||
GENERATE_SHARE_LINK = 16
|
ADD_FOLLOWER = 16
|
||||||
REMOVE_FOLLOWER = 32
|
UPDATE_FOLLOWER = 32
|
||||||
UPDATE_FOLLOWER = 64
|
REMOVE_FOLLOWER = 64
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get(corpus_follower_permission: Union['CorpusFollowerPermission', int, str]) -> 'CorpusFollowerPermission':
|
def get(corpus_follower_permission: Union['CorpusFollowerPermission', int, str]) -> 'CorpusFollowerPermission':
|
||||||
@ -448,9 +448,9 @@ class CorpusFollowerRole(HashidMixin, db.Model):
|
|||||||
CorpusFollowerPermission.ADD_CORPUS_FILE,
|
CorpusFollowerPermission.ADD_CORPUS_FILE,
|
||||||
CorpusFollowerPermission.UPDATE_CORPUS_FILE,
|
CorpusFollowerPermission.UPDATE_CORPUS_FILE,
|
||||||
CorpusFollowerPermission.REMOVE_CORPUS_FILE,
|
CorpusFollowerPermission.REMOVE_CORPUS_FILE,
|
||||||
CorpusFollowerPermission.GENERATE_SHARE_LINK,
|
CorpusFollowerPermission.ADD_FOLLOWER,
|
||||||
CorpusFollowerPermission.REMOVE_FOLLOWER,
|
CorpusFollowerPermission.UPDATE_FOLLOWER,
|
||||||
CorpusFollowerPermission.UPDATE_FOLLOWER
|
CorpusFollowerPermission.REMOVE_FOLLOWER
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
default_role_name = 'Viewer'
|
default_role_name = 'Viewer'
|
||||||
|
Loading…
Reference in New Issue
Block a user