Merge branch 'development' into public-corpus

2025-11-04 04:12:45 +00:00 · 2023-02-09 11:54:58 +01:00
parent f06508b412 71d13d482b
commit 4d227415d9
5 changed files with 301 additions and 182 deletions
--- a/app/corpora/cqi_over_socketio/init.py
+++ b/app/corpora/cqi_over_socketio/init.py
@@ -62,7 +62,9 @@ def connect(auth):
    if corpus is None:
        # return {'code': 404, 'msg': 'Not Found'}
        raise ConnectionRefusedError('Not Found')
-    if not (corpus.user == current_user or current_user.is_administrator()):
+    if not (corpus.user == current_user
+            or current_user.is_following_corpus(corpus)
+            or current_user.is_administrator()):
        # return {'code': 403, 'msg': 'Forbidden'}
        raise ConnectionRefusedError('Forbidden')
    if corpus.status not in [
--- a/app/corpora/routes.py
+++ b/app/corpora/routes.py
@@ -18,18 +18,6 @@ from . import bp
 from .forms import ChangeCorpusSettingsForm, CreateCorpusFileForm, CreateCorpusForm, UpdateCorpusFileForm


-def user_can_read_corpus(user, corpus):
-    return corpus.user == user or user.is_administrator() or corpus.is_public
-
-
-def user_can_update_corpus(user, corpus):
-    return corpus.user == user or user.is_administrator()
-
-
-def user_can_delete_corpus(user, corpus):
-    return user_can_update_corpus(user, corpus)
-
-
@bp.route('')
@login_required
 def corpora():
@@ -70,7 +58,10 @@ def create_corpus():
@login_required
 def corpus(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_read_corpus(current_user, corpus):
+    if not (corpus.user == current_user
+            or current_user.is_administrator()
+            or current_user.is_following_corpus(corpus)
+            or corpus.is_public):
        abort(403)
    corpus_settings_form = ChangeCorpusSettingsForm(
        data=corpus.to_json_serializeable(),
@@ -81,17 +72,20 @@ def corpus(corpus_id):
        db.session.commit()
        flash('Your changes have been saved')
        return redirect(url_for('.corpus', corpus_id=corpus.id))
-    # following_users = [
-    #     u.to_json_serializeable() for u
-    #     in corpus.following_users
-    # ]
-    return render_template(
-        'corpora/corpus.html.j2',
-        corpus_settings_form=corpus_settings_form,
-        corpus=corpus,
-        # following_users=following_users,
-        title='Corpus'
-    )
+    if corpus.user == current_user or current_user.is_administrator():
+        return render_template(
+            'corpora/corpus.html.j2',
+            corpus_settings_form=corpus_settings_form,
+            corpus=corpus,
+            title='Corpus'
+        )
+    else:
+        print('public')
+        return render_template(
+            'corpora/corpus_public.html.j2',
+            corpus=corpus,
+            title='Corpus'
+        )



@@ -99,7 +93,7 @@ def corpus(corpus_id):
 # @login_required
 # def update_corpus(corpus_id):
 #     corpus = Corpus.query.get_or_404(corpus_id)
-#     if not user_can_update_corpus(current_user, corpus):
+#     if not (corpus.user == current_user or current_user.is_administrator()):
 #         abort(403)
 #     return render_template(
 #         'corpora/update_corpus.html.j2',
@@ -118,7 +112,7 @@ def delete_corpus(corpus_id):
            db.session.commit()

    corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_delete_corpus(current_user, corpus):
+    if not (corpus.user == current_user or current_user.is_administrator()):
        abort(403)
    thread = Thread(
        target=_delete_corpus,
@@ -132,7 +126,10 @@ def delete_corpus(corpus_id):
@login_required
 def analyse_corpus(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_read_corpus(current_user, corpus):
+    if not (corpus.user == current_user
+            or current_user.is_administrator()
+            or current_user.is_following_corpus(corpus)
+            or corpus.is_public):
        abort(403)
    return render_template(
        'corpora/analyse_corpus.html.j2',
@@ -151,7 +148,7 @@ def build_corpus(corpus_id):
            db.session.commit()

    corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_update_corpus(current_user, corpus):
+    if not (corpus.user == current_user or current_user.is_administrator()):
        abort(403)
    # Check if the corpus has corpus files
    if not corpus.files.all():
@@ -169,7 +166,7 @@ def build_corpus(corpus_id):
@login_required
 def create_corpus_file(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_update_corpus(current_user, corpus):
+    if not (corpus.user == current_user or current_user.is_administrator()):
        abort(403)
    form = CreateCorpusFileForm()
    if form.is_submitted():
@@ -334,13 +331,3 @@ def remove_permission(corpus_id, user_id, permission):
    db.session.commit()
    return 'ok'

-@bp.route('/public/<hashid:corpus_id>')
-def public_corpus(corpus_id):
-    corpus = Corpus.query.get_or_404(corpus_id)
-    corpus_files = [cf.to_json_serializeable() for cf in CorpusFile.query.filter_by(corpus_id = corpus_id).all()]
-    return render_template(
-        'corpora/public_corpus.html.j2',
-        corpus=corpus,
-        corpus_files=corpus_files,
-        title=corpus.title
-    )