Merge branch 'public-corpus' of gitlab.ub.uni-bielefeld.de:sfb1288inf/nopaque into public-corpus

2025-06-11 16:40:40 +00:00 · 2023-02-21 16:18:58 +01:00
parent 726e781692 d699fd09e5
commit 4fab75f0e2
11 changed files with 441 additions and 102 deletions
--- a/app/corpora/routes.py
+++ b/app/corpora/routes.py
@ -3,6 +3,7 @@ from flask import (
    abort,
    current_app,
    flash,
+    make_response,
    Markup,
    redirect,
    render_template,
@ -19,7 +20,7 @@ from app.models import (
    Corpus,
    CorpusFile,
    CorpusFollowerAssociation,
-    CorpusFollowPermission,
+    CorpusFollowerPermission,
    CorpusStatus,
    User
 )
@ -31,7 +32,7 @@ from .forms import (
 )


-@bp.route('/<hashid:corpus_id>/enable_is_public', methods=['POST'])
+@bp.route('/<hashid:corpus_id>/is_public/enable', methods=['POST'])
@login_required
 def enable_corpus_is_public(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
@ -42,7 +43,7 @@ def enable_corpus_is_public(corpus_id):
    return '', 204


-@bp.route('/<hashid:corpus_id>/disable_is_public', methods=['POST'])
+@bp.route('/<hashid:corpus_id>/is_public/disable', methods=['POST'])
@login_required
 def disable_corpus_is_public(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
@ -69,49 +70,57 @@ def follow_corpus(corpus_id, token):
    return redirect(url_for('.corpus', corpus_id=corpus_id))


-@bp.route('/<hashid:corpus_id>/unfollow', methods=['GET', 'POST'])
+@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/unfollow', methods=['POST'])
@login_required
-def unfollow_corpus(corpus_id):
+def unfollow_corpus(corpus_id, follower_id):
    corpus = Corpus.query.get_or_404(corpus_id)
-    user_hashid = request.args.get('user_id')
-    if user_hashid is None:
-        user = current_user
-    elif current_user.is_administrator():
-        user_id = hashids.decode(user_hashid)
-        user = User.query.get_or_404(user_id)
-    else:
+    follower = User.query.get_or_404(follower_id)
+    if not (corpus.user == current_user or follower == current_user or current_user.is_administrator()):
        abort(403)
-    if user.is_following_corpus(corpus):
-        user.unfollow_corpus(corpus)
+    if not follower.is_following_corpus(corpus):
+        abort(409)  # 'User is not following the corpus'
+    follower.unfollow_corpus(corpus)
+    db.session.commit()
+    flash(f'{follower.username} is not following {corpus.title} anymore', category='corpus')
+    return '', 204
+
+
+@bp.route('/<hashid:corpus_id>/unfollow', methods=['POST'])
+@login_required
+def current_user_unfollow_corpus(corpus_id):
+    corpus = Corpus.query.get_or_404(corpus_id)
+    if not current_user.is_following_corpus(corpus):
+        abort(409)  # 'You are not following the corpus'
+    current_user.unfollow_corpus(corpus)
    db.session.commit()
    flash(f'You are not following {corpus.title} anymore', category='corpus')
    return '', 204


-@bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/add', methods=['POST'])
-def add_permission(corpus_id, user_id, permission):
-    corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
-    permission = request.args.get('permission', type=int)
-    corpus = corpus_follow_association.followed_corpus
-    if not (corpus.user == current_user or current_user.is_administrator()):
+@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/permissions/<permission_name>/add', methods=['POST'])
+def add_permission(corpus_id, follower_id, permission_name):
+    try:
+        permission = CorpusFollowerPermission[permission_name]
+    except KeyError:
+        abort(409)  # f'Permission "{permission_name}" does not exist'
+    corpus_follower_association = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404()
+    if not (corpus_follower_association.corpus.user == current_user or current_user.is_administrator()):
        abort(403)
-    if permission is None or permission not in iter(CorpusFollowPermission):
-        abort(400)
-    corpus_follow_association.add_permission(permission)
+    corpus_follower_association.add_permission(permission)
    db.session.commit()
    return '', 204


-@bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/remove', methods=['POST'])
-def remove_permission(corpus_id, user_id, permission):
-    corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
-    permission = request.args.get('permission')
-    corpus = corpus_follow_association.followed_corpus
-    if not (corpus.user == current_user or current_user.is_administrator()):
+@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/permissions/<permission_name>/remove', methods=['POST'])
+def remove_permission(corpus_id, follower_id, permission_name):
+    try:
+        permission = CorpusFollowerPermission[permission_name]
+    except KeyError:
+        return make_response(f'Permission "{permission_name}" does not exist', 409)
+    corpus_follower_association = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404()
+    if not (corpus_follower_association.corpus.user == current_user or current_user.is_administrator()):
        abort(403)
-    if permission is None or permission not in iter(CorpusFollowPermission):
-        abort(400)
-    corpus_follow_association.remove_permission(permission)
+    corpus_follower_association.remove_permission(permission)
    db.session.commit()
    return '', 204