add all files for last commit

2025-11-04 12:22:47 +00:00 · 2022-11-29 15:28:10 +01:00
parent 5864aa653e
commit 5491cb184a
8 changed files with 130 additions and 44 deletions
--- a/app/corpora/forms.py
+++ b/app/corpora/forms.py
@@ -1,11 +1,17 @@
 from flask_wtf import FlaskForm
 from flask_wtf.file import FileField, FileRequired
-from wtforms import StringField, SubmitField, ValidationError, IntegerField
+from wtforms import (
+    StringField,
+    SubmitField,
+    TextAreaField,
+    ValidationError,
+    IntegerField
+)
 from wtforms.validators import InputRequired, Length


-class CreateCorpusForm(FlaskForm):
-    description = StringField(
+class CorpusBaseForm(FlaskForm):
+    description = TextAreaField(
        'Description',
        validators=[InputRequired(), Length(max=255)]
    )
@@ -13,6 +19,20 @@ class CreateCorpusForm(FlaskForm):
    submit = SubmitField()


+class CreateCorpusForm(CorpusBaseForm):
+    def __init__(self, *args, **kwargs):
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'create-corpus-form'
+        super().__init__(*args, **kwargs)
+
+
+class UpdateCorpusForm(CorpusBaseForm):
+    def __init__(self, *args, **kwargs):
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'update-corpus-form'
+        super().__init__(*args, **kwargs)
+
+
 class CorpusFileBaseForm(FlaskForm):
    author = StringField(
        'Author',
@@ -41,13 +61,21 @@ class CorpusFileBaseForm(FlaskForm):
 class CreateCorpusFileForm(CorpusFileBaseForm):
    vrt = FileField('File', validators=[FileRequired()])

+    def __init__(self, *args, **kwargs):
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'create-corpus-file-form'
+        super().__init__(*args, **kwargs)
+
    def validate_vrt(self, field):
        if not field.data.filename.lower().endswith('.vrt'):
            raise ValidationError('VRT files only!')


-class EditCorpusFileForm(CorpusFileBaseForm):
-    pass
+class UpdateCorpusFileForm(CorpusFileBaseForm):
+    def __init__(self, *args, **kwargs):
+        if 'prefix' not in kwargs:
+            kwargs['prefix'] = 'update-corpus-file-form'
+        super().__init__(*args, **kwargs)


 class ImportCorpusForm(FlaskForm):
--- a/app/corpora/routes.py
+++ b/app/corpora/routes.py
@@ -13,7 +13,26 @@ import os
 from app import db
 from app.models import Corpus, CorpusFile, CorpusStatus
 from . import bp
-from .forms import CreateCorpusFileForm, CreateCorpusForm, EditCorpusFileForm
+from .forms import CreateCorpusFileForm, CreateCorpusForm, UpdateCorpusFileForm
+
+
+def user_can_read_corpus(user, corpus):
+    return corpus.user == user or user.is_administrator() or corpus.is_public
+
+
+def user_can_update_corpus(user, corpus):
+    return corpus.user == user or user.is_administrator()
+
+
+def user_can_delete_corpus(user, corpus):
+    return user_can_update_corpus(user, corpus)
+
+
+@bp.route('')
+@login_required
+def corpora():
+    corpora = Corpus.query.filter(Corpus.user_id == current_user.id | Corpus.is_public == True).all()
+    return render_template('corpora/corpora.html', corpora=corpora)


@bp.route('/create', methods=['GET', 'POST'])
@@ -46,7 +65,7 @@ def create_corpus():
@login_required
 def corpus(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
-    if not (corpus.user == current_user or current_user.is_administrator()):
+    if not user_can_read_corpus(current_user, corpus):
        abort(403)
    return render_template(
        'corpora/corpus.html.j2',
@@ -55,6 +74,19 @@ def corpus(corpus_id):
    )


+# @bp.route('/<hashid:corpus_id>/update')
+# @login_required
+# def update_corpus(corpus_id):
+#     corpus = Corpus.query.get_or_404(corpus_id)
+#     if not user_can_update_corpus(current_user, corpus):
+#         abort(403)
+#     return render_template(
+#         'corpora/update_corpus.html.j2',
+#         corpus=corpus,
+#         title='Corpus'
+#     )
+
+
@bp.route('/<hashid:corpus_id>', methods=['DELETE'])
@login_required
 def delete_corpus(corpus_id):
@@ -65,7 +97,7 @@ def delete_corpus(corpus_id):
            db.session.commit()

    corpus = Corpus.query.get_or_404(corpus_id)
-    if not (corpus.user == current_user or current_user.is_administrator()):
+    if not user_can_delete_corpus(current_user, corpus):
        abort(403)
    thread = Thread(
        target=_delete_corpus,
@@ -79,6 +111,8 @@ def delete_corpus(corpus_id):
@login_required
 def analyse_corpus(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
+    if not user_can_read_corpus(current_user, corpus):
+        abort(403)
    return render_template(
        'corpora/analyse_corpus.html.j2',
        corpus=corpus,
@@ -96,7 +130,7 @@ def build_corpus(corpus_id):
            db.session.commit()

    corpus = Corpus.query.get_or_404(corpus_id)
-    if not (corpus.user == current_user or current_user.is_administrator()):
+    if not user_can_update_corpus(current_user, corpus):
        abort(403)
    # Check if the corpus has corpus files
    if not corpus.files.all():
@@ -114,7 +148,7 @@ def build_corpus(corpus_id):
@login_required
 def create_corpus_file(corpus_id):
    corpus = Corpus.query.get_or_404(corpus_id)
-    if not (corpus.user == current_user or current_user.is_administrator()):
+    if not user_can_update_corpus(current_user, corpus):
        abort(403)
    form = CreateCorpusFileForm(prefix='create-corpus-file-form')
    if form.is_submitted():
@@ -157,16 +191,13 @@ def create_corpus_file(corpus_id):
    )


-@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>',
-          methods=['GET', 'POST'])
+@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>', methods=['GET', 'POST'])
@login_required
 def corpus_file(corpus_id, corpus_file_id):
-    corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
-    if corpus_file.corpus.id != corpus_id:
-        abort(404)
+    corpus_file = CorpusFile.query.filter_by(corpus_id = corpus_id, id=corpus_file_id).first_or_404()
    if not (corpus_file.corpus.user == current_user or current_user.is_administrator()):
        abort(403)
-    form = EditCorpusFileForm(
+    form = UpdateCorpusFileForm(
        data=corpus_file.to_json_serializeable(),
        prefix='edit-corpus-file-form'
    )
@@ -196,9 +227,7 @@ def delete_corpus_file(corpus_id, corpus_file_id):
            corpus_file.delete()
            db.session.commit()

-    corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
-    if corpus_file.corpus.id != corpus_id:
-        abort(404)
+    corpus_file = CorpusFile.query.filter_by(corpus_id = corpus_id, id=corpus_file_id).first_or_404()
    if not (corpus_file.corpus.user == current_user or current_user.is_administrator()):
        abort(403)
    thread = Thread(
@@ -212,9 +241,7 @@ def delete_corpus_file(corpus_id, corpus_file_id):
@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>/download')
@login_required
 def download_corpus_file(corpus_id, corpus_file_id):
-    corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
-    if corpus_file.corpus.id != corpus_id:
-        abort(404)
+    corpus_file = CorpusFile.query.filter_by(corpus_id = corpus_id, id=corpus_file_id).first_or_404()
    if not (corpus_file.corpus.user == current_user or current_user.is_administrator()):
        abort(403)
    return send_from_directory(