mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-11-14 16:55:42 +00:00
Add routes for CorpusFollower permission management
This commit is contained in:
Patrick Jentsch
parent
112d1ec020
commit
5837e05024
@ -7,15 +7,21 @@ from flask import (
|
||||
redirect,
|
||||
render_template,
|
||||
request,
|
||||
send_from_directory,
|
||||
url_for
|
||||
send_from_directory
|
||||
)
|
||||
from flask_login import current_user, login_required
|
||||
from threading import Thread
|
||||
import jwt
|
||||
import os
|
||||
from app import db, hashids
|
||||
from app.models import Corpus, CorpusFile, CorpusStatus, User
|
||||
from app.models import (
|
||||
Corpus,
|
||||
CorpusFile,
|
||||
CorpusFollowerAssociation,
|
||||
CorpusFollowPermission,
|
||||
CorpusStatus,
|
||||
User
|
||||
)
|
||||
from . import bp
|
||||
from .forms import (
|
||||
CreateCorpusFileForm,
|
||||
@ -24,23 +30,6 @@ from .forms import (
|
||||
)
|
||||
|
||||
|
||||
# @bp.route('/share/<token>', methods=['GET', 'POST'])
|
||||
# def share_corpus(token):
|
||||
# try:
|
||||
# payload = jwt.decode(
|
||||
# token,
|
||||
# current_app.config['SECRET_KEY'],
|
||||
# algorithms=['HS256'],
|
||||
# issuer=current_app.config['SERVER_NAME'],
|
||||
# options={'require': ['iat', 'iss', 'sub']}
|
||||
# )
|
||||
# except jwt.PyJWTError:
|
||||
# return False
|
||||
# corpus_hashid = payload.get('sub')
|
||||
# corpus_id = hashids.decode(corpus_hashid)
|
||||
# return redirect(url_for('.corpus', corpus_id=corpus_id))
|
||||
|
||||
|
||||
@bp.route('/<hashid:corpus_id>/enable_is_public', methods=['POST'])
|
||||
@login_required
|
||||
def enable_corpus_is_public(corpus_id):
|
||||
@ -63,24 +52,22 @@ def disable_corpus_is_public(corpus_id):
|
||||
return '', 204
|
||||
|
||||
|
||||
# @bp.route('/<hashid:corpus_id>/follow', methods=['GET', 'POST'])
|
||||
# @bp.route('/<hashid:corpus_id>/follow/<token>')
|
||||
# @login_required
|
||||
# def follow_corpus(corpus_id):
|
||||
# corpus = Corpus.query.get_or_404(corpus_id)
|
||||
# user_hashid = request.args.get('user_id')
|
||||
# if user_hashid is None:
|
||||
# user = current_user
|
||||
# else:
|
||||
# if not current_user.is_administrator():
|
||||
# abort(403)
|
||||
# else:
|
||||
# user_id = hashids.decode(user_hashid)
|
||||
# user = User.query.get_or_404(user_id)
|
||||
# if not user.is_following_corpus(corpus):
|
||||
# user.follow_corpus(corpus)
|
||||
# db.session.commit()
|
||||
# flash(f'You are following {corpus.title} now', category='corpus')
|
||||
# return {}, 202
|
||||
# def follow_corpus(corpus_id, token):
|
||||
# try:
|
||||
# payload = jwt.decode(
|
||||
# token,
|
||||
# current_app.config['SECRET_KEY'],
|
||||
# algorithms=['HS256'],
|
||||
# issuer=current_app.config['SERVER_NAME'],
|
||||
# options={'require': ['iat', 'iss', 'sub']}
|
||||
# )
|
||||
# except jwt.PyJWTError:
|
||||
# return False
|
||||
# corpus_hashid = payload.get('sub')
|
||||
# corpus_id = hashids.decode(corpus_hashid)
|
||||
# return redirect(url_for('.corpus', corpus_id=corpus_id))
|
||||
|
||||
|
||||
@bp.route('/<hashid:corpus_id>/unfollow', methods=['GET', 'POST'])
|
||||
@ -99,23 +86,35 @@ def unfollow_corpus(corpus_id):
|
||||
user.unfollow_corpus(corpus)
|
||||
db.session.commit()
|
||||
flash(f'You are not following {corpus.title} anymore', category='corpus')
|
||||
return {}, 202
|
||||
return '', 204
|
||||
|
||||
|
||||
# @bp.route('/add_permission/<hashid:corpus_id>/<hashid:user_id>/<int:permission>')
|
||||
# def add_permission(corpus_id, user_id, permission):
|
||||
# a = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
||||
# a.add_permission(permission)
|
||||
# db.session.commit()
|
||||
# return 'ok'
|
||||
@bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/add', methods=['POST'])
|
||||
def add_permission(corpus_id, user_id, permission):
|
||||
corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
||||
permission = request.args.get('permission', type=int)
|
||||
corpus = corpus_follow_association.followed_corpus
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
if permission is None or permission not in iter(CorpusFollowPermission):
|
||||
abort(400)
|
||||
corpus_follow_association.add_permission(permission)
|
||||
db.session.commit()
|
||||
return '', 204
|
||||
|
||||
|
||||
# @bp.route('/remove_permission/<hashid:corpus_id>/<hashid:user_id>/<int:permission>')
|
||||
# def remove_permission(corpus_id, user_id, permission):
|
||||
# a = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
||||
# a.remove_permission(permission)
|
||||
# db.session.commit()
|
||||
# return 'ok'
|
||||
@bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/remove', methods=['POST'])
|
||||
def remove_permission(corpus_id, user_id, permission):
|
||||
corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
||||
permission = request.args.get('permission')
|
||||
corpus = corpus_follow_association.followed_corpus
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
if permission is None or permission not in iter(CorpusFollowPermission):
|
||||
abort(400)
|
||||
corpus_follow_association.remove_permission(permission)
|
||||
db.session.commit()
|
||||
return '', 204
|
||||
|
||||
|
||||
@bp.route('/public')
|
||||
|
||||
@ -69,6 +69,44 @@ class Utils {
|
||||
return Utils.mergeObjectsDeep(mergedObject, ...objects.slice(2));
|
||||
}
|
||||
|
||||
static addCorpusFollowerPermissionRequest(corpusId, followerId, permission) {
|
||||
return new Promise((resolve, reject) => {
|
||||
fetch(`/corpora/${corpusId}/followers/${followerId}/add_permission?permission=${permission}`, {method: 'POST', headers: {Accept: 'application/json'}})
|
||||
.then(
|
||||
(response) => {
|
||||
if (response.status === 400) {app.flash('Bad Request', 'error'); reject(response);}
|
||||
if (response.status === 403) {app.flash('Forbidden', 'error'); reject(response);}
|
||||
if (response.status === 404) {app.flash('Not Found', 'error'); reject(response);}
|
||||
app.flash(`Permission added`, 'corpus');
|
||||
resolve(response);
|
||||
},
|
||||
(response) => {
|
||||
app.flash('Something went wrong', 'error');
|
||||
reject(response);
|
||||
}
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
static removeCorpusFollowerPermissionRequest(corpusId, followerId, permission) {
|
||||
return new Promise((resolve, reject) => {
|
||||
fetch(`/corpora/${corpusId}/followers/${followerId}/remove_permission?permission=${permission}`, {method: 'POST', headers: {Accept: 'application/json'}})
|
||||
.then(
|
||||
(response) => {
|
||||
if (response.status === 400) {app.flash('Bad Request', 'error'); reject(response);}
|
||||
if (response.status === 403) {app.flash('Forbidden', 'error'); reject(response);}
|
||||
if (response.status === 404) {app.flash('Not Found', 'error'); reject(response);}
|
||||
app.flash(`Permission removed`, 'corpus');
|
||||
resolve(response);
|
||||
},
|
||||
(response) => {
|
||||
app.flash('Something went wrong', 'error');
|
||||
reject(response);
|
||||
}
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
static enableCorpusIsPublicRequest(userId, corpusId) {
|
||||
return new Promise((resolve, reject) => {
|
||||
let corpus;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user