mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-25 02:44:18 +00:00
Add routes for CorpusFollower permission management
This commit is contained in:
parent
112d1ec020
commit
5837e05024
@ -7,15 +7,21 @@ from flask import (
|
|||||||
redirect,
|
redirect,
|
||||||
render_template,
|
render_template,
|
||||||
request,
|
request,
|
||||||
send_from_directory,
|
send_from_directory
|
||||||
url_for
|
|
||||||
)
|
)
|
||||||
from flask_login import current_user, login_required
|
from flask_login import current_user, login_required
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
import jwt
|
import jwt
|
||||||
import os
|
import os
|
||||||
from app import db, hashids
|
from app import db, hashids
|
||||||
from app.models import Corpus, CorpusFile, CorpusStatus, User
|
from app.models import (
|
||||||
|
Corpus,
|
||||||
|
CorpusFile,
|
||||||
|
CorpusFollowerAssociation,
|
||||||
|
CorpusFollowPermission,
|
||||||
|
CorpusStatus,
|
||||||
|
User
|
||||||
|
)
|
||||||
from . import bp
|
from . import bp
|
||||||
from .forms import (
|
from .forms import (
|
||||||
CreateCorpusFileForm,
|
CreateCorpusFileForm,
|
||||||
@ -24,23 +30,6 @@ from .forms import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
# @bp.route('/share/<token>', methods=['GET', 'POST'])
|
|
||||||
# def share_corpus(token):
|
|
||||||
# try:
|
|
||||||
# payload = jwt.decode(
|
|
||||||
# token,
|
|
||||||
# current_app.config['SECRET_KEY'],
|
|
||||||
# algorithms=['HS256'],
|
|
||||||
# issuer=current_app.config['SERVER_NAME'],
|
|
||||||
# options={'require': ['iat', 'iss', 'sub']}
|
|
||||||
# )
|
|
||||||
# except jwt.PyJWTError:
|
|
||||||
# return False
|
|
||||||
# corpus_hashid = payload.get('sub')
|
|
||||||
# corpus_id = hashids.decode(corpus_hashid)
|
|
||||||
# return redirect(url_for('.corpus', corpus_id=corpus_id))
|
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/enable_is_public', methods=['POST'])
|
@bp.route('/<hashid:corpus_id>/enable_is_public', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
def enable_corpus_is_public(corpus_id):
|
def enable_corpus_is_public(corpus_id):
|
||||||
@ -63,24 +52,22 @@ def disable_corpus_is_public(corpus_id):
|
|||||||
return '', 204
|
return '', 204
|
||||||
|
|
||||||
|
|
||||||
# @bp.route('/<hashid:corpus_id>/follow', methods=['GET', 'POST'])
|
# @bp.route('/<hashid:corpus_id>/follow/<token>')
|
||||||
# @login_required
|
# @login_required
|
||||||
# def follow_corpus(corpus_id):
|
# def follow_corpus(corpus_id, token):
|
||||||
# corpus = Corpus.query.get_or_404(corpus_id)
|
# try:
|
||||||
# user_hashid = request.args.get('user_id')
|
# payload = jwt.decode(
|
||||||
# if user_hashid is None:
|
# token,
|
||||||
# user = current_user
|
# current_app.config['SECRET_KEY'],
|
||||||
# else:
|
# algorithms=['HS256'],
|
||||||
# if not current_user.is_administrator():
|
# issuer=current_app.config['SERVER_NAME'],
|
||||||
# abort(403)
|
# options={'require': ['iat', 'iss', 'sub']}
|
||||||
# else:
|
# )
|
||||||
# user_id = hashids.decode(user_hashid)
|
# except jwt.PyJWTError:
|
||||||
# user = User.query.get_or_404(user_id)
|
# return False
|
||||||
# if not user.is_following_corpus(corpus):
|
# corpus_hashid = payload.get('sub')
|
||||||
# user.follow_corpus(corpus)
|
# corpus_id = hashids.decode(corpus_hashid)
|
||||||
# db.session.commit()
|
# return redirect(url_for('.corpus', corpus_id=corpus_id))
|
||||||
# flash(f'You are following {corpus.title} now', category='corpus')
|
|
||||||
# return {}, 202
|
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/unfollow', methods=['GET', 'POST'])
|
@bp.route('/<hashid:corpus_id>/unfollow', methods=['GET', 'POST'])
|
||||||
@ -99,23 +86,35 @@ def unfollow_corpus(corpus_id):
|
|||||||
user.unfollow_corpus(corpus)
|
user.unfollow_corpus(corpus)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash(f'You are not following {corpus.title} anymore', category='corpus')
|
flash(f'You are not following {corpus.title} anymore', category='corpus')
|
||||||
return {}, 202
|
return '', 204
|
||||||
|
|
||||||
|
|
||||||
# @bp.route('/add_permission/<hashid:corpus_id>/<hashid:user_id>/<int:permission>')
|
@bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/add', methods=['POST'])
|
||||||
# def add_permission(corpus_id, user_id, permission):
|
def add_permission(corpus_id, user_id, permission):
|
||||||
# a = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
||||||
# a.add_permission(permission)
|
permission = request.args.get('permission', type=int)
|
||||||
# db.session.commit()
|
corpus = corpus_follow_association.followed_corpus
|
||||||
# return 'ok'
|
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||||
|
abort(403)
|
||||||
|
if permission is None or permission not in iter(CorpusFollowPermission):
|
||||||
|
abort(400)
|
||||||
|
corpus_follow_association.add_permission(permission)
|
||||||
|
db.session.commit()
|
||||||
|
return '', 204
|
||||||
|
|
||||||
|
|
||||||
# @bp.route('/remove_permission/<hashid:corpus_id>/<hashid:user_id>/<int:permission>')
|
@bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/remove', methods=['POST'])
|
||||||
# def remove_permission(corpus_id, user_id, permission):
|
def remove_permission(corpus_id, user_id, permission):
|
||||||
# a = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
|
||||||
# a.remove_permission(permission)
|
permission = request.args.get('permission')
|
||||||
# db.session.commit()
|
corpus = corpus_follow_association.followed_corpus
|
||||||
# return 'ok'
|
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||||
|
abort(403)
|
||||||
|
if permission is None or permission not in iter(CorpusFollowPermission):
|
||||||
|
abort(400)
|
||||||
|
corpus_follow_association.remove_permission(permission)
|
||||||
|
db.session.commit()
|
||||||
|
return '', 204
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/public')
|
@bp.route('/public')
|
||||||
|
@ -69,6 +69,44 @@ class Utils {
|
|||||||
return Utils.mergeObjectsDeep(mergedObject, ...objects.slice(2));
|
return Utils.mergeObjectsDeep(mergedObject, ...objects.slice(2));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static addCorpusFollowerPermissionRequest(corpusId, followerId, permission) {
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
fetch(`/corpora/${corpusId}/followers/${followerId}/add_permission?permission=${permission}`, {method: 'POST', headers: {Accept: 'application/json'}})
|
||||||
|
.then(
|
||||||
|
(response) => {
|
||||||
|
if (response.status === 400) {app.flash('Bad Request', 'error'); reject(response);}
|
||||||
|
if (response.status === 403) {app.flash('Forbidden', 'error'); reject(response);}
|
||||||
|
if (response.status === 404) {app.flash('Not Found', 'error'); reject(response);}
|
||||||
|
app.flash(`Permission added`, 'corpus');
|
||||||
|
resolve(response);
|
||||||
|
},
|
||||||
|
(response) => {
|
||||||
|
app.flash('Something went wrong', 'error');
|
||||||
|
reject(response);
|
||||||
|
}
|
||||||
|
);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
static removeCorpusFollowerPermissionRequest(corpusId, followerId, permission) {
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
fetch(`/corpora/${corpusId}/followers/${followerId}/remove_permission?permission=${permission}`, {method: 'POST', headers: {Accept: 'application/json'}})
|
||||||
|
.then(
|
||||||
|
(response) => {
|
||||||
|
if (response.status === 400) {app.flash('Bad Request', 'error'); reject(response);}
|
||||||
|
if (response.status === 403) {app.flash('Forbidden', 'error'); reject(response);}
|
||||||
|
if (response.status === 404) {app.flash('Not Found', 'error'); reject(response);}
|
||||||
|
app.flash(`Permission removed`, 'corpus');
|
||||||
|
resolve(response);
|
||||||
|
},
|
||||||
|
(response) => {
|
||||||
|
app.flash('Something went wrong', 'error');
|
||||||
|
reject(response);
|
||||||
|
}
|
||||||
|
);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
static enableCorpusIsPublicRequest(userId, corpusId) {
|
static enableCorpusIsPublicRequest(userId, corpusId) {
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
let corpus;
|
let corpus;
|
||||||
|
Loading…
Reference in New Issue
Block a user