Add routes for CorpusFollower permission management

This commit is contained in:
Patrick Jentsch 2023-02-15 16:17:25 +01:00
parent 112d1ec020
commit 5837e05024
2 changed files with 87 additions and 50 deletions

View File

@ -7,15 +7,21 @@ from flask import (
redirect, redirect,
render_template, render_template,
request, request,
send_from_directory, send_from_directory
url_for
) )
from flask_login import current_user, login_required from flask_login import current_user, login_required
from threading import Thread from threading import Thread
import jwt import jwt
import os import os
from app import db, hashids from app import db, hashids
from app.models import Corpus, CorpusFile, CorpusStatus, User from app.models import (
Corpus,
CorpusFile,
CorpusFollowerAssociation,
CorpusFollowPermission,
CorpusStatus,
User
)
from . import bp from . import bp
from .forms import ( from .forms import (
CreateCorpusFileForm, CreateCorpusFileForm,
@ -24,23 +30,6 @@ from .forms import (
) )
# @bp.route('/share/<token>', methods=['GET', 'POST'])
# def share_corpus(token):
# try:
# payload = jwt.decode(
# token,
# current_app.config['SECRET_KEY'],
# algorithms=['HS256'],
# issuer=current_app.config['SERVER_NAME'],
# options={'require': ['iat', 'iss', 'sub']}
# )
# except jwt.PyJWTError:
# return False
# corpus_hashid = payload.get('sub')
# corpus_id = hashids.decode(corpus_hashid)
# return redirect(url_for('.corpus', corpus_id=corpus_id))
@bp.route('/<hashid:corpus_id>/enable_is_public', methods=['POST']) @bp.route('/<hashid:corpus_id>/enable_is_public', methods=['POST'])
@login_required @login_required
def enable_corpus_is_public(corpus_id): def enable_corpus_is_public(corpus_id):
@ -63,24 +52,22 @@ def disable_corpus_is_public(corpus_id):
return '', 204 return '', 204
# @bp.route('/<hashid:corpus_id>/follow', methods=['GET', 'POST']) # @bp.route('/<hashid:corpus_id>/follow/<token>')
# @login_required # @login_required
# def follow_corpus(corpus_id): # def follow_corpus(corpus_id, token):
# corpus = Corpus.query.get_or_404(corpus_id) # try:
# user_hashid = request.args.get('user_id') # payload = jwt.decode(
# if user_hashid is None: # token,
# user = current_user # current_app.config['SECRET_KEY'],
# else: # algorithms=['HS256'],
# if not current_user.is_administrator(): # issuer=current_app.config['SERVER_NAME'],
# abort(403) # options={'require': ['iat', 'iss', 'sub']}
# else: # )
# user_id = hashids.decode(user_hashid) # except jwt.PyJWTError:
# user = User.query.get_or_404(user_id) # return False
# if not user.is_following_corpus(corpus): # corpus_hashid = payload.get('sub')
# user.follow_corpus(corpus) # corpus_id = hashids.decode(corpus_hashid)
# db.session.commit() # return redirect(url_for('.corpus', corpus_id=corpus_id))
# flash(f'You are following {corpus.title} now', category='corpus')
# return {}, 202
@bp.route('/<hashid:corpus_id>/unfollow', methods=['GET', 'POST']) @bp.route('/<hashid:corpus_id>/unfollow', methods=['GET', 'POST'])
@ -99,23 +86,35 @@ def unfollow_corpus(corpus_id):
user.unfollow_corpus(corpus) user.unfollow_corpus(corpus)
db.session.commit() db.session.commit()
flash(f'You are not following {corpus.title} anymore', category='corpus') flash(f'You are not following {corpus.title} anymore', category='corpus')
return {}, 202 return '', 204
# @bp.route('/add_permission/<hashid:corpus_id>/<hashid:user_id>/<int:permission>') @bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/add', methods=['POST'])
# def add_permission(corpus_id, user_id, permission): def add_permission(corpus_id, user_id, permission):
# a = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404() corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
# a.add_permission(permission) permission = request.args.get('permission', type=int)
# db.session.commit() corpus = corpus_follow_association.followed_corpus
# return 'ok' if not (corpus.user == current_user or current_user.is_administrator()):
abort(403)
if permission is None or permission not in iter(CorpusFollowPermission):
abort(400)
corpus_follow_association.add_permission(permission)
db.session.commit()
return '', 204
# @bp.route('/remove_permission/<hashid:corpus_id>/<hashid:user_id>/<int:permission>') @bp.route('/<hashid:corpus_id>/followers/<hashid:user_id>/permissions/remove', methods=['POST'])
# def remove_permission(corpus_id, user_id, permission): def remove_permission(corpus_id, user_id, permission):
# a = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404() corpus_follow_association = CorpusFollowerAssociation.query.filter_by(followed_corpus_id=corpus_id, following_user_id=user_id).first_or_404()
# a.remove_permission(permission) permission = request.args.get('permission')
# db.session.commit() corpus = corpus_follow_association.followed_corpus
# return 'ok' if not (corpus.user == current_user or current_user.is_administrator()):
abort(403)
if permission is None or permission not in iter(CorpusFollowPermission):
abort(400)
corpus_follow_association.remove_permission(permission)
db.session.commit()
return '', 204
@bp.route('/public') @bp.route('/public')

View File

@ -69,6 +69,44 @@ class Utils {
return Utils.mergeObjectsDeep(mergedObject, ...objects.slice(2)); return Utils.mergeObjectsDeep(mergedObject, ...objects.slice(2));
} }
static addCorpusFollowerPermissionRequest(corpusId, followerId, permission) {
return new Promise((resolve, reject) => {
fetch(`/corpora/${corpusId}/followers/${followerId}/add_permission?permission=${permission}`, {method: 'POST', headers: {Accept: 'application/json'}})
.then(
(response) => {
if (response.status === 400) {app.flash('Bad Request', 'error'); reject(response);}
if (response.status === 403) {app.flash('Forbidden', 'error'); reject(response);}
if (response.status === 404) {app.flash('Not Found', 'error'); reject(response);}
app.flash(`Permission added`, 'corpus');
resolve(response);
},
(response) => {
app.flash('Something went wrong', 'error');
reject(response);
}
);
});
}
static removeCorpusFollowerPermissionRequest(corpusId, followerId, permission) {
return new Promise((resolve, reject) => {
fetch(`/corpora/${corpusId}/followers/${followerId}/remove_permission?permission=${permission}`, {method: 'POST', headers: {Accept: 'application/json'}})
.then(
(response) => {
if (response.status === 400) {app.flash('Bad Request', 'error'); reject(response);}
if (response.status === 403) {app.flash('Forbidden', 'error'); reject(response);}
if (response.status === 404) {app.flash('Not Found', 'error'); reject(response);}
app.flash(`Permission removed`, 'corpus');
resolve(response);
},
(response) => {
app.flash('Something went wrong', 'error');
reject(response);
}
);
});
}
static enableCorpusIsPublicRequest(userId, corpusId) { static enableCorpusIsPublicRequest(userId, corpusId) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
let corpus; let corpus;