mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2025-06-12 09:00:40 +00:00
Only reveal hashids to the ui
This commit is contained in:
Patrick Jentsch
@ -62,7 +62,7 @@ def connect(auth):
|
||||
if corpus is None:
|
||||
# return {'code': 404, 'msg': 'Not Found'}
|
||||
raise ConnectionRefusedError('Not Found')
|
||||
if not (corpus.creator == current_user or current_user.is_administrator()):
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
# return {'code': 403, 'msg': 'Forbidden'}
|
||||
raise ConnectionRefusedError('Forbidden')
|
||||
if corpus.status not in ['prepared', 'start analysis', 'analysing', 'stop analysis']:
|
||||
|
||||
@ -22,7 +22,7 @@ def add_query_result():
|
||||
if form.is_submitted():
|
||||
if not form.validate():
|
||||
return make_response(form.errors, 400)
|
||||
query_result = QueryResult(creator=current_user,
|
||||
query_result = QueryResult(user=current_user,
|
||||
description=form.description.data,
|
||||
filename=form.file.data.filename,
|
||||
title=form.title.data)
|
||||
@ -65,19 +65,19 @@ def add_query_result():
|
||||
form=form, title='Add query result')
|
||||
|
||||
|
||||
@bp.route('/result/<int:query_result_id>')
|
||||
@bp.route('/result/<hashid:query_result_id>')
|
||||
@login_required
|
||||
def query_result(query_result_id):
|
||||
abort(503)
|
||||
query_result = QueryResult.query.get_or_404(query_result_id)
|
||||
if not (query_result.creator == current_user
|
||||
if not (query_result.user == current_user
|
||||
or current_user.is_administrator()):
|
||||
abort(403)
|
||||
return render_template('corpora/query_results/query_result.html.j2',
|
||||
query_result=query_result, title='Query result')
|
||||
|
||||
|
||||
@bp.route('/result/<int:query_result_id>/inspect')
|
||||
@bp.route('/result/<hashid:query_result_id>/inspect')
|
||||
@login_required
|
||||
def inspect_query_result(query_result_id):
|
||||
'''
|
||||
@ -86,7 +86,7 @@ def inspect_query_result(query_result_id):
|
||||
abort(503)
|
||||
query_result = QueryResult.query.get_or_404(query_result_id)
|
||||
query_metadata = query_result.query_metadata
|
||||
if not (query_result.creator == current_user
|
||||
if not (query_result.user == current_user
|
||||
or current_user.is_administrator()):
|
||||
abort(403)
|
||||
display_options_form = DisplayOptionsForm(
|
||||
@ -108,12 +108,12 @@ def inspect_query_result(query_result_id):
|
||||
title='Inspect query result')
|
||||
|
||||
|
||||
@bp.route('/result/<int:query_result_id>/delete')
|
||||
@bp.route('/result/<hashid:query_result_id>/delete')
|
||||
@login_required
|
||||
def delete_query_result(query_result_id):
|
||||
abort(503)
|
||||
query_result = QueryResult.query.get_or_404(query_result_id)
|
||||
if not (query_result.creator == current_user
|
||||
if not (query_result.user == current_user
|
||||
or current_user.is_administrator()):
|
||||
abort(403)
|
||||
flash('Query result "{}" has been marked for deletion!'.format(query_result), 'result') # noqa
|
||||
@ -121,12 +121,12 @@ def delete_query_result(query_result_id):
|
||||
return redirect(url_for('services.service', service="corpus_analysis"))
|
||||
|
||||
|
||||
@bp.route('/result/<int:query_result_id>/download')
|
||||
@bp.route('/result/<hashid:query_result_id>/download')
|
||||
@login_required
|
||||
def download_query_result(query_result_id):
|
||||
abort(503)
|
||||
query_result = QueryResult.query.get_or_404(query_result_id)
|
||||
if not (query_result.creator == current_user
|
||||
if not (query_result.user == current_user
|
||||
or current_user.is_administrator()):
|
||||
abort(403)
|
||||
return send_from_directory(as_attachment=True,
|
||||
|
||||
@ -21,7 +21,7 @@ def add_corpus():
|
||||
form = AddCorpusForm(prefix='add-corpus-form')
|
||||
if form.validate_on_submit():
|
||||
corpus = Corpus(
|
||||
creator=current_user,
|
||||
user=current_user,
|
||||
description=form.description.data,
|
||||
title=form.title.data
|
||||
)
|
||||
@ -52,7 +52,7 @@ def import_corpus():
|
||||
if not form.validate():
|
||||
return make_response(form.errors, 400)
|
||||
corpus = Corpus(
|
||||
creator=current_user,
|
||||
user=current_user,
|
||||
description=form.description.data,
|
||||
title=form.title.data
|
||||
)
|
||||
@ -115,18 +115,18 @@ def import_corpus():
|
||||
title='Import Corpus')
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>')
|
||||
@bp.route('/<hashid:corpus_id>')
|
||||
@login_required
|
||||
def corpus(corpus_id):
|
||||
corpus = Corpus.query.get_or_404(corpus_id)
|
||||
if not (corpus.creator == current_user or current_user.is_administrator()):
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
corpus_files = [corpus_file.to_dict() for corpus_file in corpus.files]
|
||||
return render_template('corpora/corpus.html.j2', corpus=corpus,
|
||||
corpus_files=corpus_files, title='Corpus')
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/analyse')
|
||||
@bp.route('/<hashid:corpus_id>/analyse')
|
||||
@login_required
|
||||
def analyse_corpus(corpus_id):
|
||||
corpus = Corpus.query.get_or_404(corpus_id)
|
||||
@ -137,37 +137,37 @@ def analyse_corpus(corpus_id):
|
||||
)
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/download')
|
||||
@bp.route('/<hashid:corpus_id>/download')
|
||||
@login_required
|
||||
def download_corpus(corpus_id):
|
||||
abort(503)
|
||||
corpus = Corpus.query.get_or_404(corpus_id)
|
||||
if not (corpus.creator == current_user or current_user.is_administrator()):
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
return send_from_directory(
|
||||
as_attachment=True,
|
||||
directory=os.path.join(corpus.creator.path, 'corpora'),
|
||||
directory=os.path.join(corpus.user.path, 'corpora'),
|
||||
filename=corpus.archive_file,
|
||||
mimetype='zip'
|
||||
)
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/delete')
|
||||
@bp.route('/<hashid:corpus_id>/delete')
|
||||
@login_required
|
||||
def delete_corpus(corpus_id):
|
||||
corpus = Corpus.query.get_or_404(corpus_id)
|
||||
if not (corpus.creator == current_user or current_user.is_administrator()):
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
flash('Corpus "{}" marked for deletion!'.format(corpus.title), 'corpus')
|
||||
tasks.delete_corpus(corpus_id)
|
||||
return redirect(url_for('main.dashboard'))
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/files/add', methods=['GET', 'POST'])
|
||||
@bp.route('/<hashid:corpus_id>/files/add', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
def add_corpus_file(corpus_id):
|
||||
corpus = Corpus.query.get_or_404(corpus_id)
|
||||
if not (corpus.creator == current_user or current_user.is_administrator()):
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
form = AddCorpusFileForm(corpus, prefix='add-corpus-file-form')
|
||||
if form.is_submitted():
|
||||
@ -200,13 +200,13 @@ def add_corpus_file(corpus_id):
|
||||
form=form, title='Add corpus file')
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/files/<int:corpus_file_id>/delete')
|
||||
@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>/delete')
|
||||
@login_required
|
||||
def delete_corpus_file(corpus_id, corpus_file_id):
|
||||
corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
|
||||
if not corpus_file.corpus_id == corpus_id:
|
||||
abort(404)
|
||||
if not (corpus_file.corpus.creator == current_user
|
||||
if not (corpus_file.corpus.user == current_user
|
||||
or current_user.is_administrator()):
|
||||
abort(403)
|
||||
flash('Corpus file "{}" marked for deletion!'.format(corpus_file.filename), 'corpus') # noqa
|
||||
@ -214,13 +214,13 @@ def delete_corpus_file(corpus_id, corpus_file_id):
|
||||
return redirect(url_for('.corpus', corpus_id=corpus_id))
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/files/<int:corpus_file_id>/download')
|
||||
@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>/download')
|
||||
@login_required
|
||||
def download_corpus_file(corpus_id, corpus_file_id):
|
||||
corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
|
||||
if not corpus_file.corpus_id == corpus_id:
|
||||
abort(404)
|
||||
if not (corpus_file.corpus.creator == current_user
|
||||
if not (corpus_file.corpus.user == current_user
|
||||
or current_user.is_administrator()):
|
||||
abort(403)
|
||||
return send_from_directory(as_attachment=True,
|
||||
@ -228,11 +228,11 @@ def download_corpus_file(corpus_id, corpus_file_id):
|
||||
filename=corpus_file.filename)
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/files/<int:corpus_file_id>', methods=['GET', 'POST'])
|
||||
@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
def corpus_file(corpus_id, corpus_file_id):
|
||||
corpus = Corpus.query.get_or_404(corpus_id)
|
||||
if not (corpus.creator == current_user or current_user.is_administrator()):
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
|
||||
if corpus_file.corpus != corpus:
|
||||
@ -273,11 +273,11 @@ def corpus_file(corpus_id, corpus_file_id):
|
||||
title='Edit corpus file')
|
||||
|
||||
|
||||
@bp.route('/<int:corpus_id>/prepare')
|
||||
@bp.route('/<hashid:corpus_id>/prepare')
|
||||
@login_required
|
||||
def prepare_corpus(corpus_id):
|
||||
corpus = Corpus.query.get_or_404(corpus_id)
|
||||
if not (corpus.creator == current_user or current_user.is_administrator()):
|
||||
if not (corpus.user == current_user or current_user.is_administrator()):
|
||||
abort(403)
|
||||
if corpus.files.all():
|
||||
tasks.build_corpus(corpus_id)
|
||||
|
||||
Reference in New Issue
Block a user