From 965bc9d68a8d16f1e0e5456beb5e387e5302aaae Mon Sep 17 00:00:00 2001
From: Patrick Jentsch <p.jentsch@uni-bielefeld.de>
Date: Thu, 9 Feb 2023 11:05:27 +0100
Subject: [PATCH] Update public corpus logic

---
 app/corpora/routes.py                         | 63 ++++++++-----------
 ...c_corpus.html.j2 => corpus_public.html.j2} |  2 +-
 2 files changed, 27 insertions(+), 38 deletions(-)
 rename app/templates/corpora/{public_corpus.html.j2 => corpus_public.html.j2} (98%)

diff --git a/app/corpora/routes.py b/app/corpora/routes.py
index 63af1b07..e1c67f40 100644
--- a/app/corpora/routes.py
+++ b/app/corpora/routes.py
@@ -18,18 +18,6 @@ from . import bp
 from .forms import ChangeCorpusSettingsForm, CreateCorpusFileForm, CreateCorpusForm, UpdateCorpusFileForm
 
 
-def user_can_read_corpus(user, corpus):
-    return corpus.user == user or user.is_administrator() or corpus.is_public
-
-
-def user_can_update_corpus(user, corpus):
-    return corpus.user == user or user.is_administrator()
-
-
-def user_can_delete_corpus(user, corpus):
-    return user_can_update_corpus(user, corpus)
-
-
 @bp.route('')
 @login_required
 def corpora():
@@ -70,7 +58,10 @@ def create_corpus():
 @login_required
 def corpus(corpus_id):
     corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_read_corpus(current_user, corpus):
+    if not (corpus.user == current_user
+            or current_user.is_administrator()
+            or current_user.is_following_corpus(corpus)
+            or corpus.is_public):
         abort(403)
     corpus_settings_form = ChangeCorpusSettingsForm(
         data=corpus.to_json_serializeable(),
@@ -81,17 +72,20 @@ def corpus(corpus_id):
         db.session.commit()
         flash('Your changes have been saved')
         return redirect(url_for('.corpus', corpus_id=corpus.id))
-    # following_users = [
-    #     u.to_json_serializeable() for u
-    #     in corpus.following_users
-    # ]
-    return render_template(
-        'corpora/corpus.html.j2',
-        corpus_settings_form=corpus_settings_form,
-        corpus=corpus,
-        # following_users=following_users,
-        title='Corpus'
-    )
+    if corpus.user == current_user or current_user.is_administrator():
+        return render_template(
+            'corpora/corpus.html.j2',
+            corpus_settings_form=corpus_settings_form,
+            corpus=corpus,
+            title='Corpus'
+        )
+    else:
+        print('public')
+        return render_template(
+            'corpora/corpus_public.html.j2',
+            corpus=corpus,
+            title='Corpus'
+        )
 
 
 
@@ -99,7 +93,7 @@ def corpus(corpus_id):
 # @login_required
 # def update_corpus(corpus_id):
 #     corpus = Corpus.query.get_or_404(corpus_id)
-#     if not user_can_update_corpus(current_user, corpus):
+#     if not (corpus.user == current_user or current_user.is_administrator()):
 #         abort(403)
 #     return render_template(
 #         'corpora/update_corpus.html.j2',
@@ -118,7 +112,7 @@ def delete_corpus(corpus_id):
             db.session.commit()
 
     corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_delete_corpus(current_user, corpus):
+    if not (corpus.user == current_user or current_user.is_administrator()):
         abort(403)
     thread = Thread(
         target=_delete_corpus,
@@ -132,7 +126,10 @@ def delete_corpus(corpus_id):
 @login_required
 def analyse_corpus(corpus_id):
     corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_read_corpus(current_user, corpus):
+    if not (corpus.user == current_user
+            or current_user.is_administrator()
+            or current_user.is_following_corpus(corpus)
+            or corpus.is_public):
         abort(403)
     return render_template(
         'corpora/analyse_corpus.html.j2',
@@ -151,7 +148,7 @@ def build_corpus(corpus_id):
             db.session.commit()
 
     corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_update_corpus(current_user, corpus):
+    if not (corpus.user == current_user or current_user.is_administrator()):
         abort(403)
     # Check if the corpus has corpus files
     if not corpus.files.all():
@@ -169,7 +166,7 @@ def build_corpus(corpus_id):
 @login_required
 def create_corpus_file(corpus_id):
     corpus = Corpus.query.get_or_404(corpus_id)
-    if not user_can_update_corpus(current_user, corpus):
+    if not (corpus.user == current_user or current_user.is_administrator()):
         abort(403)
     form = CreateCorpusFileForm()
     if form.is_submitted():
@@ -333,11 +330,3 @@ def remove_permission(corpus_id, user_id, permission):
     db.session.commit()
     return 'ok'
 
-@bp.route('/public/<hashid:corpus_id>')
-def public_corpus(corpus_id):
-    corpus = Corpus.query.get_or_404(corpus_id)
-    return render_template(
-        'corpora/public_corpus.html.j2',
-        corpus=corpus,
-        title=corpus.title
-    )
diff --git a/app/templates/corpora/public_corpus.html.j2 b/app/templates/corpora/corpus_public.html.j2
similarity index 98%
rename from app/templates/corpora/public_corpus.html.j2
rename to app/templates/corpora/corpus_public.html.j2
index f9cb4bc9..7ca14378 100644
--- a/app/templates/corpora/public_corpus.html.j2
+++ b/app/templates/corpora/corpus_public.html.j2
@@ -38,7 +38,7 @@
   {# let followingUserList = new UserList(document.querySelector('.user-list'));
   followingUserList.add({{ following_users|tojson }}); #}
   
-  corpusFollowingRequest.addEventListener('click', function() {
+  corpusFollowingRequest.addEventListener('click', () => {
     corpusFollowingRequest.innerHTML = '<i class="material-icons left">add</i>Unfollow Corpus';
     if ("{{ current_user.is_following_corpus(corpus) }}" === "False") {
       corpusFollowingRequest.lastChild.textContent = 'Unfollow Corpus';