From c2a6b9d7465981ce815366375dfe7e34077953f3 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Mon, 5 Jun 2023 16:52:20 +0200 Subject: [PATCH 1/4] comment out community update code --- app/corpora/followers/json_routes.py | 117 ++++++++++++++------------- app/corpora/routes.py | 17 ++-- 2 files changed, 68 insertions(+), 66 deletions(-) diff --git a/app/corpora/followers/json_routes.py b/app/corpora/followers/json_routes.py index 9b31f8ee..db6bb635 100644 --- a/app/corpora/followers/json_routes.py +++ b/app/corpora/followers/json_routes.py @@ -11,65 +11,66 @@ from app.models import ( from ..decorators import corpus_follower_permission_required from . import bp -@bp.route('//followers', methods=['POST']) -@corpus_follower_permission_required('MANAGE_FOLLOWERS') -@content_negotiation(consumes='application/json', produces='application/json') -def create_corpus_followers(corpus_id): - usernames = request.json - if not (isinstance(usernames, list) or all(isinstance(u, str) for u in usernames)): - abort(400) - corpus = Corpus.query.get_or_404(corpus_id) - for username in usernames: - user = User.query.filter_by(username=username, is_public=True).first_or_404() - user.follow_corpus(corpus) - db.session.commit() - response_data = { - 'message': f'Users are now following "{corpus.title}"', - 'category': 'corpus' - } - return response_data, 200 + +# @bp.route('//followers', methods=['POST']) +# @corpus_follower_permission_required('MANAGE_FOLLOWERS') +# @content_negotiation(consumes='application/json', produces='application/json') +# def create_corpus_followers(corpus_id): +# usernames = request.json +# if not (isinstance(usernames, list) or all(isinstance(u, str) for u in usernames)): +# abort(400) +# corpus = Corpus.query.get_or_404(corpus_id) +# for username in usernames: +# user = User.query.filter_by(username=username, is_public=True).first_or_404() +# user.follow_corpus(corpus) +# db.session.commit() +# response_data = { +# 'message': f'Users are now following "{corpus.title}"', +# 'category': 'corpus' +# } +# return response_data, 200 -@bp.route('//followers//role', methods=['PUT']) -@corpus_follower_permission_required('MANAGE_FOLLOWERS') -@content_negotiation(consumes='application/json', produces='application/json') -def update_corpus_follower_role(corpus_id, follower_id): - role_name = request.json - if not isinstance(role_name, str): - abort(400) - cfr = CorpusFollowerRole.query.filter_by(name=role_name).first() - if cfr is None: - abort(400) - cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() - cfa.role = cfr - db.session.commit() - response_data = { - 'message': f'User "{cfa.follower.username}" is now {cfa.role.name}', - 'category': 'corpus' - } - return response_data, 200 +# @bp.route('//followers//role', methods=['PUT']) +# @corpus_follower_permission_required('MANAGE_FOLLOWERS') +# @content_negotiation(consumes='application/json', produces='application/json') +# def update_corpus_follower_role(corpus_id, follower_id): +# role_name = request.json +# if not isinstance(role_name, str): +# abort(400) +# cfr = CorpusFollowerRole.query.filter_by(name=role_name).first() +# if cfr is None: +# abort(400) +# cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() +# cfa.role = cfr +# db.session.commit() +# response_data = { +# 'message': f'User "{cfa.follower.username}" is now {cfa.role.name}', +# 'category': 'corpus' +# } +# return response_data, 200 -@bp.route('//followers/', methods=['DELETE']) -def delete_corpus_follower(corpus_id, follower_id): - cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() - if not ( - current_user.id == follower_id - or current_user == cfa.corpus.user - or CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first().role.has_permission('MANAGE_FOLLOWERS') - or current_user.is_administrator()): - abort(403) - if current_user.id == follower_id: - flash(f'You are no longer following "{cfa.corpus.title}"', 'corpus') - response = make_response() - response.status_code = 204 - else: - response_data = { - 'message': f'"{cfa.follower.username}" is not following "{cfa.corpus.title}" anymore', - 'category': 'corpus' - } - response = jsonify(response_data) - response.status_code = 200 - cfa.follower.unfollow_corpus(cfa.corpus) - db.session.commit() - return response +# @bp.route('//followers/', methods=['DELETE']) +# def delete_corpus_follower(corpus_id, follower_id): +# cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() +# if not ( +# current_user.id == follower_id +# or current_user == cfa.corpus.user +# or CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first().role.has_permission('MANAGE_FOLLOWERS') +# or current_user.is_administrator()): +# abort(403) +# if current_user.id == follower_id: +# flash(f'You are no longer following "{cfa.corpus.title}"', 'corpus') +# response = make_response() +# response.status_code = 204 +# else: +# response_data = { +# 'message': f'"{cfa.follower.username}" is not following "{cfa.corpus.title}" anymore', +# 'category': 'corpus' +# } +# response = jsonify(response_data) +# response.status_code = 200 +# cfa.follower.unfollow_corpus(cfa.corpus) +# db.session.commit() +# return response diff --git a/app/corpora/routes.py b/app/corpora/routes.py index 1535f834..b21551a0 100644 --- a/app/corpora/routes.py +++ b/app/corpora/routes.py @@ -71,6 +71,7 @@ def corpus(corpus_id): users = users ) if (current_user.is_following_corpus(corpus) or corpus.is_public): + abort(403) cfas = CorpusFollowerAssociation.query.filter(Corpus.id == corpus_id, CorpusFollowerAssociation.follower_id != corpus.user.id).all() print(cfas) return render_template( @@ -98,14 +99,14 @@ def analysis(corpus_id): ) -@bp.route('//follow/') -def follow_corpus(corpus_id, token): - corpus = Corpus.query.get_or_404(corpus_id) - if current_user.follow_corpus_by_token(token): - db.session.commit() - flash(f'You are following "{corpus.title}" now', category='corpus') - return redirect(url_for('corpora.corpus', corpus_id=corpus_id)) - abort(403) +# @bp.route('//follow/') +# def follow_corpus(corpus_id, token): +# corpus = Corpus.query.get_or_404(corpus_id) +# if current_user.follow_corpus_by_token(token): +# db.session.commit() +# flash(f'You are following "{corpus.title}" now', category='corpus') +# return redirect(url_for('corpora.corpus', corpus_id=corpus_id)) +# abort(403) @bp.route('/import', methods=['GET', 'POST']) From f4b30433e6d840bad61e00b05e81fe604baabd71 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Tue, 6 Jun 2023 11:48:58 +0200 Subject: [PATCH 2/4] Add back community update code --- app/corpora/followers/json_routes.py | 116 +++++++++++++-------------- app/corpora/routes.py | 17 ++-- 2 files changed, 66 insertions(+), 67 deletions(-) diff --git a/app/corpora/followers/json_routes.py b/app/corpora/followers/json_routes.py index db6bb635..87299862 100644 --- a/app/corpora/followers/json_routes.py +++ b/app/corpora/followers/json_routes.py @@ -12,65 +12,65 @@ from ..decorators import corpus_follower_permission_required from . import bp -# @bp.route('//followers', methods=['POST']) -# @corpus_follower_permission_required('MANAGE_FOLLOWERS') -# @content_negotiation(consumes='application/json', produces='application/json') -# def create_corpus_followers(corpus_id): -# usernames = request.json -# if not (isinstance(usernames, list) or all(isinstance(u, str) for u in usernames)): -# abort(400) -# corpus = Corpus.query.get_or_404(corpus_id) -# for username in usernames: -# user = User.query.filter_by(username=username, is_public=True).first_or_404() -# user.follow_corpus(corpus) -# db.session.commit() -# response_data = { -# 'message': f'Users are now following "{corpus.title}"', -# 'category': 'corpus' -# } -# return response_data, 200 +@bp.route('//followers', methods=['POST']) +@corpus_follower_permission_required('MANAGE_FOLLOWERS') +@content_negotiation(consumes='application/json', produces='application/json') +def create_corpus_followers(corpus_id): + usernames = request.json + if not (isinstance(usernames, list) or all(isinstance(u, str) for u in usernames)): + abort(400) + corpus = Corpus.query.get_or_404(corpus_id) + for username in usernames: + user = User.query.filter_by(username=username, is_public=True).first_or_404() + user.follow_corpus(corpus) + db.session.commit() + response_data = { + 'message': f'Users are now following "{corpus.title}"', + 'category': 'corpus' + } + return response_data, 200 -# @bp.route('//followers//role', methods=['PUT']) -# @corpus_follower_permission_required('MANAGE_FOLLOWERS') -# @content_negotiation(consumes='application/json', produces='application/json') -# def update_corpus_follower_role(corpus_id, follower_id): -# role_name = request.json -# if not isinstance(role_name, str): -# abort(400) -# cfr = CorpusFollowerRole.query.filter_by(name=role_name).first() -# if cfr is None: -# abort(400) -# cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() -# cfa.role = cfr -# db.session.commit() -# response_data = { -# 'message': f'User "{cfa.follower.username}" is now {cfa.role.name}', -# 'category': 'corpus' -# } -# return response_data, 200 +@bp.route('//followers//role', methods=['PUT']) +@corpus_follower_permission_required('MANAGE_FOLLOWERS') +@content_negotiation(consumes='application/json', produces='application/json') +def update_corpus_follower_role(corpus_id, follower_id): + role_name = request.json + if not isinstance(role_name, str): + abort(400) + cfr = CorpusFollowerRole.query.filter_by(name=role_name).first() + if cfr is None: + abort(400) + cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() + cfa.role = cfr + db.session.commit() + response_data = { + 'message': f'User "{cfa.follower.username}" is now {cfa.role.name}', + 'category': 'corpus' + } + return response_data, 200 -# @bp.route('//followers/', methods=['DELETE']) -# def delete_corpus_follower(corpus_id, follower_id): -# cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() -# if not ( -# current_user.id == follower_id -# or current_user == cfa.corpus.user -# or CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first().role.has_permission('MANAGE_FOLLOWERS') -# or current_user.is_administrator()): -# abort(403) -# if current_user.id == follower_id: -# flash(f'You are no longer following "{cfa.corpus.title}"', 'corpus') -# response = make_response() -# response.status_code = 204 -# else: -# response_data = { -# 'message': f'"{cfa.follower.username}" is not following "{cfa.corpus.title}" anymore', -# 'category': 'corpus' -# } -# response = jsonify(response_data) -# response.status_code = 200 -# cfa.follower.unfollow_corpus(cfa.corpus) -# db.session.commit() -# return response +@bp.route('//followers/', methods=['DELETE']) +def delete_corpus_follower(corpus_id, follower_id): + cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=follower_id).first_or_404() + if not ( + current_user.id == follower_id + or current_user == cfa.corpus.user + or CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first().role.has_permission('MANAGE_FOLLOWERS') + or current_user.is_administrator()): + abort(403) + if current_user.id == follower_id: + flash(f'You are no longer following "{cfa.corpus.title}"', 'corpus') + response = make_response() + response.status_code = 204 + else: + response_data = { + 'message': f'"{cfa.follower.username}" is not following "{cfa.corpus.title}" anymore', + 'category': 'corpus' + } + response = jsonify(response_data) + response.status_code = 200 + cfa.follower.unfollow_corpus(cfa.corpus) + db.session.commit() + return response diff --git a/app/corpora/routes.py b/app/corpora/routes.py index b21551a0..1535f834 100644 --- a/app/corpora/routes.py +++ b/app/corpora/routes.py @@ -71,7 +71,6 @@ def corpus(corpus_id): users = users ) if (current_user.is_following_corpus(corpus) or corpus.is_public): - abort(403) cfas = CorpusFollowerAssociation.query.filter(Corpus.id == corpus_id, CorpusFollowerAssociation.follower_id != corpus.user.id).all() print(cfas) return render_template( @@ -99,14 +98,14 @@ def analysis(corpus_id): ) -# @bp.route('//follow/') -# def follow_corpus(corpus_id, token): -# corpus = Corpus.query.get_or_404(corpus_id) -# if current_user.follow_corpus_by_token(token): -# db.session.commit() -# flash(f'You are following "{corpus.title}" now', category='corpus') -# return redirect(url_for('corpora.corpus', corpus_id=corpus_id)) -# abort(403) +@bp.route('//follow/') +def follow_corpus(corpus_id, token): + corpus = Corpus.query.get_or_404(corpus_id) + if current_user.follow_corpus_by_token(token): + db.session.commit() + flash(f'You are following "{corpus.title}" now', category='corpus') + return redirect(url_for('corpora.corpus', corpus_id=corpus_id)) + abort(403) @bp.route('/import', methods=['GET', 'POST']) From 793de849ef1c414929079bf4aa539b76d2740384 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Tue, 6 Jun 2023 13:44:02 +0200 Subject: [PATCH 3/4] Allow to change role by using a corpus follow link --- app/models.py | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/app/models.py b/app/models.py index 22969c2f..b3294b00 100644 --- a/app/models.py +++ b/app/models.py @@ -787,11 +787,17 @@ class User(HashidMixin, UserMixin, db.Model): #endregion Profile Privacy settings def follow_corpus(self, corpus, role=None): + if role is None: + cfr = CorpusFollowerRole.query.filter_by(default=True).first() + else: + cfr = role if self.is_following_corpus(corpus): - return - r = CorpusFollowerRole.query.filter_by(default=True).first() if role is None else role - cfa = CorpusFollowerAssociation(corpus=corpus, role=r, follower=self) - db.session.add(cfa) + cfa = CorpusFollowerAssociation.query.filter_by(corpus=corpus, follower=self).first() + if cfa.role != cfr: + cfa.role = cfr + else: + cfa = CorpusFollowerAssociation(corpus=corpus, role=cfr, follower=self) + db.session.add(cfa) def unfollow_corpus(self, corpus): if not self.is_following_corpus(corpus): @@ -840,7 +846,7 @@ class User(HashidMixin, UserMixin, db.Model): if role is None: return False self.follow_corpus(corpus, role) - db.session.add(self) + # db.session.add(self) return True def to_json_serializeable(self, backrefs=False, relationships=False, filter_by_privacy_settings=False): From d6789a03886a77056f0922859caeaecf2b9f6c85 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Tue, 6 Jun 2023 13:47:24 +0200 Subject: [PATCH 4/4] Remove Anonymous from cfr selection in follow link gen --- app/templates/corpora/corpus.html.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/templates/corpora/corpus.html.j2 b/app/templates/corpora/corpus.html.j2 index 2e38b88d..07cb330d 100644 --- a/app/templates/corpora/corpus.html.j2 +++ b/app/templates/corpora/corpus.html.j2 @@ -192,7 +192,7 @@
badge