Sith/sas/api.py

from django.conf import settings
from django.db.models import F
from django.urls import reverse
from ninja import Query
from ninja_extra import ControllerBase, api_controller, paginate, route
from ninja_extra.exceptions import NotFound, PermissionDenied
from ninja_extra.pagination import PageNumberPaginationExtra
from ninja_extra.permissions import IsAuthenticated
from ninja_extra.schemas import PaginatedResponseSchema
from pydantic import NonNegativeInt

from core.api_permissions import CanView, IsInGroup, IsRoot
from core.models import Notification, User
from sas.models import PeoplePictureRelation, Picture
from sas.schemas import (
    IdentifiedUserSchema,
    ModerationRequestSchema,
    PictureFilterSchema,
    PictureSchema,
)

IsSasAdmin = IsRoot | IsInGroup(settings.SITH_GROUP_SAS_ADMIN_ID)


@api_controller("/sas/picture")
class PicturesController(ControllerBase):
    @route.get(
        "",
        response=PaginatedResponseSchema[PictureSchema],
        permissions=[IsAuthenticated],
        url_name="pictures",
    )
    @paginate(PageNumberPaginationExtra, page_size=100)
    def fetch_pictures(self, filters: Query[PictureFilterSchema]):
        """Find pictures viewable by the user corresponding to the given filters.

        A user with an active subscription can see any picture, as long
        as it has been moderated and not asked for removal.
        An unsubscribed user can see the pictures he has been identified on
        (only the moderated ones, too).

        Notes:
            Trying to fetch the pictures of another user with this route
            while being unsubscribed will just result in an empty response.

        Notes:
            Unsubscribed users who are identified is not a rare case.
            They can be UTT students, faluchards from other schools,
            or even Richard Stallman (that ain't no joke,
            cf. https://ae.utbm.fr/user/32663/pictures/)
        """
        user: User = self.context.request.user
        return (
            filters.filter(Picture.objects.viewable_by(user))
            .distinct()
            .order_by("-parent__date", "date")
            .select_related("owner")
            .annotate(album=F("parent__name"))
        )

    @route.get(
        "/{picture_id}/identified",
        permissions=[IsAuthenticated, CanView],
        response=list[IdentifiedUserSchema],
    )
    def fetch_identifications(self, picture_id: int):
        """Fetch the users that have been identified on the given picture."""
        picture = self.get_object_or_exception(Picture, pk=picture_id)
        return picture.people.select_related("user")

    @route.put("/{picture_id}/identified", permissions=[IsAuthenticated, CanView])
    def identify_users(self, picture_id: NonNegativeInt, users: set[NonNegativeInt]):
        picture = self.get_object_or_exception(Picture, pk=picture_id)
        db_users = list(User.objects.filter(id__in=users))
        if len(users) != len(db_users):
            raise NotFound
        already_identified = set(
            picture.people.filter(user_id__in=users).values_list("user_id", flat=True)
        )
        identified = [u for u in db_users if u.pk not in already_identified]
        relations = [
            PeoplePictureRelation(user=u, picture_id=picture_id) for u in identified
        ]
        PeoplePictureRelation.objects.bulk_create(relations)
        for u in identified:
            Notification.objects.get_or_create(
                user=u,
                viewed=False,
                type="NEW_PICTURES",
                defaults={
                    "url": reverse("core:user_pictures", kwargs={"user_id": u.id})
                },
            )

    @route.delete("/{picture_id}", permissions=[IsSasAdmin])
    def delete_picture(self, picture_id: int):
        self.get_object_or_exception(Picture, pk=picture_id).delete()

    @route.patch(
        "/{picture_id}/moderation",
        permissions=[IsSasAdmin],
        url_name="picture_moderate",
    )
    def moderate_picture(self, picture_id: int):
        """Mark a picture as moderated and remove its pending moderation requests."""
        picture = self.get_object_or_exception(Picture, pk=picture_id)
        picture.moderation_requests.all().delete()
        picture.is_moderated = True
        picture.moderator = self.context.request.user
        picture.asked_for_removal = False
        picture.save()

    @route.get(
        "/{picture_id}/moderation",
        permissions=[IsSasAdmin],
        response=list[ModerationRequestSchema],
        url_name="picture_moderation_requests",
    )
    def fetch_moderation_requests(self, picture_id: int):
        """Fetch the moderation requests issued on this picture."""
        picture = self.get_object_or_exception(Picture, pk=picture_id)
        return picture.moderation_requests.select_related("author")


@api_controller("/sas/relation", tags="User identification on SAS pictures")
class UsersIdentifiedController(ControllerBase):
    @route.delete("/{relation_id}", permissions=[IsAuthenticated])
    def delete_relation(self, relation_id: NonNegativeInt):
        """Untag a user from a SAS picture.

        Root and SAS admins can delete any picture identification.
        All other users can delete their own identification.
        """
        relation = self.get_object_or_exception(PeoplePictureRelation, pk=relation_id)
        user: User = self.context.request.user
        if (
            relation.user_id != user.id
            and not user.is_root
            and not user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID)
        ):
            raise PermissionDenied
        relation.delete()
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`from django.conf import settings`
Sort pictures by album in zip file 2024-07-31 09:56:38 +00:00			`from django.db.models import F`
Use select2 for user picture identification 2024-08-01 17:02:29 +00:00			`from django.urls import reverse`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00			`from ninja import Query`
paginate GET /api/sas/picture 2024-08-05 17:25:30 +00:00			`from ninja_extra import ControllerBase, api_controller, paginate, route`
Use select2 for user picture identification 2024-08-01 17:02:29 +00:00			`from ninja_extra.exceptions import NotFound, PermissionDenied`
paginate GET /api/sas/picture 2024-08-05 17:25:30 +00:00			`from ninja_extra.pagination import PageNumberPaginationExtra`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00			`from ninja_extra.permissions import IsAuthenticated`
paginate GET /api/sas/picture 2024-08-05 17:25:30 +00:00			`from ninja_extra.schemas import PaginatedResponseSchema`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`from pydantic import NonNegativeInt`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00
feat: display moderation requests to moderators 2024-10-13 22:45:31 +00:00			`from core.api_permissions import CanView, IsInGroup, IsRoot`
Use select2 for user picture identification 2024-08-01 17:02:29 +00:00			`from core.models import Notification, User`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`from sas.models import PeoplePictureRelation, Picture`
feat: display moderation requests to moderators 2024-10-13 22:45:31 +00:00			`from sas.schemas import (`
			`IdentifiedUserSchema,`
			`ModerationRequestSchema,`
			`PictureFilterSchema,`
			`PictureSchema,`
			`)`

			`IsSasAdmin = IsRoot \| IsInGroup(settings.SITH_GROUP_SAS_ADMIN_ID)`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00

Fix button to remove a user from picture 2024-07-25 21:31:54 +00:00			`@api_controller("/sas/picture")`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`class PicturesController(ControllerBase):`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00			`@route.get(`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`"",`
paginate GET /api/sas/picture 2024-08-05 17:25:30 +00:00			`response=PaginatedResponseSchema[PictureSchema],`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00			`permissions=[IsAuthenticated],`
			`url_name="pictures",`
			`)`
paginate GET /api/sas/picture 2024-08-05 17:25:30 +00:00			`@paginate(PageNumberPaginationExtra, page_size=100)`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00			`def fetch_pictures(self, filters: Query[PictureFilterSchema]):`
			`"""Find pictures viewable by the user corresponding to the given filters.`

			`A user with an active subscription can see any picture, as long`
			`as it has been moderated and not asked for removal.`
			`An unsubscribed user can see the pictures he has been identified on`
add tests 2024-07-26 12:25:26 +00:00			`(only the moderated ones, too).`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00
			`Notes:`
			`Trying to fetch the pictures of another user with this route`
			`while being unsubscribed will just result in an empty response.`
add tests 2024-07-26 12:25:26 +00:00
			`Notes:`
			`Unsubscribed users who are identified is not a rare case.`
			`They can be UTT students, faluchards from other schools,`
			`or even Richard Stallman (that ain't no joke,`
			`cf. https://ae.utbm.fr/user/32663/pictures/)`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00			`"""`
			`user: User = self.context.request.user`
fix rights on albums and next/previous pictures 2024-08-08 11:15:19 +00:00			`return (`
add `PictureQuerySet.viewable_by(user)` method 2024-08-06 10:37:50 +00:00			`filters.filter(Picture.objects.viewable_by(user))`
add tests 2024-07-22 17:12:03 +00:00			`.distinct()`
restify album view 2024-08-05 21:40:11 +00:00			`.order_by("-parent__date", "date")`
completely ajaxify the picture page 2024-09-03 18:15:37 +00:00			`.select_related("owner")`
Sort pictures by album in zip file 2024-07-31 09:56:38 +00:00			`.annotate(album=F("parent__name"))`
replace drf by django-ninja 2024-07-18 18:23:30 +00:00			`)`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00
Use select2 for user picture identification 2024-08-01 17:02:29 +00:00			`@route.get(`
			`"/{picture_id}/identified",`
			`permissions=[IsAuthenticated, CanView],`
			`response=list[IdentifiedUserSchema],`
			`)`
			`def fetch_identifications(self, picture_id: int):`
			`"""Fetch the users that have been identified on the given picture."""`
			`picture = self.get_object_or_exception(Picture, pk=picture_id)`
			`return picture.people.select_related("user")`

			`@route.put("/{picture_id}/identified", permissions=[IsAuthenticated, CanView])`
			`def identify_users(self, picture_id: NonNegativeInt, users: set[NonNegativeInt]):`
			`picture = self.get_object_or_exception(Picture, pk=picture_id)`
			`db_users = list(User.objects.filter(id__in=users))`
			`if len(users) != len(db_users):`
			`raise NotFound`
			`already_identified = set(`
			`picture.people.filter(user_id__in=users).values_list("user_id", flat=True)`
			`)`
			`identified = [u for u in db_users if u.pk not in already_identified]`
			`relations = [`
			`PeoplePictureRelation(user=u, picture_id=picture_id) for u in identified`
			`]`
			`PeoplePictureRelation.objects.bulk_create(relations)`
			`for u in identified:`
			`Notification.objects.get_or_create(`
			`user=u,`
			`viewed=False,`
			`type="NEW_PICTURES",`
			`defaults={`
			`"url": reverse("core:user_pictures", kwargs={"user_id": u.id})`
			`},`
			`)`

feat: display moderation requests to moderators 2024-10-13 22:45:31 +00:00			`@route.delete("/{picture_id}", permissions=[IsSasAdmin])`
completely ajaxify the picture page 2024-09-03 18:15:37 +00:00			`def delete_picture(self, picture_id: int):`
			`self.get_object_or_exception(Picture, pk=picture_id).delete()`

feat: display moderation requests to moderators 2024-10-13 22:45:31 +00:00			`@route.patch(`
			`"/{picture_id}/moderation",`
			`permissions=[IsSasAdmin],`
			`url_name="picture_moderate",`
			`)`
completely ajaxify the picture page 2024-09-03 18:15:37 +00:00			`def moderate_picture(self, picture_id: int):`
feat: display moderation requests to moderators 2024-10-13 22:45:31 +00:00			`"""Mark a picture as moderated and remove its pending moderation requests."""`
completely ajaxify the picture page 2024-09-03 18:15:37 +00:00			`picture = self.get_object_or_exception(Picture, pk=picture_id)`
feat: display moderation requests to moderators 2024-10-13 22:45:31 +00:00			`picture.moderation_requests.all().delete()`
completely ajaxify the picture page 2024-09-03 18:15:37 +00:00			`picture.is_moderated = True`
			`picture.moderator = self.context.request.user`
			`picture.asked_for_removal = False`
			`picture.save()`

feat: display moderation requests to moderators 2024-10-13 22:45:31 +00:00			`@route.get(`
			`"/{picture_id}/moderation",`
			`permissions=[IsSasAdmin],`
			`response=list[ModerationRequestSchema],`
			`url_name="picture_moderation_requests",`
			`)`
			`def fetch_moderation_requests(self, picture_id: int):`
			`"""Fetch the moderation requests issued on this picture."""`
			`picture = self.get_object_or_exception(Picture, pk=picture_id)`
			`return picture.moderation_requests.select_related("author")`

Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00
add tests 2024-07-26 12:25:26 +00:00			`@api_controller("/sas/relation", tags="User identification on SAS pictures")`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`class UsersIdentifiedController(ControllerBase):`
add tests 2024-07-26 12:25:26 +00:00			`@route.delete("/{relation_id}", permissions=[IsAuthenticated])`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`def delete_relation(self, relation_id: NonNegativeInt):`
add tests 2024-07-26 12:25:26 +00:00			`"""Untag a user from a SAS picture.`

			`Root and SAS admins can delete any picture identification.`
			`All other users can delete their own identification.`
			`"""`
			`relation = self.get_object_or_exception(PeoplePictureRelation, pk=relation_id)`
			`user: User = self.context.request.user`
Fix button to remove a user from picture 2024-07-25 15:27:23 +00:00			`if (`
			`relation.user_id != user.id`
			`and not user.is_root`
			`and not user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID)`
			`):`
			`raise PermissionDenied`
			`relation.delete()`