diff --git a/core/utils.py b/core/utils.py index 05865464..acaabb25 100644 --- a/core/utils.py +++ b/core/utils.py @@ -227,7 +227,7 @@ def get_client_ip(request: HttpRequest) -> str | None: return None -Filterable = models.Model | models.QuerySet | models.Manager +Filterable = type[models.Model] | models.QuerySet | models.Manager ListFilter = dict[str, list | tuple | set] diff --git a/sas/api.py b/sas/api.py index 0488900e..0e858013 100644 --- a/sas/api.py +++ b/sas/api.py @@ -2,7 +2,6 @@ from typing import Any, Literal from django.conf import settings from django.core.exceptions import ValidationError -from django.shortcuts import get_list_or_404 from django.urls import reverse from ninja import Body, Query, UploadedFile from ninja.errors import HttpError @@ -73,7 +72,7 @@ class AlbumController(ControllerBase): Album.objects.viewable_by(self.context.request.user).order_by("-date") ) - @route.patch("/parent", permissions=[IsAuthenticated]) + @route.patch("/parent") def change_album_parent(self, payload: list[MoveAlbumSchema]): """Change parents of albums @@ -87,17 +86,19 @@ class AlbumController(ControllerBase): ) if not user.has_perm("sas.change_album"): unauthorized = [a.id for a in albums if not user.can_edit(a)] - raise PermissionDenied( - f"You can't move the following albums : {unauthorized}" - ) + if unauthorized: + raise PermissionDenied( + f"You can't move the following albums : {unauthorized}" + ) parents: list[Album] = get_list_exact_or_404( Album, pk__in={a.new_parent_id for a in payload} ) if not user.has_perm("sas.change_album"): unauthorized = [a.id for a in parents if not user.can_edit(a)] - raise PermissionDenied( - f"You can't move to the following albums : {unauthorized}" - ) + if unauthorized: + raise PermissionDenied( + f"You can't move to the following albums : {unauthorized}" + ) id_to_new_parent = {i.id: i.new_parent_id for i in payload} for album in albums: album.parent_id = id_to_new_parent[album.id] @@ -109,12 +110,6 @@ class AlbumController(ControllerBase): # because we would then have to manage rollbacks on fail. Album.objects.bulk_update(albums, fields=["parent_id"]) - @route.delete("", permissions=[HasPerm("sas.delete_album")]) - def delete_album(self, album_ids: list[int]): - # known caveat : deleting an album doesn't delete the pictures on the disk. - # It's a db only operation. - albums: list[Album] = get_list_or_404(Album, pk__in=album_ids) - @api_controller("/sas/picture") class PicturesController(ControllerBase): @@ -259,9 +254,9 @@ class UsersIdentifiedController(ControllerBase): relation = self.get_object_or_exception(PeoplePictureRelation, pk=relation_id) user: User = self.context.request.user if ( - relation.user_id != user.id - and not user.is_root - and not user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID) + relation.user_id != user.id + and not user.is_root + and not user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID) ): raise PermissionDenied relation.delete() diff --git a/sas/schemas.py b/sas/schemas.py index ddf0e84a..01a74f13 100644 --- a/sas/schemas.py +++ b/sas/schemas.py @@ -26,19 +26,10 @@ class SimpleAlbumSchema(ModelSchema): class AlbumSchema(ModelSchema): class Meta: model = Album - fields = ["id", "name", "is_moderated"] + fields = ["id", "name", "is_moderated", "thumbnail"] - thumbnail: str | None sas_url: str - @staticmethod - def resolve_thumbnail(obj: Album) -> str | None: - # Album thumbnails aren't stored in `Album.thumbnail` but in `Album.file` - # Don't ask me why. - if not obj.file: - return None - return obj.get_download_url() - @staticmethod def resolve_sas_url(obj: Album) -> str: return obj.get_absolute_url()