mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-10 00:03:24 +00:00
add PictureQuerySet.viewable_by(user)
method
This commit is contained in:
parent
da6bd84cdf
commit
4506440a62
@ -41,14 +41,12 @@ class PicturesController(ControllerBase):
|
||||
cf. https://ae.utbm.fr/user/32663/pictures/)
|
||||
"""
|
||||
user: User = self.context.request.user
|
||||
if not user.is_subscribed and filters.users_identified != {user.id}:
|
||||
if not user.was_subscribed and filters.users_identified != {user.id}:
|
||||
# User can view any moderated picture if he/she is subscribed.
|
||||
# If not, he/she can view only the one he/she has been identified on
|
||||
raise PermissionDenied
|
||||
return (
|
||||
filters.filter(
|
||||
Picture.objects.filter(is_moderated=True, asked_for_removal=False)
|
||||
)
|
||||
filters.filter(Picture.objects.viewable_by(user))
|
||||
.distinct()
|
||||
.order_by("-parent__date", "date")
|
||||
.annotate(album=F("parent__name"))
|
||||
|
@ -14,6 +14,7 @@
|
||||
#
|
||||
|
||||
from io import BytesIO
|
||||
from typing import Self
|
||||
|
||||
from django.conf import settings
|
||||
from django.core.cache import cache
|
||||
@ -27,9 +28,25 @@ from core.models import SithFile, User
|
||||
from core.utils import exif_auto_rotate, resize_image
|
||||
|
||||
|
||||
class PictureQuerySet(models.QuerySet):
|
||||
def viewable_by(self, user: User) -> Self:
|
||||
"""Filter the pictures that this user can view.
|
||||
|
||||
Warnings:
|
||||
Calling this queryset method may add several additional requests.
|
||||
"""
|
||||
if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID):
|
||||
return self.all()
|
||||
if user.was_subscribed:
|
||||
return self.filter(is_moderated=True)
|
||||
return self.filter(people__user_id=user.id)
|
||||
|
||||
|
||||
class SASPictureManager(models.Manager):
|
||||
def get_queryset(self):
|
||||
return super().get_queryset().filter(is_in_sas=True, is_folder=False)
|
||||
return PictureQuerySet(self.model, using=self._db).filter(
|
||||
is_in_sas=True, is_folder=False
|
||||
)
|
||||
|
||||
|
||||
class SASAlbumManager(models.Manager):
|
||||
@ -41,7 +58,7 @@ class Picture(SithFile):
|
||||
class Meta:
|
||||
proxy = True
|
||||
|
||||
objects = SASPictureManager()
|
||||
objects = SASPictureManager.from_queryset(PictureQuerySet)()
|
||||
|
||||
@property
|
||||
def is_vertical(self):
|
||||
@ -58,7 +75,7 @@ class Picture(SithFile):
|
||||
cache.set("%d_can_edit_pictures" % (user.id), perm, timeout=4)
|
||||
return perm
|
||||
|
||||
def can_be_viewed_by(self, user):
|
||||
def can_be_viewed_by(self, user: User) -> bool:
|
||||
# SAS pictures are visible to old subscribers
|
||||
# Result is cached 4s for this user
|
||||
if user.is_anonymous:
|
||||
|
@ -75,7 +75,8 @@ class TestPictureSearch(TestSas):
|
||||
assert [i["id"] for i in res.json()["results"]] == expected
|
||||
|
||||
def test_not_subscribed_user(self):
|
||||
"""Test that a user that is not subscribed can only its own pictures."""
|
||||
"""Test that a user that never subscribed can only its own pictures."""
|
||||
self.user_a.subscriptions.all().delete()
|
||||
self.client.force_login(self.user_a)
|
||||
res = self.client.get(
|
||||
reverse("api:pictures") + f"?users_identified={self.user_a.id}"
|
||||
|
@ -18,7 +18,6 @@ from ajax_select.fields import AutoCompleteSelectMultipleField
|
||||
from django import forms
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.paginator import InvalidPage, Paginator
|
||||
from django.http import Http404, HttpResponse
|
||||
from django.shortcuts import get_object_or_404, redirect
|
||||
from django.urls import reverse, reverse_lazy
|
||||
@ -318,9 +317,7 @@ class ModerationView(TemplateView):
|
||||
kwargs["albums_to_moderate"] = Album.objects.filter(
|
||||
is_moderated=False, is_in_sas=True, is_folder=True
|
||||
).order_by("id")
|
||||
kwargs["pictures"] = Picture.objects.filter(
|
||||
is_moderated=False, is_in_sas=True, is_folder=False
|
||||
)
|
||||
kwargs["pictures"] = Picture.objects.filter(is_moderated=False)
|
||||
kwargs["albums"] = Album.objects.filter(
|
||||
id__in=kwargs["pictures"].values("parent").distinct("parent")
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user