WIP

sas/views.py

@@ -24,12 +24,12 @@ from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.safestring import SafeString
 from django.views.generic import CreateView, DetailView, TemplateView
-from django.views.generic.edit import FormView, UpdateView
+from django.views.generic.edit import FormMixin, FormView, UpdateView
 
 from core.auth.mixins import CanEditMixin, CanViewMixin
 from core.models import SithFile, User
-from core.views import UseFragmentsMixin
-from core.views.files import FileView, send_raw_file
+from core.views import FileView, UseFragmentsMixin
+from core.views.files import send_raw_file
 from core.views.mixins import FragmentMixin, FragmentRenderer
 from core.views.user import UserTabsMixin
 from sas.forms import (
@@ -65,6 +65,7 @@ class AlbumCreateFragment(FragmentMixin, CreateView):
 
 
 class SASMainView(UseFragmentsMixin, TemplateView):
+    form_class = AlbumCreateForm
     template_name = "sas/main.jinja"
 
     def get_fragments(self) -> dict[str, FragmentRenderer]:
@@ -81,23 +82,25 @@ class SASMainView(UseFragmentsMixin, TemplateView):
         root_user = User.objects.get(pk=settings.SITH_ROOT_USER_ID)
         return {"album_create_fragment": {"owner": root_user}}
 
-    def post(self, request, *args, **kwargs):
-        self.form = self.get_form()
-        root = User.objects.filter(username="root").first()
-        if request.user.is_authenticated and request.user.is_in_group(
-            pk=settings.SITH_GROUP_SAS_ADMIN_ID
-        ):
-            if self.form.is_valid():
-                self.form.process(parent=None, owner=root, files=[], automodere=True)
-                if self.form.is_valid():
-                    return super().form_valid(self.form)
-        else:
-            self.form.add_error(None, _("You do not have the permission to do that"))
-        return self.form_invalid(self.form)
+    def dispatch(self, request, *args, **kwargs):
+        if request.method == "POST" and not self.request.user.has_perm("sas.add_album"):
+            raise PermissionDenied
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_form(self, form_class=None):
+        if not self.request.user.has_perm("sas.add_album"):
+            return None
+        return super().get_form(form_class)
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {
+            "owner": User.objects.get(pk=settings.SITH_ROOT_USER_ID),
+            "parent": None,
+        }
 
     def get_context_data(self, **kwargs):
         kwargs = super().get_context_data(**kwargs)
-        albums_qs = Album.objects.annotate_is_moderated().viewable_by(self.request.user)
+        albums_qs = Album.objects.viewable_by(self.request.user)
         kwargs["categories"] = list(albums_qs.filter(parent=None).order_by("id"))
         kwargs["latest"] = list(
             albums_qs.exclude(id=settings.SITH_SAS_ROOT_DIR_ID).order_by("-id")[:5]
@@ -143,13 +146,14 @@ def send_thumb(request, picture_id):
     return send_raw_file(Path(picture.thumbnail.path))
 
 
-class AlbumView(CanViewMixin, UseFragmentsMixin, DetailView):
+class AlbumView(CanViewMixin, UseFragmentsMixin, FormMixin, DetailView):
     model = Album
     # exclude the SAS from the album accessible with this view
     # the SAS can be viewed only with SASMainView
     queryset = Album.objects.exclude(id=settings.SITH_SAS_ROOT_DIR_ID)
     pk_url_kwarg = "album_id"
     template_name = "sas/album.jinja"
+    form_class = PictureUploadForm
 
     def get_fragments(self) -> dict[str, FragmentRenderer]:
         return {
@@ -164,26 +168,32 @@ class AlbumView(CanViewMixin, UseFragmentsMixin, DetailView):
         except ValueError as e:
             raise Http404 from e
         if "clipboard" not in request.session:
-            request.session["clipboard"] = []
+            request.session["clipboard"] = {"albums": [], "pictures": []}
         return super().dispatch(request, *args, **kwargs)
 
+    def get_form(self, *args, **kwargs):
+        if not self.request.user.can_edit(self.object):
+            return None
+        return super().get_form(*args, **kwargs)
+
     def post(self, request, *args, **kwargs):
         self.object = self.get_object()
-        if not request.user.can_edit(self.object):
+        form = self.get_form()
+        if not form:
+            # the form is reserved for users that can edit this album.
+            # If there is no form, it means the user has no right to do a POST
             raise PermissionDenied
-        FileView.handle_clipboard(request, self.object)
-        return HttpResponseRedirect(self.request.path)
+        FileView.handle_clipboard(self.request, self.object)
+        if not form.is_valid():
+            return self.form_invalid(form)
+        return self.form_valid(form)
 
     def get_fragment_data(self) -> dict[str, dict[str, Any]]:
         return {"album_create_fragment": {"owner": self.request.user}}
 
     def get_context_data(self, **kwargs):
         kwargs = super().get_context_data(**kwargs)
-        if ids := self.request.session.get("clipboard", None):
-            kwargs["clipboard"] = SithFile.objects.filter(id__in=ids)
-        kwargs["upload_form"] = PictureUploadForm()
-        # if True, the albums will be fetched with a request to the API
-        # if False, the section won't be displayed at all
+        kwargs["clipboard"] = {}
         kwargs["show_albums"] = (
             Album.objects.viewable_by(self.request.user)
             .filter(parent_id=self.object.id)