recipe share basics

cookbook/helper/permission_helper.py

@@ -108,7 +108,7 @@ def group_required(*groups_required):
     def in_groups(u):
         return has_group_permission(u, groups_required)
 
-    return user_passes_test(in_groups, login_url='view_no_group')
+    return user_passes_test(in_groups, login_url='view_no_perm')
 
 
 class GroupRequiredMixin(object):

cookbook/helper/scope_middleware.py

@@ -28,4 +28,6 @@ class ScopeMiddleware:
             with scope(space=request.space):
                 return self.get_response(request)
         else:
+            with scopes_disabled():
+                request.space = None
                 return self.get_response(request)

cookbook/templates/no_groups_info.html

@@ -12,7 +12,12 @@
         <h1 class="">{% trans 'No Permissions' %}</h1>
         <br/>
 
-        <span>{% trans 'You do not have any groups and therefor cannot use this application. Please contact your administrator.' %}</span> <br/>
+
+        <span>
+            {% trans 'You do not have any groups and therefor cannot use this application.' %}
+            {% trans 'Please contact your administrator.' %}
+        </span>
+        <br/>
 
     </div>
 

cookbook/templates/no_perm_info.html

@@ -0,0 +1,20 @@
+{% extends "base.html" %}
+{% load static %}
+{% load i18n %}
+
+{% block title %}{% trans "No Permission" %}{% endblock %}
+
+
+{% block content %}
+
+    <div style="text-align: center">
+
+        <h1 class="">{% trans 'No Permission' %}</h1>
+        <br/>
+
+        <span>{% trans 'You do not have the required permissions to view this page or perform this action.' %}  {% trans 'Please contact your administrator.' %}</span> <br/>
+
+    </div>
+
+{% endblock %}
+

cookbook/templates/no_space_info.html

@@ -12,7 +12,7 @@
         <h1 class="">{% trans 'No Space' %}</h1>
         <br/>
 
-        <span>{% trans 'You are not a member of any space. Please contact your administrator.' %}</span> <br/>
+        <span>{% trans 'You are not a member of any space.' %}  {% trans 'Please contact your administrator.' %}</span> <br/>
 
     </div>
 

cookbook/urls.py

@@ -41,6 +41,7 @@ urlpatterns = [
     path('setup/', views.setup, name='view_setup'),
     path('no-group', views.no_groups, name='view_no_group'),
     path('no-space', views.no_space, name='view_no_space'),
+    path('no-perm', views.no_perm, name='view_no_perm'),
     path('signup/<slug:token>', views.signup, name='view_signup'),
     path('system/', views.system, name='view_system'),
     path('search/', views.search, name='view_search'),

cookbook/views/api.py

@@ -289,13 +289,14 @@ class RecipeViewSet(viewsets.ModelViewSet, StandardFilterMixin):
     permission_classes = [CustomIsShare | CustomIsGuest]
 
     def get_queryset(self):
-        queryset = self.queryset.filter(space=self.request.user.userpreference.space)
+        if self.request.space:
+            self.queryset = self.queryset.filter(space=self.request.space)
 
         internal = self.request.query_params.get('internal', None)
         if internal:
-            queryset = queryset.filter(internal=True)
+            self.queryset = self.queryset.filter(internal=True)
 
-        return queryset
+        return self.queryset
 
     # TODO write extensive tests for permissions
 

cookbook/views/views.py

@@ -50,15 +50,12 @@ def index(request):
 
         return HttpResponseRedirect(page_map.get(request.user.userpreference.default_page))
     except UserPreference.DoesNotExist:
-        return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path)
+        return HttpResponseRedirect(reverse('view_search'))
 
 
 def search(request):
     if has_group_permission(request.user, ('guest',)):
-        f = RecipeFilter(
+        f = RecipeFilter(request.GET, queryset=Recipe.objects.filter(space=request.user.userpreference.space).all().order_by('name'))
-            request.GET,
-            queryset=Recipe.objects.filter(space=request.user.userpreference.space).all().order_by('name')
-        )
 
         if request.user.userpreference.search_style == UserPreference.LARGE:
             table = RecipeTable(f.qs)
@@ -82,7 +79,10 @@ def search(request):
 
         return render(request, 'index.html', {'recipes': table, 'filter': f, 'last_viewed': last_viewed})
     else:
-        return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path)
+        if request.user.is_authenticated:
+            return HttpResponseRedirect(reverse('view_no_group'))
+        else:
+            return HttpResponseRedirect(reverse('account_login') + '?next=' + request.path)
 
 
 def no_groups(request):
@@ -93,29 +93,28 @@ def no_space(request):
     return render(request, 'no_space_info.html')
 
 
+def no_perm(request):
+    return render(request, 'no_perm_info.html')
+
+
 def recipe_view(request, pk, share=None):
     with scopes_disabled():
         recipe = get_object_or_404(Recipe, pk=pk)
 
+        if not request.user.is_authenticated and not share_link_valid(recipe, share):
+            messages.add_message(request, messages.ERROR, _('You do not have the required permissions to view this page!'))
+            return HttpResponseRedirect(reverse('account_login') + '?next=' + request.path)
+
         if not (has_group_permission(request.user, ('guest',)) and recipe.space == request.space) and not share_link_valid(recipe, share):
             messages.add_message(request, messages.ERROR, _('You do not have the required permissions to view this page!'))
-        return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path)
+            return HttpResponseRedirect(reverse('index'))
 
         comments = Comment.objects.filter(recipe__space=request.space, recipe=recipe)
 
         if request.method == "POST":
             if not request.user.is_authenticated:
-            messages.add_message(
+                messages.add_message(request, messages.ERROR, _('You do not have the required permissions to perform this action!'))
-                request,
+                return HttpResponseRedirect(reverse('view_recipe', kwargs={'pk': recipe.pk, 'share': share}))
-                messages.ERROR,
-                _('You do not have the required permissions to perform this action!')  # noqa: E501
-            )
-            return HttpResponseRedirect(
-                reverse(
-                    'view_recipe',
-                    kwargs={'pk': recipe.pk, 'share': share}
-                )
-            )
 
             comment_form = CommentForm(request.POST, prefix='comment')
             if comment_form.is_valid():
@@ -123,26 +122,9 @@ def recipe_view(request, pk, share=None):
                 comment.recipe = recipe
                 comment.text = comment_form.cleaned_data['text']
                 comment.created_by = request.user
-
                 comment.save()
 
-            messages.add_message(
+                messages.add_message(request, messages.SUCCESS, _('Comment saved!'))
-                request, messages.SUCCESS, _('Comment saved!')
-            )
-
-        bookmark_form = RecipeBookEntryForm(request.POST, prefix='bookmark', space=request.space)
-        if bookmark_form.is_valid():
-            bookmark = RecipeBookEntry()
-            bookmark.recipe = recipe
-            bookmark.book = bookmark_form.cleaned_data['book']
-
-            try:
-                bookmark.save()
-            except IntegrityError as e:
-                if 'UNIQUE constraint' in str(e.args):
-                    messages.add_message(request, messages.ERROR, _('This recipe is already linked to the book!'))
-            else:
-                messages.add_message(request, messages.SUCCESS, _('Bookmark saved!'))
 
         comment_form = CommentForm()