recipe share basics

2021-02-21 16:37:04 +01:00
parent 24e43e3e2e
commit 46fb02376e
8 changed files with 80 additions and 69 deletions
--- a/cookbook/helper/permission_helper.py
+++ b/cookbook/helper/permission_helper.py
@ -108,7 +108,7 @@ def group_required(*groups_required):
    def in_groups(u):
        return has_group_permission(u, groups_required)

-    return user_passes_test(in_groups, login_url='view_no_group')
+    return user_passes_test(in_groups, login_url='view_no_perm')


 class GroupRequiredMixin(object):
--- a/cookbook/helper/scope_middleware.py
+++ b/cookbook/helper/scope_middleware.py
@ -28,4 +28,6 @@ class ScopeMiddleware:
            with scope(space=request.space):
                return self.get_response(request)
        else:
+            with scopes_disabled():
+                request.space = None
                return self.get_response(request)
--- a/cookbook/templates/no_groups_info.html
+++ b/cookbook/templates/no_groups_info.html
@ -12,7 +12,12 @@
        <h1 class="">{% trans 'No Permissions' %}</h1>
        <br/>

-        <span>{% trans 'You do not have any groups and therefor cannot use this application. Please contact your administrator.' %}</span> <br/>
+
+        <span>
+            {% trans 'You do not have any groups and therefor cannot use this application.' %}
+            {% trans 'Please contact your administrator.' %}
+        </span>
+        <br/>

    </div>

--- a/cookbook/templates/no_perm_info.html
+++ b/cookbook/templates/no_perm_info.html
@ -0,0 +1,20 @@
+{% extends "base.html" %}
+{% load static %}
+{% load i18n %}
+
+{% block title %}{% trans "No Permission" %}{% endblock %}
+
+
+{% block content %}
+
+    <div style="text-align: center">
+
+        <h1 class="">{% trans 'No Permission' %}</h1>
+        <br/>
+
+        <span>{% trans 'You do not have the required permissions to view this page or perform this action.' %}  {% trans 'Please contact your administrator.' %}</span> <br/>
+
+    </div>
+
+{% endblock %}
+
--- a/cookbook/templates/no_space_info.html
+++ b/cookbook/templates/no_space_info.html
@ -12,7 +12,7 @@
        <h1 class="">{% trans 'No Space' %}</h1>
        <br/>

-        <span>{% trans 'You are not a member of any space. Please contact your administrator.' %}</span> <br/>
+        <span>{% trans 'You are not a member of any space.' %}  {% trans 'Please contact your administrator.' %}</span> <br/>

    </div>

--- a/cookbook/urls.py
+++ b/cookbook/urls.py
@ -41,6 +41,7 @@ urlpatterns = [
    path('setup/', views.setup, name='view_setup'),
    path('no-group', views.no_groups, name='view_no_group'),
    path('no-space', views.no_space, name='view_no_space'),
+    path('no-perm', views.no_perm, name='view_no_perm'),
    path('signup/<slug:token>', views.signup, name='view_signup'),
    path('system/', views.system, name='view_system'),
    path('search/', views.search, name='view_search'),
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@ -289,13 +289,14 @@ class RecipeViewSet(viewsets.ModelViewSet, StandardFilterMixin):
    permission_classes = [CustomIsShare | CustomIsGuest]

    def get_queryset(self):
-        queryset = self.queryset.filter(space=self.request.user.userpreference.space)
+        if self.request.space:
+            self.queryset = self.queryset.filter(space=self.request.space)

        internal = self.request.query_params.get('internal', None)
        if internal:
-            queryset = queryset.filter(internal=True)
+            self.queryset = self.queryset.filter(internal=True)

-        return queryset
+        return self.queryset

    # TODO write extensive tests for permissions

--- a/cookbook/views/views.py
+++ b/cookbook/views/views.py
@ -50,15 +50,12 @@ def index(request):

        return HttpResponseRedirect(page_map.get(request.user.userpreference.default_page))
    except UserPreference.DoesNotExist:
-        return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path)
+        return HttpResponseRedirect(reverse('view_search'))


 def search(request):
    if has_group_permission(request.user, ('guest',)):
-        f = RecipeFilter(
-            request.GET,
-            queryset=Recipe.objects.filter(space=request.user.userpreference.space).all().order_by('name')
-        )
+        f = RecipeFilter(request.GET, queryset=Recipe.objects.filter(space=request.user.userpreference.space).all().order_by('name'))

        if request.user.userpreference.search_style == UserPreference.LARGE:
            table = RecipeTable(f.qs)
@ -82,7 +79,10 @@ def search(request):

        return render(request, 'index.html', {'recipes': table, 'filter': f, 'last_viewed': last_viewed})
    else:
-        return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path)
+        if request.user.is_authenticated:
+            return HttpResponseRedirect(reverse('view_no_group'))
+        else:
+            return HttpResponseRedirect(reverse('account_login') + '?next=' + request.path)


 def no_groups(request):
@ -93,29 +93,28 @@ def no_space(request):
    return render(request, 'no_space_info.html')


+def no_perm(request):
+    return render(request, 'no_perm_info.html')
+
+
 def recipe_view(request, pk, share=None):
    with scopes_disabled():
        recipe = get_object_or_404(Recipe, pk=pk)

+        if not request.user.is_authenticated and not share_link_valid(recipe, share):
+            messages.add_message(request, messages.ERROR, _('You do not have the required permissions to view this page!'))
+            return HttpResponseRedirect(reverse('account_login') + '?next=' + request.path)
+
        if not (has_group_permission(request.user, ('guest',)) and recipe.space == request.space) and not share_link_valid(recipe, share):
            messages.add_message(request, messages.ERROR, _('You do not have the required permissions to view this page!'))
-        return HttpResponseRedirect(reverse('view_no_group') + '?next=' + request.path)
+            return HttpResponseRedirect(reverse('index'))

        comments = Comment.objects.filter(recipe__space=request.space, recipe=recipe)

        if request.method == "POST":
            if not request.user.is_authenticated:
-            messages.add_message(
-                request,
-                messages.ERROR,
-                _('You do not have the required permissions to perform this action!')  # noqa: E501
-            )
-            return HttpResponseRedirect(
-                reverse(
-                    'view_recipe',
-                    kwargs={'pk': recipe.pk, 'share': share}
-                )
-            )
+                messages.add_message(request, messages.ERROR, _('You do not have the required permissions to perform this action!'))
+                return HttpResponseRedirect(reverse('view_recipe', kwargs={'pk': recipe.pk, 'share': share}))

            comment_form = CommentForm(request.POST, prefix='comment')
            if comment_form.is_valid():
@ -123,26 +122,9 @@ def recipe_view(request, pk, share=None):
                comment.recipe = recipe
                comment.text = comment_form.cleaned_data['text']
                comment.created_by = request.user
-
                comment.save()

-            messages.add_message(
-                request, messages.SUCCESS, _('Comment saved!')
-            )
-
-        bookmark_form = RecipeBookEntryForm(request.POST, prefix='bookmark', space=request.space)
-        if bookmark_form.is_valid():
-            bookmark = RecipeBookEntry()
-            bookmark.recipe = recipe
-            bookmark.book = bookmark_form.cleaned_data['book']
-
-            try:
-                bookmark.save()
-            except IntegrityError as e:
-                if 'UNIQUE constraint' in str(e.args):
-                    messages.add_message(request, messages.ERROR, _('This recipe is already linked to the book!'))
-            else:
-                messages.add_message(request, messages.SUCCESS, _('Bookmark saved!'))
+                messages.add_message(request, messages.SUCCESS, _('Comment saved!'))

        comment_form = CommentForm()