fix book share permission

2022-02-18 17:52:32 +01:00
parent 3cbc96b8b7
commit e081d823ed
4 changed files with 17 additions and 12 deletions
--- a/cookbook/helper/recipe_search.py
+++ b/cookbook/helper/recipe_search.py
@ -14,7 +14,7 @@ from cookbook.helper.HelperFunctions import Round, str2bool
 from cookbook.helper.permission_helper import has_group_permission
 from cookbook.managers import DICTIONARY
 from cookbook.models import (CookLog, CustomFilter, Food, Keyword, Recipe, SearchFields,
-                             SearchPreference, ViewLog)
+                             SearchPreference, ViewLog, RecipeBook)
 from recipes import settings


@ -27,9 +27,12 @@ class RecipeSearch():
        self._request = request
        self._queryset = None
        if f := params.get('filter', None):
-            filter = CustomFilter.objects.filter(id=f, space=self._request.space).filter(Q(created_by=self._request.user) | Q(shared=self._request.user)).first()
-            if filter:
-                self._params = {**json.loads(filter.search)}
+            custom_filter = CustomFilter.objects.filter(id=f, space=self._request.space).filter(Q(created_by=self._request.user) | Q(shared=self._request.user)).first()
+            if not custom_filter:
+                if book := RecipeBook.objects.filter(space=self._request.space, filter=f).filter(Q(created_by=self._request.user) | Q(shared=self._request.user)).first():
+                    custom_filter = book.filter
+            if custom_filter:
+                self._params = {**json.loads(custom_filter.search)}
                self._original_params = {**(params or {})}
            else:
                self._params = {**(params or {})}
--- a/cookbook/serializer.py
+++ b/cookbook/serializer.py
@ -678,7 +678,7 @@ class RecipeBookEntrySerializer(serializers.ModelSerializer):
    def create(self, validated_data):
        book = validated_data['book']
        recipe = validated_data['recipe']
-        if not book.get_owner() == self.context['request'].user:
+        if not book.get_owner() == self.context['request'].user and not  self.context['request'].user in book.get_shared():
            raise NotFound(detail=None, code=None)
        obj, created = RecipeBookEntry.objects.get_or_create(book=book, recipe=recipe)
        return obj
@ -733,11 +733,11 @@ class ShoppingListRecipeSerializer(serializers.ModelSerializer):
            value = Decimal(value)
        value = value.quantize(Decimal(1)) if value == value.to_integral() else value.normalize()  # strips trailing zero
        return (
-            obj.name
-            or getattr(obj.mealplan, 'title', None)
-            or (d := getattr(obj.mealplan, 'date', None)) and ': '.join([obj.mealplan.recipe.name, str(d)])
-            or obj.recipe.name
-        ) + f' ({value:.2g})'
+                       obj.name
+                       or getattr(obj.mealplan, 'title', None)
+                       or (d := getattr(obj.mealplan, 'date', None)) and ': '.join([obj.mealplan.recipe.name, str(d)])
+                       or obj.recipe.name
+               ) + f' ({value:.2g})'

    def update(self, instance, validated_data):
        # TODO remove once old shopping list
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@ -492,7 +492,7 @@ class FoodViewSet(viewsets.ModelViewSet, TreeMixin):
 class RecipeBookViewSet(viewsets.ModelViewSet, StandardFilterMixin):
    queryset = RecipeBook.objects
    serializer_class = RecipeBookSerializer
-    permission_classes = [CustomIsOwner]
+    permission_classes = [CustomIsOwner | CustomIsShared]

    def get_queryset(self):
        self.queryset = self.queryset.filter(Q(created_by=self.request.user) | Q(shared=self.request.user)).filter(
@ -511,7 +511,7 @@ class RecipeBookEntryViewSet(viewsets.ModelViewSet, viewsets.GenericViewSet):
    """
    queryset = RecipeBookEntry.objects
    serializer_class = RecipeBookEntrySerializer
-    permission_classes = [CustomIsOwner]
+    permission_classes = [CustomIsOwner | CustomIsShared]

    def get_queryset(self):
        queryset = self.queryset.filter(
--- a/vue/src/components/Modals/AddRecipeToBook.vue
+++ b/vue/src/components/Modals/AddRecipeToBook.vue
@ -98,6 +98,8 @@ export default {
      apiFactory.createRecipeBookEntry({book: this.selected_book.id, recipe: this.recipe.id}).then(r => {
        this.recipe_book_list.push(r.data)
        StandardToasts.makeStandardToast(StandardToasts.SUCCESS_CREATE)
+      }).catch(e => {
+          StandardToasts.makeStandardToast(StandardToasts.FAIL_UPDATE)
      })
    },
    removeFromBook: function (book_entry) {