AdventureLog/backend/server/adventures/utils/file_permissions.py

from adventures.models import AdventureImage, Attachment

protected_paths = ['images/', 'attachments/']

def checkFilePermission(fileId, user, mediaType):
    if mediaType not in protected_paths:
        return True
    if mediaType == 'images/':
        try:
            # Construct the full relative path to match the database field
            image_path = f"images/{fileId}"
            # Fetch the AdventureImage object
            adventure = AdventureImage.objects.get(image=image_path).adventure
            if adventure.is_public:
                return True
            elif adventure.user_id == user:
                return True
            elif adventure.collections.exists():
                # Check if the user is in any collection's shared_with list
                for collection in adventure.collections.all():
                    if collection.shared_with.filter(id=user.id).exists():
                        return True
                return False
            else:
                return False
        except AdventureImage.DoesNotExist:
            return False
    elif mediaType == 'attachments/':
        try:
            # Construct the full relative path to match the database field
            attachment_path = f"attachments/{fileId}"
            # Fetch the Attachment object
            attachment = Attachment.objects.get(file=attachment_path)
            adventure = attachment.adventure
            if adventure.is_public:
                return True
            elif adventure.user_id == user:
                return True
            elif adventure.collections.exists():
                # Check if the user is in any collection's shared_with list
                for collection in adventure.collections.all():
                    if collection.shared_with.filter(id=user.id).exists():
                        return True
                return False
            else:
                return False
        except Attachment.DoesNotExist:
            return False
feat: add Attachment model and implement file permission checks for media access 2025-01-18 20:06:12 -05:00			`from adventures.models import AdventureImage, Attachment`

			`protected_paths = ['images/', 'attachments/']`

			`def checkFilePermission(fileId, user, mediaType):`
			`if mediaType not in protected_paths:`
			`return True`
			`if mediaType == 'images/':`
			`try:`
			`# Construct the full relative path to match the database field`
			`image_path = f"images/{fileId}"`
			`# Fetch the AdventureImage object`
			`adventure = AdventureImage.objects.get(image=image_path).adventure`
			`if adventure.is_public:`
			`return True`
			`elif adventure.user_id == user:`
			`return True`
feat: Enhance Adventure and Collection Management - Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions. 2025-06-12 15:54:01 -04:00			`elif adventure.collections.exists():`
			`# Check if the user is in any collection's shared_with list`
			`for collection in adventure.collections.all():`
			`if collection.shared_with.filter(id=user.id).exists():`
			`return True`
			`return False`
feat: add Attachment model and implement file permission checks for media access 2025-01-18 20:06:12 -05:00			`else:`
			`return False`
			`except AdventureImage.DoesNotExist:`
			`return False`
			`elif mediaType == 'attachments/':`
			`try:`
			`# Construct the full relative path to match the database field`
			`attachment_path = f"attachments/{fileId}"`
			`# Fetch the Attachment object`
feat: Enhance Adventure and Collection Management - Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions. 2025-06-12 15:54:01 -04:00			`attachment = Attachment.objects.get(file=attachment_path)`
			`adventure = attachment.adventure`
			`if adventure.is_public:`
feat: add Attachment model and implement file permission checks for media access 2025-01-18 20:06:12 -05:00			`return True`
feat: Enhance Adventure and Collection Management - Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions. 2025-06-12 15:54:01 -04:00			`elif adventure.user_id == user:`
feat: add Attachment model and implement file permission checks for media access 2025-01-18 20:06:12 -05:00			`return True`
feat: Enhance Adventure and Collection Management - Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions. 2025-06-12 15:54:01 -04:00			`elif adventure.collections.exists():`
			`# Check if the user is in any collection's shared_with list`
			`for collection in adventure.collections.all():`
			`if collection.shared_with.filter(id=user.id).exists():`
			`return True`
			`return False`
feat: add Attachment model and implement file permission checks for media access 2025-01-18 20:06:12 -05:00			`else:`
			`return False`
			`except Attachment.DoesNotExist:`
			`return False`