feat: Enhance Adventure and Collection Management

- Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions.
2025-07-20 13:29:37 +02:00 · 2025-06-12 15:54:01 -04:00 · 2025-06-12 15:54:01 -04:00 · 3f9a6767bd
commit 3f9a6767bd
parent d9070e68bb
22 changed files with 686 additions and 289 deletions
--- a/backend/server/adventures/utils/file_permissions.py
+++ b/backend/server/adventures/utils/file_permissions.py
@ -15,9 +15,12 @@ def checkFilePermission(fileId, user, mediaType):
                return True
            elif adventure.user_id == user:
                return True
-            elif adventure.collection:
-                if adventure.collection.shared_with.filter(id=user.id).exists():
-                    return True
+            elif adventure.collections.exists():
+                # Check if the user is in any collection's shared_with list
+                for collection in adventure.collections.all():
+                    if collection.shared_with.filter(id=user.id).exists():
+                        return True
+                return False
            else:
                return False
        except AdventureImage.DoesNotExist:
@ -27,14 +30,18 @@ def checkFilePermission(fileId, user, mediaType):
            # Construct the full relative path to match the database field
            attachment_path = f"attachments/{fileId}"
            # Fetch the Attachment object
-            attachment = Attachment.objects.get(file=attachment_path).adventure
-            if attachment.is_public:
+            attachment = Attachment.objects.get(file=attachment_path)
+            adventure = attachment.adventure
+            if adventure.is_public:
                return True
-            elif attachment.user_id == user:
+            elif adventure.user_id == user:
                return True
-            elif attachment.collection:
-                if attachment.collection.shared_with.filter(id=user.id).exists():
-                    return True
+            elif adventure.collections.exists():
+                # Check if the user is in any collection's shared_with list
+                for collection in adventure.collections.all():
+                    if collection.shared_with.filter(id=user.id).exists():
+                        return True
+                return False
            else:
                return False
        except Attachment.DoesNotExist: