feat: Enhance Adventure and Collection Management

- Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions.
2025-07-23 14:59:36 +02:00 · 2025-06-12 15:54:01 -04:00 · 2025-06-12 15:54:01 -04:00 · 3f9a6767bd
commit 3f9a6767bd
parent d9070e68bb
22 changed files with 686 additions and 289 deletions
--- a/backend/server/adventures/views/adventure_image_view.py
+++ b/backend/server/adventures/views/adventure_image_view.py
@ -51,10 +51,16 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
            return Response({"error": "Adventure not found"}, status=status.HTTP_404_NOT_FOUND)
        
        if adventure.user_id != request.user:
-            # Check if the adventure has a collection
-            if adventure.collection:
-                # Check if the user is in the collection's shared_with list
-                if not adventure.collection.shared_with.filter(id=request.user.id).exists():
+            # Check if the adventure has any collections
+            if adventure.collections.exists():
+                # Check if the user is in the shared_with list of any of the adventure's collections
+                user_has_access = False
+                for collection in adventure.collections.all():
+                    if collection.shared_with.filter(id=request.user.id).exists():
+                        user_has_access = True
+                        break
+                
+                if not user_has_access:
                    return Response({"error": "User does not have permission to access this adventure"}, status=status.HTTP_403_FORBIDDEN)
            else:
                return Response({"error": "User does not own this adventure"}, status=status.HTTP_403_FORBIDDEN)
@ -189,7 +195,7 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
        queryset = AdventureImage.objects.filter(
            Q(adventure__id=adventure_uuid) & (
                Q(adventure__user_id=request.user) |  # User owns the adventure
-                Q(adventure__collection__shared_with=request.user)  # User has shared access via collection
+                Q(adventure__collections__shared_with=request.user)  # User has shared access via collection
            )
        ).distinct()
        
@ -200,7 +206,7 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
        # Updated to include images from adventures the user owns OR has shared access to
        return AdventureImage.objects.filter(
            Q(adventure__user_id=self.request.user) |  # User owns the adventure
-            Q(adventure__collection__shared_with=self.request.user)  # User has shared access via collection
+            Q(adventure__collections__shared_with=self.request.user)  # User has shared access via collection
        ).distinct()

    def perform_create(self, serializer):