Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-21 22:09:36 +02:00
Code Issues Releases Activity

Fix is_public bugs

Browse source
This commit is contained in:
Sean Morley 2024-09-09 14:29:50 -04:00
parent fe8a41f51b
commit dd17e24f44
3 changed files with 45 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

36
backend/server/adventures/views.py
View file

@ -95,12 +95,6 @@ class AdventureViewSet(viewsets.ModelViewSet):
adventure = get_object_or_404(queryset, pk=kwargs['pk']) adventure = get_object_or_404(queryset, pk=kwargs['pk'])
serializer = self.get_serializer(adventure) serializer = self.get_serializer(adventure)
return Response(serializer.data) return Response(serializer.data)
def perform_create(self, serializer):
adventure = serializer.save(user_id=self.request.user)
if adventure.collection:
adventure.is_public = adventure.collection.is_public
adventure.save()
def perform_update(self, serializer): def perform_update(self, serializer):
adventure = serializer.save() adventure = serializer.save()
@ -201,7 +195,7 @@ class AdventureViewSet(viewsets.ModelViewSet):
serializer = self.get_serializer(queryset, many=True) serializer = self.get_serializer(queryset, many=True)
return Response(serializer.data) return Response(serializer.data)
def partial_update(self, request, *args, **kwargs): def update(self, request, *args, **kwargs):
# Retrieve the current object # Retrieve the current object
instance = self.get_object() instance = self.get_object()
@ -209,6 +203,10 @@ class AdventureViewSet(viewsets.ModelViewSet):
serializer = self.get_serializer(instance, data=request.data, partial=True) serializer = self.get_serializer(instance, data=request.data, partial=True)
serializer.is_valid(raise_exception=True) serializer.is_valid(raise_exception=True)
# if the adventure is trying to have is_public changed and its part of a collection return an error
if 'is_public' in serializer.validated_data and instance.collection:
return Response({"error": "Cannot change is_public for adventures in a collection"}, status=400)
# Retrieve the collection from the validated data # Retrieve the collection from the validated data
new_collection = serializer.validated_data.get('collection') new_collection = serializer.validated_data.get('collection')
@ -244,6 +242,10 @@ class AdventureViewSet(viewsets.ModelViewSet):
user = request.user user = request.user
print(new_collection) print(new_collection)
# if the adventure is trying to have is_public changed and its part of a collection return an error
if 'is_public' in serializer.validated_data and instance.collection:
return Response({"error": "Cannot change is_public for adventures in a collection"}, status=400)
if new_collection is not None and new_collection!=instance.collection: if new_collection is not None and new_collection!=instance.collection:
# Check if the user is the owner of the new collection # Check if the user is the owner of the new collection
if new_collection.user_id != user or instance.user_id != user: if new_collection.user_id != user or instance.user_id != user:
@ -266,7 +268,7 @@ class AdventureViewSet(viewsets.ModelViewSet):
def perform_create(self, serializer): def perform_create(self, serializer):
# Retrieve the collection from the validated data # Retrieve the collection from the validated data
collection = serializer.validated_data.get('collection') collection = serializer.validated_data.get('collection')
# Check if a collection is provided # Check if a collection is provided
if collection: if collection:
user = self.request.user user = self.request.user
@ -275,7 +277,8 @@ class AdventureViewSet(viewsets.ModelViewSet):
# Return an error response if the user does not have permission # Return an error response if the user does not have permission
raise PermissionDenied("You do not have permission to use this collection.") raise PermissionDenied("You do not have permission to use this collection.")
# if collection the owner of the adventure is the owner of the collection # if collection the owner of the adventure is the owner of the collection
serializer.save(user_id=collection.user_id) # set the is_public field of the adventure to the is_public field of the collection
serializer.save(user_id=collection.user_id, is_public=collection.is_public)
return return
# Save the adventure with the current user as the owner # Save the adventure with the current user as the owner
@ -380,6 +383,11 @@ class CollectionViewSet(viewsets.ModelViewSet):
if 'is_public' in serializer.validated_data: if 'is_public' in serializer.validated_data:
new_public_status = serializer.validated_data['is_public'] new_public_status = serializer.validated_data['is_public']
# if is_publuc has changed and the user is not the owner of the collection return an error
if new_public_status != instance.is_public and instance.user_id != request.user:
print(f"User {request.user.id} does not own the collection {instance.id} that is owned by {instance.user_id}")
return Response({"error": "User does not own the collection"}, status=400)
# Update associated adventures to match the collection's is_public status # Update associated adventures to match the collection's is_public status
Adventure.objects.filter(collection=instance).update(is_public=new_public_status) Adventure.objects.filter(collection=instance).update(is_public=new_public_status)
@ -467,6 +475,8 @@ class CollectionViewSet(viewsets.ModelViewSet):
).distinct() ).distinct()
if self.action == 'retrieve': if self.action == 'retrieve':
if not self.request.user.is_authenticated:
return Collection.objects.filter(is_public=True)
return Collection.objects.filter( return Collection.objects.filter(
Q(is_public=True) | Q(user_id=self.request.user.id) | Q(shared_with=self.request.user) Q(is_public=True) | Q(user_id=self.request.user.id) | Q(shared_with=self.request.user)
).distinct() ).distinct()
@ -966,7 +976,13 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
return Response({"error": "Adventure not found"}, status=status.HTTP_404_NOT_FOUND) return Response({"error": "Adventure not found"}, status=status.HTTP_404_NOT_FOUND)
if adventure.user_id != request.user: if adventure.user_id != request.user:
return Response({"error": "User does not own this adventure"}, status=status.HTTP_403_FORBIDDEN) # Check if the adventure has a collection
if adventure.collection:
# Check if the user is in the collection's shared_with list
if not adventure.collection.shared_with.filter(id=request.user.id).exists():
return Response({"error": "User does not have permission to access this adventure"}, status=status.HTTP_403_FORBIDDEN)
else:
return Response({"error": "User does not own this adventure"}, status=status.HTTP_403_FORBIDDEN)
return super().create(request, *args, **kwargs) return super().create(request, *args, **kwargs)

5
frontend/src/lib/components/AdventureCard.svelte
View file

@ -307,8 +307,9 @@
</ul> </ul>
</div> </div>
{:else} {:else}
<button class="btn btn-neutral mb-2" on:click={() => goto(`/adventures/${adventure.id}`)} <button
><Launch class="w-6 h-6" /></button class="btn btn-neutral-200 mb-2"
on:click={() => goto(`/adventures/${adventure.id}`)}><Launch class="w-6 h-6" /></button
> >
{/if} {/if}
{/if} {/if}

30
frontend/src/lib/components/AdventureModal.svelte
View file

@ -627,22 +627,24 @@
</button> </button>
{/if} {/if}
</div> </div>
<div> {#if !collection_id}
<div class="mt-2"> <div>
<div> <div class="mt-2">
<label for="is_public" <div>
>Public <Earth class="inline-block -mt-1 mb-1 w-6 h-6" /></label <label for="is_public"
><br /> >Public <Earth class="inline-block -mt-1 mb-1 w-6 h-6" /></label
<input ><br />
type="checkbox" <input
class="toggle toggle-primary" type="checkbox"
id="is_public" class="toggle toggle-primary"
name="is_public" id="is_public"
bind:checked={adventure.is_public} name="is_public"
/> bind:checked={adventure.is_public}
/>
</div>
</div> </div>
</div> </div>
</div> {/if}
</div> </div>
<div class="divider"></div> <div class="divider"></div>
<h2 class="text-2xl font-semibold mb-2 mt-2">Location Information</h2> <h2 class="text-2xl font-semibold mb-2 mt-2">Location Information</h2>