mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-07-22 14:29:36 +02:00
493a13995c
* Refactor user_id to user in adventures and related models, views, and components - Updated all instances of user_id to user in the adventures app, including models, serializers, views, and frontend components. - Adjusted queries and filters to reflect the new user field naming convention. - Ensured consistency across the codebase for user identification in adventures, collections, notes, and transportation entities. - Modified frontend components to align with the updated data structure, ensuring proper access control and rendering based on user ownership. * Refactor adventure-related views and components to use "Location" terminology - Updated GlobalSearchView to replace AdventureSerializer with LocationSerializer. - Modified IcsCalendarGeneratorViewSet to use LocationSerializer instead of AdventureSerializer. - Created new LocationImageViewSet for managing location images, including primary image toggling and image deletion. - Introduced LocationViewSet for managing locations with enhanced filtering, sorting, and sharing capabilities. - Updated ReverseGeocodeViewSet to utilize LocationSerializer. - Added ActivityTypesView to retrieve distinct activity types from locations. - Refactored user views to replace AdventureSerializer with LocationSerializer. - Updated frontend components to reflect changes from "adventure" to "location", including AdventureCard, AdventureLink, AdventureModal, and others. - Adjusted API endpoints in frontend routes to align with new location-based structure. - Ensured all references to adventures are replaced with locations across the codebase. * refactor: rename adventures to locations across the application - Updated localization files to replace adventure-related terms with location-related terms. - Refactored TypeScript types and variables from Adventure to Location in various routes and components. - Adjusted UI elements and labels to reflect the change from adventures to locations. - Ensured all references to adventures in the codebase are consistent with the new location terminology. * Refactor code structure for improved readability and maintainability * feat: Implement location details page with server-side loading and deletion functionality - Added +page.server.ts to handle server-side loading of additional location info. - Created +page.svelte for displaying location details, including images, visits, and maps. - Integrated GPX file handling and rendering on the map. - Updated map route to link to locations instead of adventures. - Refactored profile and search routes to use LocationCard instead of AdventureCard. * docs: Update terminology from "Adventure" to "Location" and enhance project overview * docs: Clarify collection examples in usage documentation * feat: Enable credentials for GPX file fetch and add CORS_ALLOW_CREDENTIALS setting * Refactor adventure references to locations across the backend and frontend - Updated CategoryViewSet to reflect location context instead of adventures. - Modified ChecklistViewSet to include locations in retrieval logic. - Changed GlobalSearchView to search for locations instead of adventures. - Adjusted IcsCalendarGeneratorViewSet to handle locations instead of adventures. - Refactored LocationImageViewSet to remove unused import. - Updated LocationViewSet to clarify public access for locations. - Changed LodgingViewSet to reference locations instead of adventures. - Modified NoteViewSet to prevent listing all locations. - Updated RecommendationsViewSet to handle locations in parsing and response. - Adjusted ReverseGeocodeViewSet to search through user locations. - Updated StatsViewSet to count locations instead of adventures. - Changed TagsView to reflect activity types for locations. - Updated TransportationViewSet to reference locations instead of adventures. - Added new translations for search results related to locations in multiple languages. - Updated dashboard and profile pages to reflect location counts instead of adventure counts. - Adjusted search routes to handle locations instead of adventures. * Update banner image * style: Update stats component background and border for improved visibility * refactor: Rename AdventureCard and AdventureModal to LocationCard and LocationModal for consistency
100 lines
3.8 KiB
Python
100 lines
3.8 KiB
Python
from rest_framework import permissions
|
|
|
|
class IsOwnerOrReadOnly(permissions.BasePermission):
|
|
"""
|
|
Owners can edit, others have read-only access.
|
|
"""
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
# obj.user is FK to User, compare with request.user
|
|
return obj.user == request.user
|
|
|
|
|
|
class IsPublicReadOnly(permissions.BasePermission):
|
|
"""
|
|
Read-only if public or owner, write only for owner.
|
|
"""
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return obj.is_public or obj.user == request.user
|
|
return obj.user == request.user
|
|
|
|
|
|
class CollectionShared(permissions.BasePermission):
|
|
"""
|
|
Allow full access if user is in shared_with of collection(s) or owner,
|
|
read-only if public or shared_with,
|
|
write only if owner or shared_with.
|
|
"""
|
|
def has_object_permission(self, request, view, obj):
|
|
user = request.user
|
|
if not user or not user.is_authenticated:
|
|
# Anonymous: only read public
|
|
return request.method in permissions.SAFE_METHODS and obj.is_public
|
|
|
|
# Check if user is in shared_with of any collections related to the obj
|
|
# If obj is a Collection itself:
|
|
if hasattr(obj, 'shared_with'):
|
|
if obj.shared_with.filter(id=user.id).exists():
|
|
return True
|
|
|
|
# If obj is a Location (has collections M2M)
|
|
if hasattr(obj, 'collections'):
|
|
# Check if user is in shared_with of any related collection
|
|
shared_collections = obj.collections.filter(shared_with=user)
|
|
if shared_collections.exists():
|
|
return True
|
|
|
|
# Read permission if public or owner
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return obj.is_public or obj.user == user
|
|
|
|
# Write permission only if owner or shared user via collections
|
|
if obj.user == user:
|
|
return True
|
|
|
|
if hasattr(obj, 'collections'):
|
|
if obj.collections.filter(shared_with=user).exists():
|
|
return True
|
|
|
|
# Default deny
|
|
return False
|
|
|
|
|
|
class IsOwnerOrSharedWithFullAccess(permissions.BasePermission):
|
|
"""
|
|
Full access for owners and users shared via collections,
|
|
read-only for others if public.
|
|
"""
|
|
def has_object_permission(self, request, view, obj):
|
|
user = request.user
|
|
if not user or not user.is_authenticated:
|
|
return request.method in permissions.SAFE_METHODS and obj.is_public
|
|
|
|
# If safe method (read), allow if:
|
|
if request.method in permissions.SAFE_METHODS:
|
|
if obj.is_public:
|
|
return True
|
|
if obj.user == user:
|
|
return True
|
|
# If user in shared_with of any collection related to obj
|
|
if hasattr(obj, 'collections') and obj.collections.filter(shared_with=user).exists():
|
|
return True
|
|
if hasattr(obj, 'collection') and obj.collection and obj.collection.shared_with.filter(id=user.id).exists():
|
|
return True
|
|
if hasattr(obj, 'shared_with') and obj.shared_with.filter(id=user.id).exists():
|
|
return True
|
|
return False
|
|
|
|
# For write methods, allow if owner or shared user
|
|
if obj.user == user:
|
|
return True
|
|
if hasattr(obj, 'collections') and obj.collections.filter(shared_with=user).exists():
|
|
return True
|
|
if hasattr(obj, 'collection') and obj.collection and obj.collection.shared_with.filter(id=user.id).exists():
|
|
return True
|
|
if hasattr(obj, 'shared_with') and obj.shared_with.filter(id=user.id).exists():
|
|
return True
|
|
|
|
return False
|