mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-07-19 04:49:37 +02:00
3f9a6767bd
- Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions.
48 lines
No EOL
1.9 KiB
Python
48 lines
No EOL
1.9 KiB
Python
from adventures.models import AdventureImage, Attachment
|
|
|
|
protected_paths = ['images/', 'attachments/']
|
|
|
|
def checkFilePermission(fileId, user, mediaType):
|
|
if mediaType not in protected_paths:
|
|
return True
|
|
if mediaType == 'images/':
|
|
try:
|
|
# Construct the full relative path to match the database field
|
|
image_path = f"images/{fileId}"
|
|
# Fetch the AdventureImage object
|
|
adventure = AdventureImage.objects.get(image=image_path).adventure
|
|
if adventure.is_public:
|
|
return True
|
|
elif adventure.user_id == user:
|
|
return True
|
|
elif adventure.collections.exists():
|
|
# Check if the user is in any collection's shared_with list
|
|
for collection in adventure.collections.all():
|
|
if collection.shared_with.filter(id=user.id).exists():
|
|
return True
|
|
return False
|
|
else:
|
|
return False
|
|
except AdventureImage.DoesNotExist:
|
|
return False
|
|
elif mediaType == 'attachments/':
|
|
try:
|
|
# Construct the full relative path to match the database field
|
|
attachment_path = f"attachments/{fileId}"
|
|
# Fetch the Attachment object
|
|
attachment = Attachment.objects.get(file=attachment_path)
|
|
adventure = attachment.adventure
|
|
if adventure.is_public:
|
|
return True
|
|
elif adventure.user_id == user:
|
|
return True
|
|
elif adventure.collections.exists():
|
|
# Check if the user is in any collection's shared_with list
|
|
for collection in adventure.collections.all():
|
|
if collection.shared_with.filter(id=user.id).exists():
|
|
return True
|
|
return False
|
|
else:
|
|
return False
|
|
except Attachment.DoesNotExist:
|
|
return False |