Fix for deleting books in shelfs (#419)

This commit is contained in:
OzzieIsaacs 2018-01-06 12:08:55 +01:00
parent 0329306031
commit 07d6ba094b

View File

@ -2194,13 +2194,14 @@ def remove_from_shelf(shelf_id, book_id):
# if shelf is public and use is allowed to edit shelfs, or if shelf is private and user is owner # if shelf is public and use is allowed to edit shelfs, or if shelf is private and user is owner
# allow editing shelfs # allow editing shelfs
if (not shelf.is_public and not shelf.user_id == int(current_user.id)) \ # result shelf public user allowed user owner
or not (shelf.is_public and current_user.role_edit_shelfs()): # false 1 0 x
if not request.is_xhr: # true 1 1 x
app.logger.info("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name) # true 0 x 1
return redirect(url_for('index')) # false 0 x 0
return "Sorry you are not allowed to add a book to the the shelf: %s" % shelf.name, 403
if (not shelf.is_public and shelf.user_id == int(current_user.id)) \
or (shelf.is_public and current_user.role_edit_shelfs()):
book_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id, book_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id,
ub.BookShelf.book_id == book_id).first() ub.BookShelf.book_id == book_id).first()
@ -2217,6 +2218,13 @@ def remove_from_shelf(shelf_id, book_id):
flash(_(u"Book has been removed from shelf: %(sname)s", sname=shelf.name), category="success") flash(_(u"Book has been removed from shelf: %(sname)s", sname=shelf.name), category="success")
return redirect(request.environ["HTTP_REFERER"]) return redirect(request.environ["HTTP_REFERER"])
return "", 204 return "", 204
else:
app.logger.info("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name)
if not request.is_xhr:
flash(_(u"Sorry you are not allowed to remove a book from this shelf: %(sname)s", sname=shelf.name), category="error")
return redirect(url_for('index'))
return "Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name, 403
@app.route("/shelf/create", methods=["GET", "POST"]) @app.route("/shelf/create", methods=["GET", "POST"])