From cbc807f3ff7eb709cdf2dd13d65dac45f9d25ee6 Mon Sep 17 00:00:00 2001 From: OzzieIsaacs Date: Sun, 19 Mar 2017 20:29:35 +0100 Subject: [PATCH] Fix #138 --- cps/templates/config_edit.html | 4 +++ cps/templates/shelf.html | 25 ++++++++++++++++--- cps/templates/shelf_edit.html | 12 +++++---- cps/templates/user_edit.html | 4 +++ cps/ub.py | 13 ++++++++++ cps/web.py | 45 +++++++++++++++++++++------------- 6 files changed, 77 insertions(+), 26 deletions(-) diff --git a/cps/templates/config_edit.html b/cps/templates/config_edit.html index 62a27245..f22ace64 100644 --- a/cps/templates/config_edit.html +++ b/cps/templates/config_edit.html @@ -114,6 +114,10 @@ +
+ + +
{% if not origin %} {{_('Back')}} diff --git a/cps/templates/shelf.html b/cps/templates/shelf.html index f8571652..1d1e91d2 100644 --- a/cps/templates/shelf.html +++ b/cps/templates/shelf.html @@ -3,10 +3,11 @@

{{title}}

{% if g.user.is_authenticated %} - {{ _('Delete this Shelf') }} - {{ _('Edit Shelf name') }} - {{ _('Change order') }} - + {% if (g.user.role_edit_shelfs() and shelf.is_public ) or not shelf.is_public %} +
{{ _('Delete this Shelf') }}
+ {{ _('Edit Shelf name') }} + {{ _('Change order') }} + {% endif %} {% endif %}
@@ -39,4 +40,20 @@ {% endfor %}
+ + {% endblock %} diff --git a/cps/templates/shelf_edit.html b/cps/templates/shelf_edit.html index 59a9f1d4..454a7c41 100644 --- a/cps/templates/shelf_edit.html +++ b/cps/templates/shelf_edit.html @@ -7,11 +7,13 @@ -
- -
+ {% if g.user.role_edit_shelfs() %} +
+ +
+ {% endif %} {% if shelf.id != None %} {{_('Back')}} diff --git a/cps/templates/user_edit.html b/cps/templates/user_edit.html index 2e006ad0..6da290bd 100644 --- a/cps/templates/user_edit.html +++ b/cps/templates/user_edit.html @@ -104,6 +104,10 @@ +
+ + +
{% endif %} {% endif %} {% if g.user and g.user.role_admin() and not profile and not new_user and not content.role_anonymous() %} diff --git a/cps/ub.py b/cps/ub.py index 44a3808d..370b373a 100644 --- a/cps/ub.py +++ b/cps/ub.py @@ -24,6 +24,7 @@ ROLE_UPLOAD = 4 ROLE_EDIT = 8 ROLE_PASSWD = 16 ROLE_ANONYMOUS = 32 +ROLE_EDIT_SHELFS = 64 DETAIL_RANDOM = 1 SIDEBAR_LANGUAGE = 2 @@ -86,6 +87,12 @@ class UserBase: else: return False + def role_edit_shelfs(self): + if self.role is not None: + return True if self.role & ROLE_EDIT_SHELFS == ROLE_EDIT_SHELFS else False + else: + return False + def is_active(self): return True @@ -353,6 +360,12 @@ class Config: else: return False + def role_edit_shelfs(self): + if self.config_default_role is not None: + return True if self.config_default_role & ROLE_EDIT_SHELFS == ROLE_EDIT_SHELFS else False + else: + return False + def get_Log_Level(self): ret_value="" if self.config_log_level == logging.INFO: diff --git a/cps/web.py b/cps/web.py index 1510b292..1ff36c36 100755 --- a/cps/web.py +++ b/cps/web.py @@ -1754,43 +1754,43 @@ def send_to_kindle(book_id): def add_to_shelf(shelf_id, book_id): shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first() if not shelf.is_public and not shelf.user_id == int(current_user.id): - flash("Sorry you are not allowed to add a book to the the shelf: %s" % shelf.name) + app.logger.info("Sorry you are not allowed to add a book to the the shelf: %s" % shelf.name) return redirect(url_for('index')) maxOrder = ub.session.query(func.max(ub.BookShelf.order)).filter(ub.BookShelf.shelf == shelf_id).first() book_in_shelf=ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id, ub.BookShelf.book_id == book_id).first() if book_in_shelf: - flash("Book is already part of the shelf: %s" % shelf.name) + app.logger.info("Book is already part of the shelf: %s" % shelf.name) return redirect(url_for('index')) if maxOrder[0] is None: maxOrder = 0 else: maxOrder = maxOrder[0] - ins = ub.BookShelf(shelf=shelf.id, book_id=book_id, order=maxOrder + 1) - ub.session.add(ins) - ub.session.commit() - - flash(_(u"Book has been added to shelf: %(sname)s", sname=shelf.name), category="success") - return redirect(request.environ["HTTP_REFERER"]) + if (shelf.is_public and current_user.role_edit_shelfs()) or not shelf.is_public: + ins = ub.BookShelf(shelf=shelf.id, book_id=book_id, order=maxOrder + 1) + ub.session.add(ins) + ub.session.commit() + flash(_(u"Book has been added to shelf: %(sname)s", sname=shelf.name), category="success") + return redirect(request.environ["HTTP_REFERER"]) + else: + app.logger.info("User is not allowed to edit public shelfs" ) + return redirect(url_for('index')) @app.route("/shelf/remove//") @login_required def remove_from_shelf(shelf_id, book_id): shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first() - if not shelf.is_public and not shelf.user_id == int(current_user.id): - flash("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name) + if not shelf.is_public and not shelf.user_id == int(current_user.id) \ + or (shelf.is_public and current_user.role_edit_shelfs()): + app.logger.info("Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name) return redirect(url_for('index')) book_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id, ub.BookShelf.book_id == book_id).first() - - # rem = ub.BookShelf(shelf=shelf.id, book_id=book_id) ub.session.delete(book_shelf) ub.session.commit() - flash(_(u"Book has been removed from shelf: %(sname)s", sname=shelf.name), category="success") - return redirect(request.environ["HTTP_REFERER"]) @@ -1853,10 +1853,12 @@ def edit_shelf(shelf_id): @login_required def delete_shelf(shelf_id): cur_shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first() - if current_user.role == ub.ROLE_ADMIN: + if current_user.role_admin(): deleted = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).delete() else: - deleted = ub.session.query(ub.Shelf).filter(ub.or_(ub.and_(ub.Shelf.user_id == int(current_user.id), + if not cur_shelf.is_public and not cur_shelf.user_id == int(current_user.id) \ + or (cur_shelf.is_public and current_user.role_edit_shelfs()): + deleted = ub.session.query(ub.Shelf).filter(ub.or_(ub.and_(ub.Shelf.user_id == int(current_user.id), ub.Shelf.id == shelf_id), ub.and_(ub.Shelf.is_public == 1, ub.Shelf.id == shelf_id))).delete() @@ -1864,7 +1866,7 @@ def delete_shelf(shelf_id): if deleted: ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id).delete() ub.session.commit() - flash(_(u"successfully deleted shelf %(name)s", name=cur_shelf.name, category="success")) + app.logger.info(_(u"successfully deleted shelf %(name)s", name=cur_shelf.name, category="success")) return redirect(url_for('index')) @@ -2094,6 +2096,8 @@ def configuration_helper(origin): content.config_default_role = content.config_default_role + ub.ROLE_EDIT if "passwd_role" in to_save: content.config_default_role = content.config_default_role + ub.ROLE_PASSWD + if "passwd_role" in to_save: + content.config_default_role = content.config_default_role + ub.ROLE_EDIT_SHELFS try: if content.config_use_google_drive and is_gdrive_ready() and not os.path.exists(config.config_calibre_dir + "/metadata.db"): gdriveutils.downloadFile(Gdrive.Instance().drive, None, "metadata.db", config.config_calibre_dir + "/metadata.db") @@ -2187,6 +2191,8 @@ def new_user(): content.role = content.role + ub.ROLE_EDIT if "passwd_role" in to_save: content.role = content.role + ub.ROLE_PASSWD + if "edit_shelf_role" in to_save: + content.role = content.role + ub.ROLE_EDIT_SHELFS try: ub.session.add(content) ub.session.commit() @@ -2290,6 +2296,11 @@ def edit_user(user_id): elif "passwd_role" not in to_save and content.role_passwd(): content.role = content.role - ub.ROLE_PASSWD + if "edit_shelf_role" in to_save and not content.role_edit_shelfs(): + content.role = content.role + ub.ROLE_EDIT_SHELFS + elif "edit_shelf_role" not in to_save and content.role_edit_shelfs(): + content.role = content.role - ub.ROLE_EDIT_SHELFS + if "show_random" in to_save and not content.show_random_books(): content.sidebar_view += ub.SIDEBAR_RANDOM elif "show_random" not in to_save and content.show_random_books():