From f70c839014031541f6243747967d9d3b34a8bdfe Mon Sep 17 00:00:00 2001
From: Ozzieisaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Sun, 19 May 2019 18:39:34 +0200
Subject: [PATCH] Added additional permission viewer

---
 cps/admin.py                        |  7 +++++++
 cps/templates/admin.html            |  2 ++
 cps/templates/config_view_edit.html |  4 ++++
 cps/templates/detail.html           |  2 +-
 cps/templates/readpdf.html          | 12 ++++++------
 cps/templates/user_edit.html        |  4 ++++
 cps/ub.py                           | 14 +++++++++++++-
 cps/web.py                          | 12 ++++++++++++
 8 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/cps/admin.py b/cps/admin.py
index aee7fd09..6aca350a 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -185,6 +185,8 @@ def view_configuration():
             content.config_default_role = content.config_default_role + ub.ROLE_ADMIN
         if "download_role" in to_save:
             content.config_default_role = content.config_default_role + ub.ROLE_DOWNLOAD
+        if "viewer_role" in to_save:
+            content.config_default_role = content.config_default_role + ub.ROLE_VIEWER
         if "upload_role" in to_save:
             content.config_default_role = content.config_default_role + ub.ROLE_UPLOAD
         if "edit_role" in to_save:
@@ -651,6 +653,11 @@ def edit_user(user_id):
             elif "download_role" not in to_save and content.role_download():
                 content.role = content.role - ub.ROLE_DOWNLOAD
 
+            if "viewer_role" in to_save and not content.role_viewer():
+                content.role = content.role + ub.ROLE_VIEWER
+            elif "viewer_role" not in to_save and content.role_viewer():
+                content.role = content.role - ub.ROLE_VIEWER
+
             if "upload_role" in to_save and not content.role_upload():
                 content.role = content.role + ub.ROLE_UPLOAD
             elif "upload_role" not in to_save and content.role_upload():
diff --git a/cps/templates/admin.html b/cps/templates/admin.html
index 89c598a7..ee92996e 100644
--- a/cps/templates/admin.html
+++ b/cps/templates/admin.html
@@ -12,6 +12,7 @@
             <th>{{_('DLS')}}</th>
             <th class="hidden-xs">{{_('Admin')}}</th>
             <th class="hidden-xs">{{_('Download')}}</th>
+            <th class="hidden-xs">{{_('View Ebooks')}}</th>
             <th class="hidden-xs">{{_('Upload')}}</th>
             <th class="hidden-xs">{{_('Edit')}}</th>
         </tr>
@@ -24,6 +25,7 @@
             <td>{{user.downloads.count()}}</td>
             <td class="hidden-xs">{% if user.role_admin() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
             <td class="hidden-xs">{% if user.role_download() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
+            <td class="hidden-xs">{% if user.role_viewer() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
             <td class="hidden-xs">{% if user.role_upload() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
             <td class="hidden-xs">{% if user.role_edit() %}<span class="glyphicon glyphicon-ok"></span>{% else %}<span class="glyphicon glyphicon-remove"></span>{% endif %}</td>
           </tr>
diff --git a/cps/templates/config_view_edit.html b/cps/templates/config_view_edit.html
index a6601a58..bc6defa4 100644
--- a/cps/templates/config_view_edit.html
+++ b/cps/templates/config_view_edit.html
@@ -84,6 +84,10 @@
           <input type="checkbox" name="download_role" id="download_role" {% if conf.role_download() %}checked{% endif %}>
           <label for="download_role">{{_('Allow Downloads')}}</label>
         </div>
+        <div class="form-group">
+          <input type="checkbox" name="viewer_role" id="viewer_role" {% if conf.role_viewer() %}checked{% endif %}>
+          <label for="viewer_role">{{_('Allow book viewer')}}</label>
+        </div>
         <div class="form-group">
           <input type="checkbox" name="upload_role" id="upload_role" {% if conf.role_upload() %}checked{% endif %}>
           <label for="upload_role">{{_('Allow Uploads')}}</label>
diff --git a/cps/templates/detail.html b/cps/templates/detail.html
index 5fd0871e..49869713 100644
--- a/cps/templates/detail.html
+++ b/cps/templates/detail.html
@@ -53,7 +53,7 @@
                 </div>
               {% endif %}
             {% endif %}
-          {% if reader_list  %}
+          {% if reader_list and g.user.role_viewer() %}
               <div class="btn-group" role="group">
                 <button id="read-in-browser" type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                   <span class="glyphicon glyphicon-eye-open"></span> {{_('Read in browser')}}
diff --git a/cps/templates/readpdf.html b/cps/templates/readpdf.html
index 60dcdc2a..9a3ecefd 100644
--- a/cps/templates/readpdf.html
+++ b/cps/templates/readpdf.html
@@ -26,7 +26,7 @@ See https://github.com/adobe-type-tools/cmap-resources
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
     <meta name="google" content="notranslate">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <title>{{_('PDF.js viewer')}}</title>
+    <title>{{_('PDF reader')}}</title>
 
 
     <link rel="stylesheet" href="{{ url_for('static', filename='css/libs/viewer.css') }}">
@@ -42,7 +42,8 @@ See https://github.com/adobe-type-tools/cmap-resources
         PDFViewerApplicationOptions.set('imageResourcesPath', "{{ url_for('static', filename='css/images/') }}");
         PDFViewerApplicationOptions.set('workerSrc', "{{ url_for('static', filename='js/libs/pdf.worker.js') }}");
         PDFViewerApplicationOptions.set('sidebarViewOnLoad', 0);
-        // PDFViewerApplication.open("{{ url_for('serve_book', book_id=pdffile, book_format='pdf') }}");
+        // PDFViewerApplication.appConfig.secondaryToolbar.downloadButton.setAttribute('hidden', 'true');
+        // PDFViewerApplication.open("{{ url_for('web.serve_book', book_id=pdffile, book_format='pdf') }}");
         PDFViewerApplicationOptions.set('defaultUrl', "{{ url_for('web.serve_book', book_id=pdffile, book_format='pdf') }}");
     });
     </script>
@@ -124,11 +125,9 @@ See https://github.com/adobe-type-tools/cmap-resources
             <button id="secondaryPrint" class="secondaryToolbarButton print visibleMediumView" title="Print" tabindex="53" data-l10n-id="print">
               <span data-l10n-id="print_label">Print</span>
             </button>
-
-            <button id="secondaryDownload" class="secondaryToolbarButton download visibleMediumView" title="Download" tabindex="54" data-l10n-id="download">
+            <button id="secondaryDownload" class="secondaryToolbarButton download visibleMediumView" title="Download" tabindex="54" data-l10n-id="download" {% if not g.user.role_download() %} style="display:none;" {% endif %}>
               <span data-l10n-id="download_label">Download</span>
             </button>
-
             <a href="#" id="secondaryViewBookmark" class="secondaryToolbarButton bookmark visibleSmallView" title="Current view (copy or open in new window)" tabindex="55" data-l10n-id="bookmark">
               <span data-l10n-id="bookmark_label">Current View</span>
             </a>
@@ -228,9 +227,10 @@ See https://github.com/adobe-type-tools/cmap-resources
                   <span data-l10n-id="print_label">Print</span>
                 </button>
 
-                <button id="download" class="toolbarButton download hiddenMediumView" title="Download" tabindex="34" data-l10n-id="download">
+                <button id="download" class="toolbarButton download hiddenMediumView" title="Download" tabindex="34" data-l10n-id="download" {% if not g.user.role_download() %} style="display:none;" {% endif %}>
                   <span data-l10n-id="download_label">Download</span>
                 </button>
+
                 <a href="#" id="viewBookmark" class="toolbarButton bookmark hiddenSmallView" title="Current view (copy or open in new window)" tabindex="35" data-l10n-id="bookmark">
                   <span data-l10n-id="bookmark_label">Current View</span>
                 </a>
diff --git a/cps/templates/user_edit.html b/cps/templates/user_edit.html
index ad8435bc..7a7c0aca 100644
--- a/cps/templates/user_edit.html
+++ b/cps/templates/user_edit.html
@@ -91,6 +91,10 @@
       <input type="checkbox" name="download_role" id="download_role" {% if content.role_download() %}checked{% endif %}>
       <label for="download_role">{{_('Allow Downloads')}}</label>
     </div>
+    <div class="form-group">
+      <input type="checkbox" name="viewer_role" id="viewer_role" {% if content.role_viewer() %}checked{% endif %}>
+      <label for="viewer_role">{{_('Allow book viewer')}}</label>
+    </div>
     <div class="form-group">
       <input type="checkbox" name="upload_role" id="upload_role" {% if content.role_upload() %}checked{% endif %}>
       <label for="upload_role">{{_('Allow Uploads')}}</label>
diff --git a/cps/ub.py b/cps/ub.py
index ce389cb8..a37c10df 100644
--- a/cps/ub.py
+++ b/cps/ub.py
@@ -54,6 +54,7 @@ ROLE_PASSWD = 16
 ROLE_ANONYMOUS = 32
 ROLE_EDIT_SHELFS = 64
 ROLE_DELETE_BOOKS = 128
+ROLE_VIEWER = 256
 
 
 DETAIL_RANDOM = 1
@@ -202,6 +203,10 @@ class UserBase:
     def role_delete_books(self):
         return bool((self.role is not None)and(self.role & ROLE_DELETE_BOOKS == ROLE_DELETE_BOOKS))
 
+
+    def role_viewer(self):
+        return bool((self.role is not None)and(self.role & ROLE_VIEWER == ROLE_VIEWER))
+
     @property
     def is_active(self):
         return True
@@ -549,6 +554,12 @@ class Config:
         else:
             return False
 
+    def role_viewer(self):
+        if self.config_default_role is not None:
+            return True if self.config_default_role & ROLE_VIEWER == ROLE_VIEWER else False
+        else:
+            return False
+
     def role_upload(self):
         if self.config_default_role is not None:
             return True if self.config_default_role & ROLE_UPLOAD == ROLE_UPLOAD else False
@@ -853,7 +864,8 @@ def create_anonymous_user():
 def create_admin_user():
     user = User()
     user.nickname = "admin"
-    user.role = ROLE_USER + ROLE_ADMIN + ROLE_DOWNLOAD + ROLE_UPLOAD + ROLE_EDIT + ROLE_DELETE_BOOKS + ROLE_PASSWD
+    user.role = ROLE_USER + ROLE_ADMIN + ROLE_DOWNLOAD + ROLE_UPLOAD + ROLE_EDIT + ROLE_DELETE_BOOKS + ROLE_PASSWD +\
+                ROLE_VIEWER
     user.sidebar_view = DETAIL_RANDOM + SIDEBAR_LANGUAGE + SIDEBAR_SERIES + SIDEBAR_CATEGORY + SIDEBAR_HOT + \
             SIDEBAR_RANDOM + SIDEBAR_AUTHOR + SIDEBAR_BEST_RATED + SIDEBAR_READ_AND_UNREAD + SIDEBAR_RECENT + \
             SIDEBAR_SORTED + MATURE_CONTENT + SIDEBAR_PUBLISHER + SIDEBAR_RATING + SIDEBAR_FORMAT
diff --git a/cps/web.py b/cps/web.py
index 7f4289b5..8084de9f 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -203,6 +203,16 @@ def download_required(f):
     return inner
 
 
+def viewer_required(f):
+    @wraps(f)
+    def inner(*args, **kwargs):
+        if current_user.role_viewer():
+            return f(*args, **kwargs)
+        abort(403)
+
+    return inner
+
+
 def upload_required(f):
     @wraps(f)
     def inner(*args, **kwargs):
@@ -972,6 +982,7 @@ def get_cover(book_id):
 
 @web.route("/show/<book_id>/<book_format>")
 @login_required_if_no_ano
+@viewer_required
 def serve_book(book_id, book_format):
     book_format = book_format.split(".")[0]
     book = db.session.query(db.Books).filter(db.Books.id == book_id).first()
@@ -1276,6 +1287,7 @@ def profile():
 
 @web.route("/read/<int:book_id>/<book_format>")
 @login_required_if_no_ano
+@viewer_required
 def read_book(book_id, book_format):
     book = db.session.query(db.Books).filter(db.Books.id == book_id).first()
     if not book: