list all playlist the user has the perms on (not recursive)
This commit is contained in:
grimhilt
parent
3b50112c10
commit
f192ba3759
@ -3,6 +3,7 @@ from ..models import Playlist, PlaylistFile, File, Role
|
|||||||
from .. import db
|
from .. import db
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from ..dao.Playlist import PlaylistDao
|
from ..dao.Playlist import PlaylistDao
|
||||||
|
from ..dao.UsersDao import UsersDao
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
from screen.ScreenManager import ScreenManager
|
from screen.ScreenManager import ScreenManager
|
||||||
|
|
||||||
@ -50,17 +51,18 @@ class PlaylistAbl:
|
|||||||
def get_playlist(playlist_id):
|
def get_playlist(playlist_id):
|
||||||
(query, files) = PlaylistDao.get_playlist(playlist_id)
|
(query, files) = PlaylistDao.get_playlist(playlist_id)
|
||||||
query = query.as_dict_with_roles()
|
query = query.as_dict_with_roles()
|
||||||
return jsonify({ \
|
return jsonify({
|
||||||
'id': query['id'], \
|
'id': query['id'],
|
||||||
'name': query['name'], \
|
'name': query['name'],
|
||||||
'owner_id': query['owner_id'], \
|
'owner_id': query['owner_id'],
|
||||||
'view': query['view'], \
|
'view': query['view'],
|
||||||
'edit': query['edit'], \
|
'edit': query['edit'],
|
||||||
'files': files})
|
'files': files})
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def list():
|
def list():
|
||||||
playlists = db.session.query(Playlist).all()
|
user_id = current_user.as_dict()['id']
|
||||||
|
playlists = UsersDao.playlists(user_id)
|
||||||
res = []
|
res = []
|
||||||
for playlist in playlists:
|
for playlist in playlists:
|
||||||
p = playlist.as_dict()
|
p = playlist.as_dict()
|
||||||
@ -73,11 +75,11 @@ class PlaylistAbl:
|
|||||||
# EDIT PLAYLIST CONTENT
|
# EDIT PLAYLIST CONTENT
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def add_file(playlist_id, data):
|
def add_file(playlist_id, data):
|
||||||
new_playlist_file = PlaylistFile( \
|
new_playlist_file = PlaylistFile(
|
||||||
playlist_id=playlist_id, \
|
playlist_id=playlist_id,
|
||||||
file_id=data['file_id'], \
|
file_id=data['file_id'],
|
||||||
position=data['position'], \
|
position=data['position'],
|
||||||
seconds=data['seconds'] \
|
seconds=data['seconds']
|
||||||
)
|
)
|
||||||
|
|
||||||
db.session.add(new_playlist_file)
|
db.session.add(new_playlist_file)
|
||||||
|
|||||||
@ -20,6 +20,7 @@ def create():
|
|||||||
|
|
||||||
@playlist.route('/playlists', methods=["GET"])
|
@playlist.route('/playlists', methods=["GET"])
|
||||||
@login_required
|
@login_required
|
||||||
|
@permissions.require([Perm.VIEW_PLAYLIST])
|
||||||
def list():
|
def list():
|
||||||
return PlaylistAbl.list()
|
return PlaylistAbl.list()
|
||||||
|
|
||||||
|
|||||||
@ -1,13 +1,13 @@
|
|||||||
from .. import db
|
from .. import db
|
||||||
from ..models import User, Role
|
from ..models import User, Role, Playlist
|
||||||
|
|
||||||
class UsersDao:
|
class UsersDao:
|
||||||
def has_role_view_q(user_id):
|
def has_role_view_q(user_id):
|
||||||
has_role_to_view = db.session.query(User) \
|
has_role_to_view = db.session.query(User) \
|
||||||
.filter(User.id == user_id) \
|
.filter(User.id == user_id) \
|
||||||
.filter( \
|
.filter(
|
||||||
User.roles.any( \
|
User.roles.any(
|
||||||
Role.users.any(Role.playlists_view is not None) \
|
Role.users.any(Role.playlists_view is not None)
|
||||||
)) \
|
)) \
|
||||||
.first()
|
.first()
|
||||||
return has_role_to_view
|
return has_role_to_view
|
||||||
@ -15,10 +15,34 @@ class UsersDao:
|
|||||||
def has_role_edit_q(user_id):
|
def has_role_edit_q(user_id):
|
||||||
has_role_to_edit = db.session.query(User) \
|
has_role_to_edit = db.session.query(User) \
|
||||||
.filter(User.id == user_id) \
|
.filter(User.id == user_id) \
|
||||||
.filter( \
|
.filter(
|
||||||
User.roles.any( \
|
User.roles.any(
|
||||||
Role.users.any(Role.playlists_edit is not None) \
|
Role.users.any(Role.playlists_edit is not None)
|
||||||
)) \
|
)) \
|
||||||
.first()
|
.first()
|
||||||
return has_role_to_edit
|
return has_role_to_edit
|
||||||
|
|
||||||
|
def playlists(user_id):
|
||||||
|
playlists = db.session.query(Playlist) \
|
||||||
|
.filter(
|
||||||
|
# all playlist where user can view
|
||||||
|
Playlist.view.any(
|
||||||
|
# check if a role belongs to this user
|
||||||
|
Role.user_id == user_id or
|
||||||
|
# check if a this user has a role to view
|
||||||
|
Role.users.any(User.id == user_id) \
|
||||||
|
) |
|
||||||
|
# all playlist where user can edit
|
||||||
|
Playlist.edit.any(
|
||||||
|
# check if a role belongs to this user
|
||||||
|
Role.user_id == user_id or
|
||||||
|
# check if a this user has a role to edit
|
||||||
|
Role.users.any(User.id == user_id)
|
||||||
|
|
||||||
|
) |
|
||||||
|
(Playlist.owner_id == user_id)
|
||||||
|
) \
|
||||||
|
.all()
|
||||||
|
return playlists
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user