fix permission problem on join / leave group.

coco-project · Aug 11, 2015 · c46bbea · c46bbea
1 parent eb57367
commit c46bbea
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 35 deletions.
diff --git a/ipynbsrv/api/urls.py b/ipynbsrv/api/urls.py
@@ -18,6 +18,8 @@
     url(r'^collaborationgroups/(?P<pk>[0-9]+)$', views.CollaborationGroupDetail.as_view(), name="collaborationgroup_detail"),
     url(r'^collaborationgroups/(?P<pk>[0-9]+)/add_members$', views.collaborationgroup_add_members, name="collaborationgroup_add_members"),
     url(r'^collaborationgroups/(?P<pk>[0-9]+)/remove_members$', views.collaborationgroup_remove_members, name="collaborationgroup_remove_members"),
+    url(r'^collaborationgroups/(?P<pk>[0-9]+)/join$', views.collaborationgroup_join, name="collaborationgroup_join"),
+    url(r'^collaborationgroups/(?P<pk>[0-9]+)/leave$', views.collaborationgroup_leave, name="collaborationgroup_leave"),
     url(r'^collaborationgroups/(?P<pk>[0-9]+)/add_admins$', views.collaborationgroup_add_admins, name="collaborationgroup_add_admins"),
     url(r'^collaborationgroups/(?P<pk>[0-9]+)/remove_admins$', views.collaborationgroup_remove_admins, name="collaborationgroup_remove_admins"),
 

diff --git a/ipynbsrv/api/views.py b/ipynbsrv/api/views.py
@@ -42,7 +42,9 @@ def api_root(request, format=None):
             'add_members': 'Add members to a collaborationgroup.',
             'remove_members': 'Remove members from a collaborationgroup.',
             'add_admins': 'Add admins to a collaborationgroup.',
-            'remove_admins': 'Remove admins from a collaborationgroup.'
+            'remove_admins': 'Remove admins from a collaborationgroup.',
+            'join': 'Join a public collaborationgroup.',
+            'leave': 'Leave a collaborationgroup.'
         }
     }
     available_endpoints['containers'] = {
@@ -379,6 +381,53 @@ def collaborationgroup_remove_members(request, pk):
     return Response(serializer.data, status=status.HTTP_201_CREATED)
 
 
+@api_view(['POST'])
+def collaborationgroup_join(request, pk):
+    """
+    Join a group.
+    Todo: show params on OPTIONS call.
+    Todo: permissions
+    :param pk   pk of the collaboration group
+    """
+
+    obj = CollaborationGroup.objects.filter(id=pk)
+    if not obj:
+        return Response({"error": "CollaborationGroup not found!", "data": request.data})
+    group = obj.first()
+
+    if not group.is_public:
+        return Response({"error": "{} could not be added to {}. Group not public.".format(request.user.username, group.name)})
+
+    result = group.add_user(request.user.backend_user)
+    if not result:
+        return Response({"error": "{} could not be added to {}".format(request.user.username, group.name)})
+
+    serializer = NestedCollaborationGroupSerializer(group)
+    return Response(serializer.data, status=status.HTTP_201_CREATED)
+
+
+@api_view(['POST'])
+def collaborationgroup_leave(request, pk):
+    """
+    Leave a group.
+    Todo: show params on OPTIONS call.
+    Todo: permissions
+    :param pk   pk of the collaboration group
+    """
+
+    obj = CollaborationGroup.objects.filter(id=pk)
+    if not obj:
+        return Response({"error": "CollaborationGroup not found!", "data": request.data})
+    group = obj.first()
+
+    result = group.remove_member(request.user.backend_user)
+    if not result:
+        return Response({"error": "{} could not be removed from {}. Not a member or creator.".format(request.user.username, group.name)})
+
+    serializer = NestedCollaborationGroupSerializer(group)
+    return Response(serializer.data, status=status.HTTP_201_CREATED)
+
+
 class ContainerList(generics.ListCreateAPIView):
     """
     Get a list of all the containers.

diff --git a/ipynbsrv/core/models.py b/ipynbsrv/core/models.py
@@ -464,7 +464,7 @@ def remove_user(self, user):
 
         :return bool `True` if the user has been removed.
         """
-        if self.is_user(user):
+        if self.is_user(user) and self.creator != user:
             self.user_set.remove(user.django_user)
             return True
         return False

diff --git a/ipynbsrv/web/templates/web/collaborationgroups/index.html b/ipynbsrv/web/templates/web/collaborationgroups/index.html
@@ -44,7 +44,6 @@ <h1>My Groups</h1>
                 <form action="{% url 'group_leave' %}" method="POST" role="form" class="form-action">
                     {% csrf_token %}
                     <input type="hidden" name="group_id" value="{{ group.id }}">
-                    <input type="hidden" name="user_id" value="{{ request.user.id }}">
                     <button class="btn btn-sm btn-warning" title="Leave group?" data-toggle="confirmation" data-placement="left">
                         <i class="glyphicon glyphicon-minus-sign" aria-hidden="true"></i>
                     </button>
@@ -53,7 +52,6 @@ <h1>My Groups</h1>
                 <form action="{% url 'group_join' %}" method="POST" role="form" class="form-action">
                     {% csrf_token %}
                     <input type="hidden" name="group_id" value="{{ group.id }}">
-                    <input type="hidden" name="user_id" value="{{ request.user.id }}">
                     <button class="btn btn-sm btn-success" title="Join group?" data-toggle="confirmation" data-placement="left">
                         <i class="glyphicon glyphicon-plus-sign" aria-hidden="true"></i>
                     </button>

diff --git a/ipynbsrv/web/templates/web/collaborationgroups/manage.html b/ipynbsrv/web/templates/web/collaborationgroups/manage.html
@@ -26,7 +26,6 @@ <h1>Group</h1>
         <form action="{% url 'group_join' %}" method="POST" role="form">
             {% csrf_token %}
             <input type="hidden" name="group_id" value="{{ group.id }}">
-            <input type="hidden" name="user_id" value="{{ request.user.id }}">
             <button class="btn btn-primary btn-delete pull-right" title="Join this public group?" data-toggle="confirmation" data-placement="bottom">Join Group
             </button>
         </form>
@@ -35,7 +34,6 @@ <h1>Group</h1>
         <form action="{% url 'group_leave' %}" method="POST" role="form">
             {% csrf_token %}
             <input type="hidden" name="group_id" value="{{ group.id }}">
-            <input type="hidden" name="user_id" value="{{ request.user.id }}">
             <button class="btn btn-warning btn-delete pull-right" title="Leave this public group?" data-toggle="confirmation" data-placement="bottom">Leave Group
             </button>
         </form>

diff --git a/ipynbsrv/web/views/collaborationgroups.py b/ipynbsrv/web/views/collaborationgroups.py
@@ -257,33 +257,24 @@ def leave(request):
     if request.method != "POST":
         messages.error(request, "Invalid request method.")
         return redirect('groups')
-    if 'group_id' not in request.POST or 'user_id' not in request.POST:
+    if 'group_id' not in request.POST:
         messages.error(request, "Invalid POST request.")
         return redirect('groups')
 
     group_id = int(request.POST.get('group_id'))
-    user_id = int(request.POST.get('user_id'))
 
     client = get_httpclient_instance(request)
-
-    user = client.users(user_id).get()
     group = client.collaborationgroups(group_id).get()
 
     if group:
-        if user:
-            params = {}
-            params["users"] = [user_id]
-            try:
-                client.collaborationgroups(group_id).remove_members.post(params)
-                messages.success(request, "You are no longer a member of group {}.".format(group.name))
-            except Exception as e:
-                messages.error(request, api_error_message(e, params))
+        try:
+            client.collaborationgroups(group_id).leave.post()
+            messages.success(request, "You are no longer a member of group {}.".format(group.name))
+        except Exception as e:
+            messages.error(request, api_error_message(e, ""))
 
-            request.method = "GET"
-            return redirect('groups')
-        else:
-            messages.error(request, "User does not exist.")
-            return redirect('group_manage', group.id)
+        request.method = "GET"
+        return redirect('groups')
     else:
         messages.error(request, "Group does not exist.")
 
@@ -295,24 +286,19 @@ def join(request):
     if request.method != "POST":
         messages.error(request, "Invalid request method.")
         return redirect('shares')
-    if 'group_id' not in request.POST or 'user_id' not in request.POST:
+    if 'group_id' not in request.POST:
         messages.error(request, "Invalid POST request.")
         return redirect('groups')
 
-    user_id = request.POST.get('user_id')
     group_id = request.POST.get('group_id')
 
     client = get_httpclient_instance(request)
-
     group = client.collaborationgroups(group_id).get()
-    user = client.users(user_id).get()
-    if user:
-        params = {}
-        params["users"] = [user_id]
-        try:
-            client.collaborationgroups(group_id).add_members.post(params)
-            messages.success(request, "You are now a member of {}.".format(group.name))
-        except Exception as e:
-            messages.error(request, api_error_message(e, params))
+
+    try:
+        client.collaborationgroups(group_id).join.post()
+        messages.success(request, "You are now a member of {}.".format(group.name))
+    except Exception as e:
+        messages.error(request, api_error_message(e, ""))
 
     return redirect('groups')