From c46bbeaff186c10ccdc8567be8835ff717c8beb2 Mon Sep 17 00:00:00 2001 From: Christian Glatthard Date: Tue, 11 Aug 2015 19:55:40 +0200 Subject: [PATCH] fix permission problem on join / leave group. --- ipynbsrv/api/urls.py | 2 + ipynbsrv/api/views.py | 51 ++++++++++++++++++- ipynbsrv/core/models.py | 2 +- .../web/collaborationgroups/index.html | 2 - .../web/collaborationgroups/manage.html | 2 - ipynbsrv/web/views/collaborationgroups.py | 44 ++++++---------- 6 files changed, 68 insertions(+), 35 deletions(-) diff --git a/ipynbsrv/api/urls.py b/ipynbsrv/api/urls.py index 1a4ce33..9678966 100644 --- a/ipynbsrv/api/urls.py +++ b/ipynbsrv/api/urls.py @@ -18,6 +18,8 @@ url(r'^collaborationgroups/(?P[0-9]+)$', views.CollaborationGroupDetail.as_view(), name="collaborationgroup_detail"), url(r'^collaborationgroups/(?P[0-9]+)/add_members$', views.collaborationgroup_add_members, name="collaborationgroup_add_members"), url(r'^collaborationgroups/(?P[0-9]+)/remove_members$', views.collaborationgroup_remove_members, name="collaborationgroup_remove_members"), + url(r'^collaborationgroups/(?P[0-9]+)/join$', views.collaborationgroup_join, name="collaborationgroup_join"), + url(r'^collaborationgroups/(?P[0-9]+)/leave$', views.collaborationgroup_leave, name="collaborationgroup_leave"), url(r'^collaborationgroups/(?P[0-9]+)/add_admins$', views.collaborationgroup_add_admins, name="collaborationgroup_add_admins"), url(r'^collaborationgroups/(?P[0-9]+)/remove_admins$', views.collaborationgroup_remove_admins, name="collaborationgroup_remove_admins"), diff --git a/ipynbsrv/api/views.py b/ipynbsrv/api/views.py index cfc40b1..1413761 100644 --- a/ipynbsrv/api/views.py +++ b/ipynbsrv/api/views.py @@ -42,7 +42,9 @@ def api_root(request, format=None): 'add_members': 'Add members to a collaborationgroup.', 'remove_members': 'Remove members from a collaborationgroup.', 'add_admins': 'Add admins to a collaborationgroup.', - 'remove_admins': 'Remove admins from a collaborationgroup.' + 'remove_admins': 'Remove admins from a collaborationgroup.', + 'join': 'Join a public collaborationgroup.', + 'leave': 'Leave a collaborationgroup.' } } available_endpoints['containers'] = { @@ -379,6 +381,53 @@ def collaborationgroup_remove_members(request, pk): return Response(serializer.data, status=status.HTTP_201_CREATED) +@api_view(['POST']) +def collaborationgroup_join(request, pk): + """ + Join a group. + Todo: show params on OPTIONS call. + Todo: permissions + :param pk pk of the collaboration group + """ + + obj = CollaborationGroup.objects.filter(id=pk) + if not obj: + return Response({"error": "CollaborationGroup not found!", "data": request.data}) + group = obj.first() + + if not group.is_public: + return Response({"error": "{} could not be added to {}. Group not public.".format(request.user.username, group.name)}) + + result = group.add_user(request.user.backend_user) + if not result: + return Response({"error": "{} could not be added to {}".format(request.user.username, group.name)}) + + serializer = NestedCollaborationGroupSerializer(group) + return Response(serializer.data, status=status.HTTP_201_CREATED) + + +@api_view(['POST']) +def collaborationgroup_leave(request, pk): + """ + Leave a group. + Todo: show params on OPTIONS call. + Todo: permissions + :param pk pk of the collaboration group + """ + + obj = CollaborationGroup.objects.filter(id=pk) + if not obj: + return Response({"error": "CollaborationGroup not found!", "data": request.data}) + group = obj.first() + + result = group.remove_member(request.user.backend_user) + if not result: + return Response({"error": "{} could not be removed from {}. Not a member or creator.".format(request.user.username, group.name)}) + + serializer = NestedCollaborationGroupSerializer(group) + return Response(serializer.data, status=status.HTTP_201_CREATED) + + class ContainerList(generics.ListCreateAPIView): """ Get a list of all the containers. diff --git a/ipynbsrv/core/models.py b/ipynbsrv/core/models.py index 7267a2e..7d48146 100644 --- a/ipynbsrv/core/models.py +++ b/ipynbsrv/core/models.py @@ -464,7 +464,7 @@ def remove_user(self, user): :return bool `True` if the user has been removed. """ - if self.is_user(user): + if self.is_user(user) and self.creator != user: self.user_set.remove(user.django_user) return True return False diff --git a/ipynbsrv/web/templates/web/collaborationgroups/index.html b/ipynbsrv/web/templates/web/collaborationgroups/index.html index 9de0ebc..3c70f73 100644 --- a/ipynbsrv/web/templates/web/collaborationgroups/index.html +++ b/ipynbsrv/web/templates/web/collaborationgroups/index.html @@ -44,7 +44,6 @@

My Groups

{% csrf_token %} - @@ -53,7 +52,6 @@

My Groups

{% csrf_token %} - diff --git a/ipynbsrv/web/templates/web/collaborationgroups/manage.html b/ipynbsrv/web/templates/web/collaborationgroups/manage.html index 4d92d31..b15e05f 100644 --- a/ipynbsrv/web/templates/web/collaborationgroups/manage.html +++ b/ipynbsrv/web/templates/web/collaborationgroups/manage.html @@ -26,7 +26,6 @@

Group

{% csrf_token %} -
@@ -35,7 +34,6 @@

Group

{% csrf_token %} -
diff --git a/ipynbsrv/web/views/collaborationgroups.py b/ipynbsrv/web/views/collaborationgroups.py index 0d3843f..3132c4a 100644 --- a/ipynbsrv/web/views/collaborationgroups.py +++ b/ipynbsrv/web/views/collaborationgroups.py @@ -257,33 +257,24 @@ def leave(request): if request.method != "POST": messages.error(request, "Invalid request method.") return redirect('groups') - if 'group_id' not in request.POST or 'user_id' not in request.POST: + if 'group_id' not in request.POST: messages.error(request, "Invalid POST request.") return redirect('groups') group_id = int(request.POST.get('group_id')) - user_id = int(request.POST.get('user_id')) client = get_httpclient_instance(request) - - user = client.users(user_id).get() group = client.collaborationgroups(group_id).get() if group: - if user: - params = {} - params["users"] = [user_id] - try: - client.collaborationgroups(group_id).remove_members.post(params) - messages.success(request, "You are no longer a member of group {}.".format(group.name)) - except Exception as e: - messages.error(request, api_error_message(e, params)) + try: + client.collaborationgroups(group_id).leave.post() + messages.success(request, "You are no longer a member of group {}.".format(group.name)) + except Exception as e: + messages.error(request, api_error_message(e, "")) - request.method = "GET" - return redirect('groups') - else: - messages.error(request, "User does not exist.") - return redirect('group_manage', group.id) + request.method = "GET" + return redirect('groups') else: messages.error(request, "Group does not exist.") @@ -295,24 +286,19 @@ def join(request): if request.method != "POST": messages.error(request, "Invalid request method.") return redirect('shares') - if 'group_id' not in request.POST or 'user_id' not in request.POST: + if 'group_id' not in request.POST: messages.error(request, "Invalid POST request.") return redirect('groups') - user_id = request.POST.get('user_id') group_id = request.POST.get('group_id') client = get_httpclient_instance(request) - group = client.collaborationgroups(group_id).get() - user = client.users(user_id).get() - if user: - params = {} - params["users"] = [user_id] - try: - client.collaborationgroups(group_id).add_members.post(params) - messages.success(request, "You are now a member of {}.".format(group.name)) - except Exception as e: - messages.error(request, api_error_message(e, params)) + + try: + client.collaborationgroups(group_id).join.post() + messages.success(request, "You are now a member of {}.".format(group.name)) + except Exception as e: + messages.error(request, api_error_message(e, "")) return redirect('groups')