jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not use Map.edit_status anymore

Browse source 
But keep it for now, for data migration, and just in case
This commit is contained in:
Yohan Boniface 2023-09-08 09:39:28 +02:00
parent de907dcb50
commit 3d2e62c858
6 changed files with 25 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
umap/decorators.py
View file

@ -26,9 +26,9 @@ def login_required_if_not_anonymous_allowed(view_func):
return wrapper return wrapper
def map_permissions_check(view_func): def can_edit_map(view_func):
""" """
Used for URLs dealing with the map. Used for URLs dealing with editing the map.
""" """
@wraps(view_func) @wraps(view_func)
@ -36,12 +36,11 @@ def map_permissions_check(view_func):
map_inst = get_object_or_404(Map, pk=kwargs["map_id"]) map_inst = get_object_or_404(Map, pk=kwargs["map_id"])
user = request.user user = request.user
kwargs["map_inst"] = map_inst # Avoid rerequesting the map in the view kwargs["map_inst"] = map_inst # Avoid rerequesting the map in the view
if map_inst.edit_status >= map_inst.EDITORS: can_edit = map_inst.can_edit(user=user, request=request)
can_edit = map_inst.can_edit(user=user, request=request) if not can_edit:
if not can_edit: if map_inst.owner and not user.is_authenticated:
if map_inst.owner and not user.is_authenticated: return simple_json_response(login_required=str(LOGIN_URL))
return simple_json_response(login_required=str(LOGIN_URL)) return HttpResponseForbidden()
return HttpResponseForbidden()
return view_func(request, *args, **kwargs) return view_func(request, *args, **kwargs)
return wrapper return wrapper

20
umap/forms.py
View file

@ -36,25 +36,7 @@ class SendLinkForm(forms.Form):
class UpdateMapPermissionsForm(forms.ModelForm): class UpdateMapPermissionsForm(forms.ModelForm):
class Meta: class Meta:
model = Map model = Map
fields = ("edit_status", "editors", "share_status", "owner") fields = ("editors", "share_status", "owner")
class AnonymousMapPermissionsForm(forms.ModelForm):
def __init__(self, *args, **kwargs):
super(AnonymousMapPermissionsForm, self).__init__(*args, **kwargs)
help_text = _("Secret edit link is %s") % self.instance.get_anonymous_edit_url()
self.fields["edit_status"].help_text = _(help_text)
STATUS = (
(Map.ANONYMOUS, _("Everyone can edit")),
(Map.OWNER, _("Only editable with secret edit link")),
)
edit_status = forms.ChoiceField(choices=STATUS)
class Meta:
model = Map
fields = ("edit_status",)
class DataLayerForm(forms.ModelForm): class DataLayerForm(forms.ModelForm):

21
umap/static/umap/js/umap.permissions.js
View file

@ -5,7 +5,6 @@ L.U.MapPermissions = L.Class.extend({
owner: null, owner: null,
editors: [], editors: [],
share_status: null, share_status: null,
edit_status: null,
}, },
initialize: function (map) { initialize: function (map) {
@ -62,26 +61,10 @@ L.U.MapPermissions = L.Class.extend({
const helpText = L._('Secret edit link is:<br>{link}', { const helpText = L._('Secret edit link is:<br>{link}', {
link: this.options.anonymous_edit_url, link: this.options.anonymous_edit_url,
}) })
fields.push([ L.DomUtil.create('p', 'help-text', container, helpText)
'options.edit_status',
{
handler: 'IntSelect',
label: L._('Who can edit'),
selectOptions: this.map.options.anonymous_edit_statuses,
helpText: helpText,
},
])
} }
} else { } else {
if (this.isOwner()) { if (this.isOwner()) {
fields.push([
'options.edit_status',
{
handler: 'IntSelect',
label: L._('Who can edit'),
selectOptions: this.map.options.edit_statuses,
},
])
fields.push([ fields.push([
'options.share_status', 'options.share_status',
{ {
@ -151,8 +134,6 @@ L.U.MapPermissions = L.Class.extend({
for (let i = 0; i < this.options.editors.length; i++) for (let i = 0; i < this.options.editors.length; i++)
formData.append('editors', this.options.editors[i].id) formData.append('editors', this.options.editors[i].id)
} }
if (this.isOwner() || this.isAnonymousMap())
formData.append('edit_status', this.options.edit_status)
if (this.isOwner()) { if (this.isOwner()) {
formData.append('owner', this.options.owner && this.options.owner.id) formData.append('owner', this.options.owner && this.options.owner.id)
formData.append('share_status', this.options.share_status) formData.append('share_status', this.options.share_status)

4
umap/templates/umap/map_table.html
View file

@ -5,7 +5,7 @@
<tr> <tr>
<th>{% blocktrans %}Map{% endblocktrans %}</th> <th>{% blocktrans %}Map{% endblocktrans %}</th>
<th>{% blocktrans %}Name{% endblocktrans %}</th> <th>{% blocktrans %}Name{% endblocktrans %}</th>
<th>{% blocktrans %}Who can see / edit{% endblocktrans %}</th> <th>{% blocktrans %}Who can see{% endblocktrans %}</th>
<th>{% blocktrans %}Last save{% endblocktrans %}</th> <th>{% blocktrans %}Last save{% endblocktrans %}</th>
<th>{% blocktrans %}Owner{% endblocktrans %}</th> <th>{% blocktrans %}Owner{% endblocktrans %}</th>
<th>{% blocktrans %}Actions{% endblocktrans %}</th> <th>{% blocktrans %}Actions{% endblocktrans %}</th>
@ -19,7 +19,7 @@
<td> <td>
<a href="{{ map_inst.get_absolute_url }}">{{ map_inst.name }}</a> <a href="{{ map_inst.get_absolute_url }}">{{ map_inst.name }}</a>
</td> </td>
<td>{{ map_inst.get_share_status_display }} / {{ map_inst.get_edit_status_display }}</td> <td>{{ map_inst.get_share_status_display }}</td>
<td>{{ map_inst.modified_at }}</td> <td>{{ map_inst.modified_at }}</td>
<td> <td>
<a href="{{ map_inst.owner.get_url }}">{{ map_inst.owner }}</a> <a href="{{ map_inst.owner.get_url }}">{{ map_inst.owner }}</a>

17
umap/urls.py
View file

@ -13,7 +13,7 @@ from . import views
from .decorators import ( from .decorators import (
jsonize_view, jsonize_view,
login_required_if_not_anonymous_allowed, login_required_if_not_anonymous_allowed,
map_permissions_check, can_edit_map,
can_view_map, can_view_map,
) )
from .utils import decorated_patterns from .utils import decorated_patterns
@ -144,11 +144,6 @@ map_urls = [
views.DataLayerCreate.as_view(), views.DataLayerCreate.as_view(),
name="datalayer_create", name="datalayer_create",
), ),
re_path(
r"^map/(?P<map_id>[\d]+)/datalayer/update/(?P<pk>\d+)/$",
views.DataLayerUpdate.as_view(),
name="datalayer_update",
),
re_path( re_path(
r"^map/(?P<map_id>[\d]+)/datalayer/delete/(?P<pk>\d+)/$", r"^map/(?P<map_id>[\d]+)/datalayer/delete/(?P<pk>\d+)/$",
views.DataLayerDelete.as_view(), views.DataLayerDelete.as_view(),
@ -168,7 +163,15 @@ if settings.FROM_EMAIL:
name="map_send_edit_link", name="map_send_edit_link",
) )
) )
i18n_urls += decorated_patterns([map_permissions_check, never_cache], *map_urls) datalayer_urls = [
re_path(
r"^map/(?P<map_id>[\d]+)/datalayer/update/(?P<pk>\d+)/$",
views.DataLayerUpdate.as_view(),
name="datalayer_update",
),
]
i18n_urls += decorated_patterns([can_edit_map, never_cache], *map_urls)
i18n_urls += decorated_patterns([never_cache], *datalayer_urls)
urlpatterns += i18n_patterns( urlpatterns += i18n_patterns(
re_path(r"^$", views.home, name="home"), re_path(r"^$", views.home, name="home"),
re_path( re_path(

14
umap/views.py
View file

@ -45,7 +45,6 @@ from .forms import (
DEFAULT_LATITUDE, DEFAULT_LATITUDE,
DEFAULT_LONGITUDE, DEFAULT_LONGITUDE,
DEFAULT_CENTER, DEFAULT_CENTER,
AnonymousMapPermissionsForm,
DataLayerForm, DataLayerForm,
DataLayerPermissionsForm, DataLayerPermissionsForm,
AnonymousDataLayerPermissionsForm, AnonymousDataLayerPermissionsForm,
@ -460,7 +459,7 @@ class MapDetailMixin:
(i, str(label)) for i, label in Map.SHARE_STATUS if i != Map.BLOCKED (i, str(label)) for i, label in Map.SHARE_STATUS if i != Map.BLOCKED
], ],
"anonymous_edit_statuses": [ "anonymous_edit_statuses": [
(i, str(label)) for i, label in AnonymousMapPermissionsForm.STATUS (i, str(label)) for i, label in AnonymousDataLayerPermissionsForm.STATUS
], ],
"umap_version": VERSION, "umap_version": VERSION,
} }
@ -522,7 +521,6 @@ class MapDetailMixin:
class PermissionsMixin: class PermissionsMixin:
def get_permissions(self): def get_permissions(self):
permissions = {} permissions = {}
permissions["edit_status"] = self.object.edit_status
permissions["share_status"] = self.object.share_status permissions["share_status"] = self.object.share_status
if self.object.owner: if self.object.owner:
permissions["owner"] = { permissions["owner"] = {
@ -646,18 +644,12 @@ class MapUpdate(FormLessEditMixin, PermissionsMixin, UpdateView):
class UpdateMapPermissions(FormLessEditMixin, UpdateView): class UpdateMapPermissions(FormLessEditMixin, UpdateView):
model = Map model = Map
pk_url_kwarg = "map_id" pk_url_kwarg = "map_id"
form_class = UpdateMapPermissionsForm
def get_form_class(self):
if self.object.owner:
return UpdateMapPermissionsForm
else:
return AnonymousMapPermissionsForm
def get_form(self, form_class=None): def get_form(self, form_class=None):
form = super().get_form(form_class) form = super().get_form(form_class)
user = self.request.user user = self.request.user
if self.object.owner and not user == self.object.owner: if self.object.owner and not user == self.object.owner:
del form.fields["edit_status"]
del form.fields["share_status"] del form.fields["share_status"]
del form.fields["owner"] del form.fields["owner"]
return form return form
@ -924,6 +916,8 @@ class DataLayerUpdate(FormLessEditMixin, GZipMixin, UpdateView):
self.object = self.get_object() self.object = self.get_object()
if self.object.map != self.kwargs["map_inst"]: if self.object.map != self.kwargs["map_inst"]:
return HttpResponseForbidden() return HttpResponseForbidden()
if not self.object.can_edit(user=self.request.user, request=self.request):
return HttpResponseForbidden()
if not self.is_unmodified(): if not self.is_unmodified():
return HttpResponse(status=412) return HttpResponse(status=412)
return super(DataLayerUpdate, self).post(request, *args, **kwargs) return super(DataLayerUpdate, self).post(request, *args, **kwargs)