misc auth functions

This commit is contained in:
dave 2018-09-23 13:04:50 -07:00
parent 3035d117b5
commit 0e25b312ab
3 changed files with 20 additions and 2 deletions

View File

@ -87,7 +87,7 @@ class PhotosWeb(object):
tagq = s.query(Tag).join(TagItem).join(PhotoSet)
if not auth():
tagq = tagq.filter(PhotoSet.status == PhotoStatus.public)
tagq = tagq.order_by(Tag.title).all() # pragma: manual auth
tagq = tagq.filter(Tag.is_album == False).order_by(Tag.title).all() # pragma: manual auth
albumq = s.query(Tag).join(TagItem).join(PhotoSet)
if not auth():
@ -388,6 +388,14 @@ class TagView(object):
@cherrypy.expose
@require_auth
def op(self, uuid, op):
"""
Perform some action on this tag
- Promote: label this tag an album
- Demote: label this tag as only a tag and not an album
- Delete: remove this tag
- Make all public: mark all photos under this tag as public
- Make all private: mark all photos under this tag as private
"""
s = self.master.session()
tag = s.query(Tag).filter(Tag.uuid == uuid).first()
if op == "Demote to tag":
@ -399,6 +407,14 @@ class TagView(object):
s.delete(tag)
s.commit()
raise cherrypy.HTTPRedirect('/', 302)
elif op == "Make all public":
# TODO smarter query
for photo in s.query(PhotoSet).join(TagItem).join(Tag).filter(Tag.uuid == uuid).all():
photo.status = PhotoStatus.public
elif op == "Make all private":
# TODO smarter query
for photo in s.query(PhotoSet).join(TagItem).join(Tag).filter(Tag.uuid == uuid).all():
photo.status = PhotoStatus.private
else:
raise Exception("Invalid op: '{}'".format(op))
s.commit()

View File

@ -61,7 +61,7 @@ class Tag(Base):
uuid = Column(Unicode, unique=True, default=lambda: str(uuid.uuid4()))
created = Column(DateTime, default=lambda: datetime.now())
modified = Column(DateTime, default=lambda: datetime.now())
is_album = Column(Boolean)
is_album = Column(Boolean, default=False)
title = Column(String, unique=True)
slug = Column(String, unique=True)
description = Column(String)

View File

@ -6,6 +6,8 @@
<form action="/tag/{{ tag.uuid }}/op" method="post">
{% if tag.is_album %}<input type="submit" class="secondary-button pure-button" name="op" value="Demote to tag" />{% else %}
<input type="submit" class="secondary-button pure-button" name="op" value="Promote to album" />{% endif %}
<input type="submit" class="secondary-button pure-button" name="op" value="Make all public" />
<input type="submit" class="secondary-button pure-button" name="op" value="Make all private" />
<input type="submit" class="secondary-button pure-button" name="op" value="Delete tag" />
</form>
{% endblock %}