oembed, dont leak private layers

This commit is contained in:
j 2012-01-10 21:30:41 +05:30
parent 9a47ddcdad
commit 49ae89eb9b
6 changed files with 112 additions and 20 deletions

View file

@ -153,4 +153,13 @@ class AnnotationManager(Manager):
user)
if conditions:
qs = qs.filter(conditions)
#anonymous can only see public items
public_layers = self.model.public_layers()
if user.is_anonymous():
qs = qs.filter(layer__in=public_layers)
#users can see public and own
else:
qs = qs.filter(Q(layer__in=public_layers)|Q(user=user))
return qs

View file

@ -57,6 +57,14 @@ class Annotation(models.Model):
self.public_id = "%s/%s" % (self.item.itemId, ox.toAZ(public_id))
Annotation.objects.filter(id=self.id).update(public_id=self.public_id)
@classmethod
def public_layers(self):
layers = []
for layer in settings.CONFIG['layers']:
if not layer.get('private', False):
layers.append(layer['id'])
return layers
def get_layer(self):
for layer in settings.CONFIG['layers']:
if layer['id'] == self.layer:

View file

@ -1,9 +1,6 @@
# -*- coding: utf-8 -*-
# vi:si:et:sw=4:sts=4:ts=4
try:
import xml.etree.ElementTree as ET
except:
import elementtree.ElementTree as ET
import re
import copy
@ -16,7 +13,7 @@ from ox.django.shortcuts import json_response, render_to_json_response
from ox.django.decorators import login_required_json
import ox
from ox.utils import json
from ox.utils import json, ET
import models
@ -43,6 +40,15 @@ def embed(request, id):
})
return render_to_response('embed.html', context)
def redirect_url(request, url):
if request.META['QUERY_STRING']:
url += "?" + request.META['QUERY_STRING']
if settings.CONFIG.get('sendReferrer', False):
return redirect(url)
else:
return HttpResponse('<script>document.location.href=%s;</script>'%json.dumps(url))
def opensearch_xml(request):
osd = ET.Element('OpenSearchDescription')
osd.attrib['xmlns']="http://a9.com/-/spec/opensearch/1.1/"
@ -124,14 +130,6 @@ def editPage(request):
return render_to_json_response(response)
actions.register(editPage)
def redirect_url(request, url):
if request.META['QUERY_STRING']:
url += "?" + request.META['QUERY_STRING']
if settings.CONFIG.get('sendReferrer', False):
return redirect(url)
else:
return HttpResponse('<script>document.location.href=%s;</script>'%json.dumps(url))
def init(request):
'''
@ -146,3 +144,28 @@ def init(request):
response['data']['user'] = init_user(request.user, request)
return render_to_json_response(response)
actions.register(init)
def embedURL(request):
'''
param data {
url
maxwidth
maxheight
}
return {
status: ...
data: {
html
...
}
}
return {'status': {'code': int, 'text': string},
'data': {user: object}}
'''
data = json.loads(request.POST['data'])
response = json_response({})
response['data'] = ox.get_embed_code(data['url'], data.get('maxwidth'), data.get('maxheight'))
return render_to_json_response(response)
actions.register(embedURL)

View file

@ -5,6 +5,7 @@ import os.path
from datetime import datetime, timedelta
import mimetypes
import random
from urlparse import urlparse
import Image
from django.db.models import Count, Sum, Max
@ -13,7 +14,7 @@ from django.http import HttpResponse, HttpResponseForbidden, Http404
from django.shortcuts import get_object_or_404, redirect, render_to_response
from django.conf import settings
from ox.utils import json
from ox.utils import json, ET
from ox.django.decorators import login_required_json
from ox.django.shortcuts import render_to_json_response, get_object_or_404_json, json_response
@ -808,6 +809,51 @@ def random_annotation(request):
clip = item.annotations.all()[pos]
return redirect('/%s'% clip.public_id)
def oembed(request):
format = request.GET.get('format', 'json')
maxwidth = request.GET.get('maxwidth', 640)
maxheight = request.GET.get('maxheight', 480)
url = request.GET['url']
parts = urlparse(url).path.split('/')
itemId = parts[1]
#fixme: embed should reflect actuall url
item = get_object_or_404_json(models.Item, itemId=itemId)
embed_url = request.build_absolute_uri('/%s/embed' % item.itemId)
oembed = {}
oembed['version'] = '1.0'
oembed['type'] = 'video'
oembed['provider_name'] = settings.SITENAME
oembed['provider_url'] = request.build_absolute_uri('/')
oembed['title'] = item.get('title')
#oembed['author_name'] = item.get('director')
#oembed['author_url'] = ??
height = 96
width = 128
if maxheight > height or height > maxheight:
height = maxheight
if maxwidth > width or width > maxwidth:
width = maxwidth
oembed['html'] = '<iframe width="%s" height="%s" src="%s" frameborder="0" allowfullscreen></iframe>' % (height, width, embed_url)
oembed['width'] = width
oembed['height'] = height
thumbheight = 96
thumbwidth = int(thumbheight * item.sort.aspectratio)
thumbwidth -= thumbwidth % 2
oembed['thumbnail_height'] = thumbheight
oembed['thumbnail_width'] = thumbwidth
oembed['thumbnail_url'] = request.build_absolute_uri('/%s/%sp.jpg' % (item.itemId, thumbheight))
if format == 'xml':
oxml = ET.Element('oembed')
for key in oembed:
e = ET.SubElement(oxml, key)
e.text = unicode(oembed[key])
return HttpResponse(
'<?xml version="1.0" encoding="utf-8" standalone="yes"?>\n' + ET.tostring(oxml),
'application/xml'
)
return HttpResponse(json.dumps(oembed, indent=2), 'application/json')
def item(request, id):
id = id.split('/')[0]
template = 'index.html'
@ -834,13 +880,17 @@ def item(request, id):
value = value = u', '.join([unicode(v) for v in value])
data.append({'key': key.capitalize(), 'value': value})
clips = []
for c in item.clips.all():
clip = {
'in': c.start,
'annotations': '<br />\n'.join([a.value for a in c.annotations.all()])
}
clip = {'in': 0, 'annotations': []}
for a in item.annotations.filter(
layer__in=models.Annotation.public_layers()).order_by('start', 'end', 'sortvalue'):
if clip['in'] < a.start:
if clip['annotations']:
clip['annotations'] = '<br />\n'.join(clip['annotations'])
clips.append(clip)
clip = {'in': a.start, 'annotations': []}
clip['annotations'].append(a.value)
ctx = {
'current_url': request.build_absolute_uri(request.get_full_path()),
'base_url': request.build_absolute_uri('/'),
'url': request.build_absolute_uri('/%s' % id),
'id': id,

View file

@ -8,6 +8,7 @@
<link rel="icon" href="/static/png/icon64.png" sizes="48x48"/>
<meta name="application-name" content="{{settings.SITENAME}}"/>
<meta name="application-url" content="{{base_url}}"/>
<link rel="alternate" type="application/json+oembed" href="{{base_url}}oembed?url={{current_url|urlencode}}" title="oEmbed Profile" />
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="{{settings.SITENAME}}" />
<script>
if (localStorage && !localStorage['Ox.theme'])

View file

@ -29,6 +29,7 @@ urlpatterns = patterns('',
(r'^robots.txt$', serve_static_file, {'location': os.path.join(settings.STATIC_ROOT, 'robots.txt'), 'content_type': 'text/plain'}),
(r'^favicon.ico$', serve_static_file, {'location': os.path.join(settings.STATIC_ROOT, 'png/icon.16.png'), 'content_type': 'image/x-icon'}),
(r'^opensearch.xml$', 'app.views.opensearch_xml'),
(r'^oembed$', 'item.views.oembed'),
(r'', include('item.urls')),
)
#if settings.DEBUG: