From 8734e356135dccb930d1c6963bcd11ca324050e8 Mon Sep 17 00:00:00 2001 From: j <0x006A@0x2620.org> Date: Mon, 25 Feb 2013 10:30:29 +0000 Subject: [PATCH] add add item api --- pandora/archive/views.py | 2 +- pandora/item/views.py | 36 +++++++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/pandora/archive/views.py b/pandora/archive/views.py index d76821b1..d5d46f3b 100644 --- a/pandora/archive/views.py +++ b/pandora/archive/views.py @@ -187,7 +187,7 @@ def addFile(request): response = json_response({}) data = json.loads(request.POST['data']) oshash = data.pop('id') - if not request.user.get_profile().capability('canUploadVideo'): + if not request.user.get_profile().capability('canAddItems'): response = json_response(status=403, text='permissino denied') elif models.File.objects.filter(oshash=oshash).count() > 0: f = models.File.objects.get(oshash=oshash) diff --git a/pandora/item/views.py b/pandora/item/views.py index 145fbf22..3a254e12 100644 --- a/pandora/item/views.py +++ b/pandora/item/views.py @@ -7,6 +7,7 @@ import random from urlparse import urlparse from urllib import quote import time +import re import Image from django.db.models import Count, Sum @@ -459,6 +460,35 @@ def get(request): return render_to_json_response(response) actions.register(get) +@login_required_json +def add(request): + ''' + param data { + } + return { + status: {'code': int, 'text': string}, + data: { + id: + name: + ... + } + } + ''' + + if not request.user.get_profile().capability('canAddItems'): + response = json_response(status=403, text='permissino denied') + else: + data = json.loads(request.POST['data']) + data['title'] = data.get('title', 'Untitled') + i = models.Item() + i.data['title'] = data['title'] + i.user = request.user + i.save() + response = json_response(status=200, text='created') + response['data'] = i.get_json() + return render_to_json_response(response) +actions.register(add, cache=False) + @login_required_json def edit(request): ''' @@ -515,7 +545,11 @@ def remove(request): response = json_response({}) data = json.loads(request.POST['data']) item = get_object_or_404_json(models.Item, itemId=data['id']) - if item.editable(request.user): + user = request.user + if user.get_profile().capability('canRemoveItems') == True or \ + user.is_staff or \ + item.user == user or \ + item.groups.filter(id__in=user.groups.all()).count() > 0: item.log() #FIXME: is this cascading enough or do we end up with orphan files etc. item.delete()