0x2620/pandora
2
1
Fork 1
Code Issues 1.3k Pull requests Releases Wiki Activity

permissions

Browse source
This commit is contained in:
j 2011-09-28 14:47:13 +02:00
parent 4a8954332a
commit 9b0a4bd47f
2 changed files with 24 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
pandora/item/models.py
View file

@ -57,6 +57,7 @@ def get_item(info, user=None, async=False):
'year': info.get('year', '') 'year': info.get('year', '')
} }
item.user = user item.user = user
item.oxdbId = item.itemId
item.save() item.save()
if async: if async:
tasks.update_external.delay(item.itemId) tasks.update_external.delay(item.itemId)
@ -168,7 +169,7 @@ class Item(models.Model):
else: else:
level = user.get_profile().get_level() level = user.get_profile().get_level()
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level] allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
if self.level < allowed_level: if self.level <= allowed_level:
return True return True
elif user.is_authenticated() and \ elif user.is_authenticated() and \
(self.user == user or \ (self.user == user or \
@ -272,7 +273,9 @@ class Item(models.Model):
if not settings.USE_IMDB: if not settings.USE_IMDB:
self.itemId = ox.to32(self.id) self.itemId = ox.to32(self.id)
self.oxdbId = self.oxdb_id() oxdbId = self.oxdb_id()
if oxdbId:
self.oxdbId = oxdbId
#id changed, what about existing item with new id? #id changed, what about existing item with new id?
if settings.USE_IMDB and len(self.itemId) != 7 and self.oxdbId != self.itemId: if settings.USE_IMDB and len(self.itemId) != 7 and self.oxdbId != self.itemId:

20
pandora/item/views.py
View file

@ -7,7 +7,7 @@ import mimetypes
import Image import Image
from django.db.models import Count, Sum, Max from django.db.models import Count, Sum, Max
from django.http import HttpResponse, Http404 from django.http import HttpResponse, HttpResponseForbidden, Http404
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.conf import settings from django.conf import settings
@ -551,6 +551,8 @@ actions.register(getImdbId)
''' '''
def frame(request, id, size, position=None): def frame(request, id, size, position=None):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
frame = None frame = None
if not position: if not position:
frames = item.poster_frames() frames = item.poster_frames()
@ -575,6 +577,8 @@ def frame(request, id, size, position=None):
def poster_frame(request, id, position): def poster_frame(request, id, position):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
position = int(position) position = int(position)
frames = item.poster_frames() frames = item.poster_frames()
if frames and len(frames) > position: if frames and len(frames) > position:
@ -599,6 +603,8 @@ def image_to_response(image, size=None):
def siteposter(request, id, size=None): def siteposter(request, id, size=None):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
poster = item.path('siteposter.jpg') poster = item.path('siteposter.jpg')
poster = os.path.abspath(os.path.join(settings.MEDIA_ROOT, poster)) poster = os.path.abspath(os.path.join(settings.MEDIA_ROOT, poster))
if size: if size:
@ -613,6 +619,8 @@ def siteposter(request, id, size=None):
def poster(request, id, size=None): def poster(request, id, size=None):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if item.poster: if item.poster:
return image_to_response(item.poster, size) return image_to_response(item.poster, size)
else: else:
@ -624,6 +632,8 @@ def poster(request, id, size=None):
def icon(request, id, size=None): def icon(request, id, size=None):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if item.icon: if item.icon:
return image_to_response(item.icon, size) return image_to_response(item.icon, size)
else: else:
@ -632,17 +642,23 @@ def icon(request, id, size=None):
def timeline(request, id, size, position): def timeline(request, id, size, position):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
timeline = '%s.%s.%04d.png' %(item.timeline_prefix, size, int(position)) timeline = '%s.%s.%04d.png' %(item.timeline_prefix, size, int(position))
return HttpFileResponse(timeline, content_type='image/png') return HttpFileResponse(timeline, content_type='image/png')
def timeline_overview(request, id, size): def timeline_overview(request, id, size):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
timeline = '%s.%s.png' %(item.timeline_prefix, size) timeline = '%s.%s.png' %(item.timeline_prefix, size)
return HttpFileResponse(timeline, content_type='image/png') return HttpFileResponse(timeline, content_type='image/png')
def torrent(request, id, filename=None): def torrent(request, id, filename=None):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if not item.torrent: if not item.torrent:
raise Http404 raise Http404
if not filename or filename.endswith('.torrent'): if not filename or filename.endswith('.torrent'):
@ -663,6 +679,8 @@ def torrent(request, id, filename=None):
def video(request, id, resolution, format, index=None): def video(request, id, resolution, format, index=None):
item = get_object_or_404(models.Item, itemId=id) item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if index: if index:
index = int(index) - 1 index = int(index) - 1
else: else: