permissions

This commit is contained in:
j 2011-09-28 14:47:13 +02:00
parent 4a8954332a
commit 9b0a4bd47f
2 changed files with 24 additions and 3 deletions

View file

@ -57,6 +57,7 @@ def get_item(info, user=None, async=False):
'year': info.get('year', '')
}
item.user = user
item.oxdbId = item.itemId
item.save()
if async:
tasks.update_external.delay(item.itemId)
@ -168,7 +169,7 @@ class Item(models.Model):
else:
level = user.get_profile().get_level()
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
if self.level < allowed_level:
if self.level <= allowed_level:
return True
elif user.is_authenticated() and \
(self.user == user or \
@ -272,7 +273,9 @@ class Item(models.Model):
if not settings.USE_IMDB:
self.itemId = ox.to32(self.id)
self.oxdbId = self.oxdb_id()
oxdbId = self.oxdb_id()
if oxdbId:
self.oxdbId = oxdbId
#id changed, what about existing item with new id?
if settings.USE_IMDB and len(self.itemId) != 7 and self.oxdbId != self.itemId:

View file

@ -7,7 +7,7 @@ import mimetypes
import Image
from django.db.models import Count, Sum, Max
from django.http import HttpResponse, Http404
from django.http import HttpResponse, HttpResponseForbidden, Http404
from django.shortcuts import get_object_or_404, redirect
from django.conf import settings
@ -551,6 +551,8 @@ actions.register(getImdbId)
'''
def frame(request, id, size, position=None):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
frame = None
if not position:
frames = item.poster_frames()
@ -575,6 +577,8 @@ def frame(request, id, size, position=None):
def poster_frame(request, id, position):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
position = int(position)
frames = item.poster_frames()
if frames and len(frames) > position:
@ -599,6 +603,8 @@ def image_to_response(image, size=None):
def siteposter(request, id, size=None):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
poster = item.path('siteposter.jpg')
poster = os.path.abspath(os.path.join(settings.MEDIA_ROOT, poster))
if size:
@ -613,6 +619,8 @@ def siteposter(request, id, size=None):
def poster(request, id, size=None):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if item.poster:
return image_to_response(item.poster, size)
else:
@ -624,6 +632,8 @@ def poster(request, id, size=None):
def icon(request, id, size=None):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if item.icon:
return image_to_response(item.icon, size)
else:
@ -632,17 +642,23 @@ def icon(request, id, size=None):
def timeline(request, id, size, position):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
timeline = '%s.%s.%04d.png' %(item.timeline_prefix, size, int(position))
return HttpFileResponse(timeline, content_type='image/png')
def timeline_overview(request, id, size):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
timeline = '%s.%s.png' %(item.timeline_prefix, size)
return HttpFileResponse(timeline, content_type='image/png')
def torrent(request, id, filename=None):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if not item.torrent:
raise Http404
if not filename or filename.endswith('.torrent'):
@ -663,6 +679,8 @@ def torrent(request, id, filename=None):
def video(request, id, resolution, format, index=None):
item = get_object_or_404(models.Item, itemId=id)
if not item.access(request.user):
return HttpResponseForbidden()
if index:
index = int(index) - 1
else: