From 8734e356135dccb930d1c6963bcd11ca324050e8 Mon Sep 17 00:00:00 2001
From: j <0x006A@0x2620.org>
Date: Mon, 25 Feb 2013 10:30:29 +0000
Subject: [PATCH] add add item api

---
 pandora/archive/views.py |  2 +-
 pandora/item/views.py    | 36 +++++++++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/pandora/archive/views.py b/pandora/archive/views.py
index d76821b14..d5d46f3b6 100644
--- a/pandora/archive/views.py
+++ b/pandora/archive/views.py
@@ -187,7 +187,7 @@ def addFile(request):
     response = json_response({})
     data = json.loads(request.POST['data'])
     oshash = data.pop('id')
-    if not request.user.get_profile().capability('canUploadVideo'):
+    if not request.user.get_profile().capability('canAddItems'):
         response = json_response(status=403, text='permissino denied')
     elif models.File.objects.filter(oshash=oshash).count() > 0:
         f = models.File.objects.get(oshash=oshash)
diff --git a/pandora/item/views.py b/pandora/item/views.py
index 145fbf225..3a254e120 100644
--- a/pandora/item/views.py
+++ b/pandora/item/views.py
@@ -7,6 +7,7 @@ import random
 from urlparse import urlparse
 from urllib import quote
 import time
+import re
 
 import Image
 from django.db.models import Count, Sum
@@ -459,6 +460,35 @@ def get(request):
     return render_to_json_response(response)
 actions.register(get)
 
+@login_required_json
+def add(request):
+    '''
+        param data {
+        }
+        return {
+            status: {'code': int, 'text': string},
+            data: {
+                id:
+                name:
+                ...
+            }
+        }
+    '''
+
+    if not request.user.get_profile().capability('canAddItems'):
+        response = json_response(status=403, text='permissino denied')
+    else:
+        data = json.loads(request.POST['data'])
+        data['title'] = data.get('title', 'Untitled')
+        i = models.Item()
+        i.data['title'] = data['title']
+        i.user = request.user
+        i.save()
+        response = json_response(status=200, text='created')
+        response['data'] = i.get_json()
+    return render_to_json_response(response)
+actions.register(add, cache=False)
+
 @login_required_json
 def edit(request):
     '''
@@ -515,7 +545,11 @@ def remove(request):
     response = json_response({})
     data = json.loads(request.POST['data'])
     item = get_object_or_404_json(models.Item, itemId=data['id'])
-    if item.editable(request.user):
+    user = request.user
+    if user.get_profile().capability('canRemoveItems') == True or \
+           user.is_staff or \
+           item.user == user or \
+           item.groups.filter(id__in=user.groups.all()).count() > 0:
         item.log()
         #FIXME: is this cascading enough or do we end up with orphan files etc.
         item.delete()