forked from 0x2620/pandora
permissions
This commit is contained in:
parent
4a8954332a
commit
9b0a4bd47f
2 changed files with 24 additions and 3 deletions
|
@ -57,6 +57,7 @@ def get_item(info, user=None, async=False):
|
||||||
'year': info.get('year', '')
|
'year': info.get('year', '')
|
||||||
}
|
}
|
||||||
item.user = user
|
item.user = user
|
||||||
|
item.oxdbId = item.itemId
|
||||||
item.save()
|
item.save()
|
||||||
if async:
|
if async:
|
||||||
tasks.update_external.delay(item.itemId)
|
tasks.update_external.delay(item.itemId)
|
||||||
|
@ -168,7 +169,7 @@ class Item(models.Model):
|
||||||
else:
|
else:
|
||||||
level = user.get_profile().get_level()
|
level = user.get_profile().get_level()
|
||||||
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
|
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
|
||||||
if self.level < allowed_level:
|
if self.level <= allowed_level:
|
||||||
return True
|
return True
|
||||||
elif user.is_authenticated() and \
|
elif user.is_authenticated() and \
|
||||||
(self.user == user or \
|
(self.user == user or \
|
||||||
|
@ -272,7 +273,9 @@ class Item(models.Model):
|
||||||
if not settings.USE_IMDB:
|
if not settings.USE_IMDB:
|
||||||
self.itemId = ox.to32(self.id)
|
self.itemId = ox.to32(self.id)
|
||||||
|
|
||||||
self.oxdbId = self.oxdb_id()
|
oxdbId = self.oxdb_id()
|
||||||
|
if oxdbId:
|
||||||
|
self.oxdbId = oxdbId
|
||||||
|
|
||||||
#id changed, what about existing item with new id?
|
#id changed, what about existing item with new id?
|
||||||
if settings.USE_IMDB and len(self.itemId) != 7 and self.oxdbId != self.itemId:
|
if settings.USE_IMDB and len(self.itemId) != 7 and self.oxdbId != self.itemId:
|
||||||
|
|
|
@ -7,7 +7,7 @@ import mimetypes
|
||||||
|
|
||||||
import Image
|
import Image
|
||||||
from django.db.models import Count, Sum, Max
|
from django.db.models import Count, Sum, Max
|
||||||
from django.http import HttpResponse, Http404
|
from django.http import HttpResponse, HttpResponseForbidden, Http404
|
||||||
from django.shortcuts import get_object_or_404, redirect
|
from django.shortcuts import get_object_or_404, redirect
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
|
@ -551,6 +551,8 @@ actions.register(getImdbId)
|
||||||
'''
|
'''
|
||||||
def frame(request, id, size, position=None):
|
def frame(request, id, size, position=None):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
frame = None
|
frame = None
|
||||||
if not position:
|
if not position:
|
||||||
frames = item.poster_frames()
|
frames = item.poster_frames()
|
||||||
|
@ -575,6 +577,8 @@ def frame(request, id, size, position=None):
|
||||||
|
|
||||||
def poster_frame(request, id, position):
|
def poster_frame(request, id, position):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
position = int(position)
|
position = int(position)
|
||||||
frames = item.poster_frames()
|
frames = item.poster_frames()
|
||||||
if frames and len(frames) > position:
|
if frames and len(frames) > position:
|
||||||
|
@ -599,6 +603,8 @@ def image_to_response(image, size=None):
|
||||||
|
|
||||||
def siteposter(request, id, size=None):
|
def siteposter(request, id, size=None):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
poster = item.path('siteposter.jpg')
|
poster = item.path('siteposter.jpg')
|
||||||
poster = os.path.abspath(os.path.join(settings.MEDIA_ROOT, poster))
|
poster = os.path.abspath(os.path.join(settings.MEDIA_ROOT, poster))
|
||||||
if size:
|
if size:
|
||||||
|
@ -613,6 +619,8 @@ def siteposter(request, id, size=None):
|
||||||
|
|
||||||
def poster(request, id, size=None):
|
def poster(request, id, size=None):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
if item.poster:
|
if item.poster:
|
||||||
return image_to_response(item.poster, size)
|
return image_to_response(item.poster, size)
|
||||||
else:
|
else:
|
||||||
|
@ -624,6 +632,8 @@ def poster(request, id, size=None):
|
||||||
|
|
||||||
def icon(request, id, size=None):
|
def icon(request, id, size=None):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
if item.icon:
|
if item.icon:
|
||||||
return image_to_response(item.icon, size)
|
return image_to_response(item.icon, size)
|
||||||
else:
|
else:
|
||||||
|
@ -632,17 +642,23 @@ def icon(request, id, size=None):
|
||||||
|
|
||||||
def timeline(request, id, size, position):
|
def timeline(request, id, size, position):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
timeline = '%s.%s.%04d.png' %(item.timeline_prefix, size, int(position))
|
timeline = '%s.%s.%04d.png' %(item.timeline_prefix, size, int(position))
|
||||||
return HttpFileResponse(timeline, content_type='image/png')
|
return HttpFileResponse(timeline, content_type='image/png')
|
||||||
|
|
||||||
|
|
||||||
def timeline_overview(request, id, size):
|
def timeline_overview(request, id, size):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
timeline = '%s.%s.png' %(item.timeline_prefix, size)
|
timeline = '%s.%s.png' %(item.timeline_prefix, size)
|
||||||
return HttpFileResponse(timeline, content_type='image/png')
|
return HttpFileResponse(timeline, content_type='image/png')
|
||||||
|
|
||||||
def torrent(request, id, filename=None):
|
def torrent(request, id, filename=None):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
if not item.torrent:
|
if not item.torrent:
|
||||||
raise Http404
|
raise Http404
|
||||||
if not filename or filename.endswith('.torrent'):
|
if not filename or filename.endswith('.torrent'):
|
||||||
|
@ -663,6 +679,8 @@ def torrent(request, id, filename=None):
|
||||||
|
|
||||||
def video(request, id, resolution, format, index=None):
|
def video(request, id, resolution, format, index=None):
|
||||||
item = get_object_or_404(models.Item, itemId=id)
|
item = get_object_or_404(models.Item, itemId=id)
|
||||||
|
if not item.access(request.user):
|
||||||
|
return HttpResponseForbidden()
|
||||||
if index:
|
if index:
|
||||||
index = int(index) - 1
|
index = int(index) - 1
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in a new issue