diff --git a/pandora/item/managers.py b/pandora/item/managers.py index 72ba3c219..214e3f84d 100644 --- a/pandora/item/managers.py +++ b/pandora/item/managers.py @@ -10,7 +10,7 @@ import models from ox.django.query import QuerySet -def parseCondition(condition): +def parseCondition(condition, user): ''' condition: { value: "war" @@ -38,8 +38,8 @@ def parseCondition(condition): exclude = False if isinstance(v, list): - q = parseCondition({'key': k, 'value': v[0], 'operator': '>='}) \ - & parseCondition({'key': k, 'value': v[1], 'operator': '<'}) + q = parseCondition({'key': k, 'value': v[0], 'operator': '>='}, user) \ + & parseCondition({'key': k, 'value': v[1], 'operator': '<'}, user) if exclude: return ~q else: @@ -109,14 +109,17 @@ def parseCondition(condition): if len(l) >= 2: l = (l[0], ":".join(l[1:])) lqs = list(List.objects.filter(name=l[1], user__username=l[0])) - if len(lqs) == 1: - l = lqs[0] - if l.query.get('static', False) == False: - data = l.query - q = parseConditions(data.get('conditions', []), - data.get('operator', '&')) - else: - q = Q(id__in=l.items.all()) + if len(lqs) == 1 and lqs[0].accessible(user): + l = lqs[0] + if l.query.get('static', False) == False: + data = l.query + q = parseConditions(data.get('conditions', []), + data.get('operator', '&'), + user) + else: + q = Q(id__in=l.items.all()) + else: + q = Q(id=0) return q else: #number or date @@ -146,7 +149,7 @@ def parseCondition(condition): return Q(**{'find__key': k, vk: v}) -def parseConditions(conditions, operator): +def parseConditions(conditions, operator, user): ''' conditions: [ { @@ -169,12 +172,12 @@ def parseConditions(conditions, operator): for condition in conditions: if 'conditions' in condition: q = parseConditions(condition['conditions'], - condition.get('operator', '&')) + condition.get('operator', '&'), user) if q: conn.append(q) pass else: - conn.append(parseCondition(condition)) + conn.append(parseCondition(condition, user)) if conn: q = conn[0] for c in conn[1:]: @@ -209,7 +212,8 @@ class ItemManager(Manager): if lqs[0].query: data = lqs[0].query conditions = parseConditions(data['query']['conditions'], - data['query'].get('operator', '&')) + data['query'].get('operator', '&'), + user) qs = qs.filter(conditions) else: qs = qs.filter(id__in=lqs[0].items.all()) @@ -241,7 +245,8 @@ class ItemManager(Manager): qs = self.get_query_set() #only include items that have hard metadata conditions = parseConditions(data.get('query', {}).get('conditions', []), - data.get('query', {}).get('operator', '&')) + data.get('query', {}).get('operator', '&'), + user) qs = qs.filter(conditions) qs = qs.distinct() diff --git a/pandora/itemlist/models.py b/pandora/itemlist/models.py index 004c5792f..97748c55f 100644 --- a/pandora/itemlist/models.py +++ b/pandora/itemlist/models.py @@ -84,6 +84,9 @@ class List(models.Model): def get_id(self): return u'%s:%s' % (self.user.username, self.name) + def accessible(self, user): + return self.user == user or self.status in ('public', 'featured') + def editable(self, user): #FIXME: make permissions work if self.user == user or user.is_staff: diff --git a/pandora/itemlist/views.py b/pandora/itemlist/views.py index 7679a1c3c..4b44a9dc0 100644 --- a/pandora/itemlist/views.py +++ b/pandora/itemlist/views.py @@ -1,14 +1,17 @@ # -*- coding: utf-8 -*- # vi:si:et:sw=4:sts=4:ts=4 from __future__ import division +import os from django.db.models import Max, Sum from django.http import HttpResponseForbidden, Http404 +from django.conf import settings from ox.utils import json from ox.django.decorators import login_required_json from ox.django.shortcuts import render_to_json_response, get_object_or_404_json, json_response from ox.django.http import HttpFileResponse + import models from api.actions import actions from item import utils @@ -504,8 +507,14 @@ actions.register(sortLists, cache=False) def icon(request, id, size=16): if not size: size = 16 - list = get_list_or_404_json(id) - icon = list.get_icon(int(size)) - if icon: - return HttpFileResponse(icon, content_type='image/jpeg') - raise Http404 + + id = id.split(':') + username = id[0] + listname = ":".join(id[1:]) + qs = models.List.objects.filter(user__username=username, name=listname) + if qs.count() == 1 and qs[0].accessible(request.user): + list = qs[0] + icon = list.get_icon(int(size)) + else: + icon = os.path.join(settings.STATIC_ROOT, 'jpg/list.jpg') + return HttpFileResponse(icon, content_type='image/jpeg') diff --git a/static/js/pandora/ui/info.js b/static/js/pandora/ui/info.js index 27675ae91..2cf7b2c83 100644 --- a/static/js/pandora/ui/info.js +++ b/static/js/pandora/ui/info.js @@ -54,7 +54,7 @@ pandora.ui.info = function() { previousView = view; view = getView(); if (view == 'list') { - that.empty().append(pandora.$ui.listInfo = pandora.ui.listInfo(ui._list)); + that.empty().append(pandora.$ui.listInfo = pandora.ui.listInfo()); previousView == 'video' && resizeInfo(); } else if (view == 'poster') { pandora.api.get({id: id, keys: ['director', 'posterRatio', 'title']}, function(result) { @@ -121,39 +121,55 @@ pandora.ui.info = function() { }; -pandora.ui.listInfo = function(list) { - var that = $('