[Kobo] Add Shelf/Collection support.

Implements the v1/library/tags set of endpoints to sync CalibreWeb shelves with the Kobo device. Drive-by: Refactors shelf.py to consolidate how user permissions are checked. Drive-by: Fix issue with the sync endpoint that arrises when a book is hard-deleted.
2020-03-12 19:31:42 -04:00
parent 3e1c34efe6
commit 41a3623fcc
5 changed files with 326 additions and 82 deletions
--- a/cps/shelf.py
+++ b/cps/shelf.py
@ -35,6 +35,24 @@ from .helper import common_filters
 shelf = Blueprint('shelf', __name__)
 log = logger.create()

+def check_shelf_edit_permissions(cur_shelf):
+    if not cur_shelf.is_public and not cur_shelf.user_id == int(current_user.id):
+        log.error("User %s not allowed to edit shelf %s", current_user, cur_shelf)
+        return False
+    if cur_shelf.is_public and not current_user.role_edit_shelfs():
+        log.info("User %s not allowed to edit public shelves", current_user)
+        return False
+    return True
+
+
+def check_shelf_view_permissions(cur_shelf):
+    if cur_shelf.is_public:
+        return True
+    if current_user.is_anonymous or cur_shelf.user_id != current_user.id:
+        log.error("User is unauthorized to view non-public shelf: %s", cur_shelf)
+        return False
+    return True
+

@shelf.route("/shelf/add/<int:shelf_id>/<int:book_id>")
@login_required
@ -48,21 +66,13 @@ def add_to_shelf(shelf_id, book_id):
            return redirect(url_for('web.index'))
        return "Invalid shelf specified", 400

-    if not shelf.is_public and not shelf.user_id == int(current_user.id):
-        log.error("User %s not allowed to add a book to %s", current_user, shelf)
+    if not check_shelf_edit_permissions(shelf):
        if not xhr:
            flash(_(u"Sorry you are not allowed to add a book to the the shelf: %(shelfname)s", shelfname=shelf.name),
                  category="error")
            return redirect(url_for('web.index'))
        return "Sorry you are not allowed to add a book to the the shelf: %s" % shelf.name, 403

-    if shelf.is_public and not current_user.role_edit_shelfs():
-        log.info("User %s not allowed to edit public shelves", current_user)
-        if not xhr:
-            flash(_(u"You are not allowed to edit public shelves"), category="error")
-            return redirect(url_for('web.index'))
-        return "User is not allowed to edit public shelves", 403
-
    book_in_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id,
                                          ub.BookShelf.book_id == book_id).first()
    if book_in_shelf:
@ -78,8 +88,8 @@ def add_to_shelf(shelf_id, book_id):
    else:
        maxOrder = maxOrder[0]

-    ins = ub.BookShelf(shelf=shelf.id, book_id=book_id, order=maxOrder + 1)
-    ub.session.add(ins)
+    shelf.books.append(ub.BookShelf(shelf=shelf.id, book_id=book_id, order=maxOrder + 1))
+    ub.session.merge(shelf)
    ub.session.commit()
    if not xhr:
        flash(_(u"Book has been added to shelf: %(sname)s", sname=shelf.name), category="success")
@ -99,16 +109,10 @@ def search_to_shelf(shelf_id):
        flash(_(u"Invalid shelf specified"), category="error")
        return redirect(url_for('web.index'))

-    if not shelf.is_public and not shelf.user_id == int(current_user.id):
-        log.error("User %s not allowed to add a book to %s", current_user, shelf)
+    if not check_shelf_edit_permissions(shelf):
        flash(_(u"You are not allowed to add a book to the the shelf: %(name)s", name=shelf.name), category="error")
        return redirect(url_for('web.index'))

-    if shelf.is_public and not current_user.role_edit_shelfs():
-        log.error("User %s not allowed to edit public shelves", current_user)
-        flash(_(u"User is not allowed to edit public shelves"), category="error")
-        return redirect(url_for('web.index'))
-
    if current_user.id in searched_ids and searched_ids[current_user.id]:
        books_for_shelf = list()
        books_in_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id).all()
@ -135,8 +139,8 @@ def search_to_shelf(shelf_id):

        for book in books_for_shelf:
            maxOrder = maxOrder + 1
-            ins = ub.BookShelf(shelf=shelf.id, book_id=book, order=maxOrder)
-            ub.session.add(ins)
+            shelf.books.append(ub.BookShelf(shelf=shelf.id, book_id=book, order=maxOrder))
+        ub.session.merge(shelf)
        ub.session.commit()
        flash(_(u"Books have been added to shelf: %(sname)s", sname=shelf.name), category="success")
    else:
@ -163,8 +167,7 @@ def remove_from_shelf(shelf_id, book_id):
    #   true         0             x             1
    #   false        0             x             0

-    if (not shelf.is_public and shelf.user_id == int(current_user.id)) \
-            or (shelf.is_public and current_user.role_edit_shelfs()):
+    if check_shelf_edit_permissions(shelf):
        book_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id,
                                                           ub.BookShelf.book_id == book_id).first()

@ -185,7 +188,6 @@ def remove_from_shelf(shelf_id, book_id):
                return redirect(url_for('web.index'))
        return "", 204
    else:
-        log.error("User %s not allowed to remove a book from %s", current_user, shelf)
        if not xhr:
            flash(_(u"Sorry you are not allowed to remove a book from this shelf: %(sname)s", sname=shelf.name),
                  category="error")
@ -238,7 +240,7 @@ def create_shelf():
@login_required
 def edit_shelf(shelf_id):
    shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
-    if request.method == "POST":
+    if request.method == "POST":            
        to_save = request.form.to_dict()

        is_shelf_name_unique = False
@ -275,41 +277,33 @@ def edit_shelf(shelf_id):
        return render_title_template('shelf_edit.html', shelf=shelf, title=_(u"Edit a shelf"), page="shelfedit")


+def delete_shelf_helper(cur_shelf):
+    if not cur_shelf or not check_shelf_edit_permissions(cur_shelf):
+        return
+    shelf_id = cur_shelf.id
+    ub.session.delete(cur_shelf)
+    ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id).delete()
+    ub.session.add(ub.ShelfArchive(uuid = cur_shelf.uuid, user_id = cur_shelf.uuid))
+    ub.session.commit()
+    log.info("successfully deleted %s", cur_shelf)
+
+
@shelf.route("/shelf/delete/<int:shelf_id>")
@login_required
 def delete_shelf(shelf_id):
    cur_shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
-    deleted = None
-    if current_user.role_admin():
-        deleted = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).delete()
-    else:
-        if (not cur_shelf.is_public and cur_shelf.user_id == int(current_user.id)) \
-                or (cur_shelf.is_public and current_user.role_edit_shelfs()):
-            deleted = ub.session.query(ub.Shelf).filter(or_(and_(ub.Shelf.user_id == int(current_user.id),
-                                                                 ub.Shelf.id == shelf_id),
-                                                            and_(ub.Shelf.is_public == 1,
-                                                                 ub.Shelf.id == shelf_id))).delete()
-
-    if deleted:
-        ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id).delete()
-        ub.session.commit()
-        log.info("successfully deleted %s", cur_shelf)
+    delete_shelf_helper(cur_shelf)
    return redirect(url_for('web.index'))

 # @shelf.route("/shelfdown/<int:shelf_id>")
@shelf.route("/shelf/<int:shelf_id>", defaults={'shelf_type': 1})
@shelf.route("/shelf/<int:shelf_id>/<int:shelf_type>")
 def show_shelf(shelf_type, shelf_id):
-    if current_user.is_anonymous:
-        shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.is_public == 1, ub.Shelf.id == shelf_id).first()
-    else:
-        shelf = ub.session.query(ub.Shelf).filter(or_(and_(ub.Shelf.user_id == int(current_user.id),
-                                                           ub.Shelf.id == shelf_id),
-                                                      and_(ub.Shelf.is_public == 1,
-                                                           ub.Shelf.id == shelf_id))).first()
+    shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
+
    result = list()
    # user is allowed to access shelf
-    if shelf:
+    if shelf and check_shelf_view_permissions(shelf):
        page = "shelf.html" if shelf_type == 1 else 'shelfdown.html'

        books_in_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id)\
@ -344,15 +338,10 @@ def order_shelf(shelf_id):
            setattr(book, 'order', to_save[str(book.book_id)])
            counter += 1
        ub.session.commit()
-    if current_user.is_anonymous:
-        shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.is_public == 1, ub.Shelf.id == shelf_id).first()
-    else:
-        shelf = ub.session.query(ub.Shelf).filter(or_(and_(ub.Shelf.user_id == int(current_user.id),
-                                                           ub.Shelf.id == shelf_id),
-                                                      and_(ub.Shelf.is_public == 1,
-                                                           ub.Shelf.id == shelf_id))).first()
+
+    shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
    result = list()
-    if shelf:
+    if shelf and check_shelf_view_permissions(shelf):
        books_in_shelf2 = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id) \
            .order_by(ub.BookShelf.order.asc()).all()
        for book in books_in_shelf2: