diff --git a/partitioncloud/albums.py b/partitioncloud/albums.py index f18df50..79be9fa 100644 --- a/partitioncloud/albums.py +++ b/partitioncloud/albums.py @@ -10,6 +10,7 @@ from flask import (Blueprint, abort, flash, redirect, render_template, request, from .auth import login_required from .db import get_db +from . import user bp = Blueprint("albums", __name__, url_prefix="/albums") @@ -17,16 +18,7 @@ bp = Blueprint("albums", __name__, url_prefix="/albums") @bp.route("/") @login_required def index(): - db = get_db() - albums = db.execute( - """ - SELECT album.id, name, uuid FROM album - JOIN contient_user ON album_id = album.id - JOIN user ON user_id = user.id - WHERE user.id = ? - """, - (session.get("user_id"),), - ).fetchall() + albums = user.get_albums(session.get("user_id")) return render_template("albums/index.html", albums=albums) @@ -58,7 +50,13 @@ def album(uuid): (uuid,), ).fetchall() - return render_template("albums/album.html", album=album, partitions=partitions) + if session.get("user_id") is None: + # On ne propose pas aux gens non connectés de rejoindre l'album + not_participant = False + else: + not_participant = not user.is_participant(session.get("user_id"), uuid) + + return render_template("albums/album.html", album=album, partitions=partitions, not_participant=not_participant) @bp.route("//") @@ -136,3 +134,125 @@ def create_album(): return render_template("albums/create-album.html") return render_template("albums/create-album.html") + + +@bp.route("//join") +def join_album(uuid): + if session.get("user_id") is None: + flash("Vous n'êtes pas connecté.") + return redirect(f"/albums/{uuid}") + + db = get_db() + album_id = db.execute( + """ + SELECT id FROM album + WHERE uuid = ? + """, + (uuid,) + ).fetchone()["id"] + + if album_id is None: + flash("Cet album n'existe pas.") + return redirect(f"/albums/{uuid}") + + db.execute( + """ + INSERT INTO contient_user (user_id, album_id) + VALUES (?, ?) + """, + (session.get("user_id"), album_id) + ) + db.commit() + flash("Album ajouté à la collection.") + return redirect(f"/albums/{uuid}") + + +@bp.route("//delete", methods=["GET", "POST"]) +def delete_album(uuid): + db = get_db() + if session.get("user_id") is None: + flash("Vous n'êtes pas connecté.") + return redirect(f"/albums/{uuid}") + + if request.method == "GET": + album = db.execute( + """ + SELECT * FROM album + WHERE uuid = ? + """, + (uuid,) + ).fetchone() + return render_template("albums/delete-album.html", album=album) + + error = None + users = user.get_users(uuid) + if len(users) > 1: + error = "Vous n'êtes pas seul dans cet album." + elif len(users) == 1 and users[0]["id"] != session.get("user_id"): + error = "Vous ne possédez pas cet album." + + if user.access_level(session.get("user-id")) == 1: + error = None + + if error is not None: + flash(error) + return redirect(f"/albums/{uuid}") + + album_id = db.execute( + """ + SELECT id FROM album + WHERE uuid = ? + """, + (uuid,) + ).fetchone()["id"] + + db.execute( + """ + DELETE FROM album + WHERE uuid = ? + """, + (uuid,) + ) + db.execute( + """ + DELETE FROM contient_user + WHERE album_id = ? + """, + (album_id,) + ) + db.execute( + """ + DELETE FROM contient_partition + WHERE album_id = ? + """, + (album_id,) + ) + db.commit() + # Delete orphan partitions + partitions = db.execute( + """ + SELECT partition.uuid FROM partition + WHERE NOT EXISTS ( + SELECT NULL FROM contient_partition + WHERE partition.uuid = partition_uuid + ) + """ + ) + for partition in partitions.fetchall(): + os.remove(f"partitioncloud/partitions/{partition['uuid']}.pdf") + + partitions = db.execute( + """ + DELETE FROM partition + WHERE uuid IN ( + SELECT partition.uuid FROM partition + WHERE NOT EXISTS ( + SELECT NULL FROM contient_partition + WHERE partition.uuid = partition_uuid + ) + ) + """ + ) + db.commit() + flash("Album supprimé.") + return redirect("/albums") \ No newline at end of file diff --git a/partitioncloud/templates/albums/album.html b/partitioncloud/templates/albums/album.html index a0d0633..48d7126 100644 --- a/partitioncloud/templates/albums/album.html +++ b/partitioncloud/templates/albums/album.html @@ -5,6 +5,11 @@ {% endblock %} {% block content %} +{% if not_participant %} + + + +{% endif %} {% if partitions|length != 0 %} {% for partition in partitions %} diff --git a/partitioncloud/templates/albums/delete-album.html b/partitioncloud/templates/albums/delete-album.html new file mode 100644 index 0000000..46d1738 --- /dev/null +++ b/partitioncloud/templates/albums/delete-album.html @@ -0,0 +1,13 @@ +{% extends 'base.html' %} + +{% block header %} +

{% block title %}Supprimer {{ album["name"] }}{% endblock %}

+{% endblock %} + +{% block content %} + Êtes vous sûr de vouloir supprimer cet album ? +
+ +
+
+{% endblock %} \ No newline at end of file diff --git a/partitioncloud/user.py b/partitioncloud/user.py new file mode 100644 index 0000000..4b302b8 --- /dev/null +++ b/partitioncloud/user.py @@ -0,0 +1,60 @@ +#!/usr/bin/python3 +from .db import get_db + + +def access_level(user_id): + db = get_db() + if user_id is None: + return -1 + return db.execute( + """ + SELECT access_level FROM user + WHERE id = ? + """, + (user_id,) + ).fetchone()["access_level"] + + +def is_participant(user_id, uuid): + db = get_db() + return len(db.execute( + """ + SELECT album.id FROM album + JOIN contient_user ON album_id = album.id + JOIN user ON user_id = user.id + WHERE user.id = ? AND album.uuid = ? + """, + (user_id, uuid) + ).fetchall()) == 1 + + +def get_albums(user_id): + db = get_db() + if access_level(user_id) == 1: + return db.execute( + """ + SELECT * FROM album + """ + ).fetchall() + return db.execute( + """ + SELECT album.id, name, uuid FROM album + JOIN contient_user ON album_id = album.id + JOIN user ON user_id = user.id + WHERE user.id = ? + """, + (user_id,), + ).fetchall() + + +def get_users(album_uuid): + db = get_db() + return db.execute( + """ + SELECT * FROM user + JOIN contient_user ON user_id = user.id + JOIN album ON album.id = album_id + WHERE album.uuid = ? + """, + (album_uuid,) + ).fetchall() \ No newline at end of file