Add delete and join options

partitioncloud/albums.py

@@ -10,6 +10,7 @@ from flask import (Blueprint, abort, flash, redirect, render_template, request,
 
 from .auth import login_required
 from .db import get_db
+from . import user
 
 bp = Blueprint("albums", __name__, url_prefix="/albums")
 
@@ -17,16 +18,7 @@ bp = Blueprint("albums", __name__, url_prefix="/albums")
 @bp.route("/")
 @login_required
 def index():
-    db = get_db()
+    albums = user.get_albums(session.get("user_id"))
-    albums = db.execute(
-        """
-        SELECT album.id, name, uuid FROM album
-        JOIN contient_user ON album_id = album.id
-        JOIN user ON user_id = user.id
-        WHERE user.id = ?
-        """,
-        (session.get("user_id"),),
-    ).fetchall()
 
     return render_template("albums/index.html", albums=albums)
 
@@ -58,7 +50,13 @@ def album(uuid):
         (uuid,),
     ).fetchall()
 
-    return render_template("albums/album.html", album=album, partitions=partitions)
+    if session.get("user_id") is None:
+        # On ne propose pas aux gens non connectés de rejoindre l'album
+        not_participant = False
+    else:
+        not_participant = not user.is_participant(session.get("user_id"), uuid)
+
+    return render_template("albums/album.html", album=album, partitions=partitions, not_participant=not_participant)
 
 
 @bp.route("/<album_uuid>/<partition_uuid>")
@@ -136,3 +134,125 @@ def create_album():
         return render_template("albums/create-album.html")
 
     return render_template("albums/create-album.html")
+
+
+@bp.route("/<uuid>/join")
+def join_album(uuid):
+    if session.get("user_id") is None:
+        flash("Vous n'êtes pas connecté.")
+        return redirect(f"/albums/{uuid}")
+    
+    db = get_db()
+    album_id = db.execute(
+        """
+        SELECT id FROM album
+        WHERE uuid = ?
+        """,
+        (uuid,)
+    ).fetchone()["id"]
+
+    if album_id is None:
+        flash("Cet album n'existe pas.")
+        return redirect(f"/albums/{uuid}")
+
+    db.execute(
+        """
+        INSERT INTO contient_user (user_id, album_id)
+        VALUES (?, ?)
+        """,
+        (session.get("user_id"), album_id)
+    )
+    db.commit()
+    flash("Album ajouté à la collection.")
+    return redirect(f"/albums/{uuid}")
+
+
+@bp.route("/<uuid>/delete", methods=["GET", "POST"])
+def delete_album(uuid):
+    db = get_db()
+    if session.get("user_id") is None:
+        flash("Vous n'êtes pas connecté.")
+        return redirect(f"/albums/{uuid}")
+
+    if request.method == "GET":
+        album =  db.execute(
+            """
+            SELECT * FROM album
+            WHERE uuid = ?
+            """,
+            (uuid,)
+        ).fetchone()
+        return render_template("albums/delete-album.html", album=album)
+    
+    error = None
+    users = user.get_users(uuid)
+    if len(users) > 1:
+        error = "Vous n'êtes pas seul dans cet album."
+    elif len(users) == 1 and users[0]["id"] != session.get("user_id"):
+        error = "Vous ne possédez pas cet album."
+    
+    if user.access_level(session.get("user-id")) == 1:
+        error = None
+
+    if error is not None:
+        flash(error)
+        return redirect(f"/albums/{uuid}")
+
+    album_id = db.execute(
+        """
+        SELECT id FROM album
+        WHERE uuid = ?
+        """,
+        (uuid,)
+    ).fetchone()["id"]
+
+    db.execute(
+        """
+        DELETE FROM album
+        WHERE uuid = ?
+        """,
+        (uuid,)
+    )
+    db.execute(
+        """
+        DELETE FROM contient_user
+        WHERE album_id = ?
+        """,
+        (album_id,)
+    )
+    db.execute(
+        """
+        DELETE FROM contient_partition
+        WHERE album_id = ?
+        """,
+        (album_id,)
+    )
+    db.commit()
+    # Delete orphan partitions
+    partitions = db.execute(
+        """
+        SELECT partition.uuid FROM partition
+        WHERE NOT EXISTS (
+            SELECT NULL FROM contient_partition 
+            WHERE partition.uuid = partition_uuid
+        )
+        """
+    )
+    for partition in partitions.fetchall():
+        os.remove(f"partitioncloud/partitions/{partition['uuid']}.pdf")
+    
+    partitions = db.execute(
+        """
+        DELETE FROM partition
+        WHERE uuid IN (
+            SELECT partition.uuid FROM partition
+            WHERE NOT EXISTS (
+                SELECT NULL FROM contient_partition 
+                WHERE partition.uuid = partition_uuid
+            )
+        )
+        """
+    )
+    db.commit()
+    flash("Album supprimé.")
+    return redirect("/albums")

partitioncloud/templates/albums/album.html

@@ -5,6 +5,11 @@
 {% endblock %}
 
 {% block content %}
+{% if not_participant %}
+  <a href="/albums/{{ album['uuid'] }}/join">
+    <button id="join-album">Rejoindre</button>
+  </a>
+{% endif %}
 {% if partitions|length != 0 %}
   {% for partition in partitions %}
   <a href="{{ album['uuid'] }}/{{ partition['uuid'] }}">

partitioncloud/templates/albums/delete-album.html

@@ -0,0 +1,13 @@
+{% extends 'base.html' %}
+
+{% block header %}
+  <h1>{% block title %}Supprimer {{ album["name"] }}{% endblock %}</h1>
+{% endblock %}
+
+{% block content %}
+  Êtes vous sûr de vouloir supprimer cet album ?
+  <form method="post">
+    <input type="submit" value="Supprimer">
+  </form>
+  <a href="/albums/{{ album['uuid'] }}"><button>Annuler</button></a>
+{% endblock %}

partitioncloud/user.py

@@ -0,0 +1,60 @@
+#!/usr/bin/python3
+from .db import get_db
+
+
+def access_level(user_id):
+    db = get_db()
+    if user_id is None:
+        return -1
+    return db.execute(
+        """
+        SELECT access_level FROM user
+        WHERE id = ?
+        """,
+        (user_id,)
+    ).fetchone()["access_level"]
+
+
+def is_participant(user_id, uuid):
+    db = get_db()
+    return len(db.execute(
+            """
+            SELECT album.id FROM album
+            JOIN contient_user ON album_id = album.id
+            JOIN user ON user_id = user.id
+            WHERE user.id = ? AND album.uuid = ?
+            """,
+            (user_id, uuid)
+        ).fetchall()) == 1
+
+
+def get_albums(user_id):
+    db = get_db()
+    if access_level(user_id) == 1:
+        return db.execute(
+            """
+            SELECT * FROM album
+            """
+        ).fetchall()
+    return db.execute(
+            """
+            SELECT album.id, name, uuid FROM album
+            JOIN contient_user ON album_id = album.id
+            JOIN user ON user_id = user.id
+            WHERE user.id = ?
+            """,
+            (user_id,),
+        ).fetchall()
+
+
+def get_users(album_uuid):
+    db = get_db()
+    return db.execute(
+        """
+        SELECT * FROM user
+        JOIN contient_user ON user_id = user.id
+        JOIN album ON album.id = album_id
+        WHERE album.uuid = ?
+        """,
+        (album_uuid,)
+    ).fetchall()