Fix groupe permissions

partitioncloud/modules/albums.py

@@ -89,7 +89,7 @@ def get_album(uuid):
         except LookupError:
             return abort(404)
 
-    album.users = [User(user_id=i["id"]) for i in album.get_users()]
+    album.users = [User(user_id=u_id) for u_id in album.get_users()]
     user = User(user_id=session.get("user_id"))
     partitions = album.get_partitions()
     if user.id is None:
@@ -204,8 +204,9 @@ def quit_album(uuid):
     """
     user = User(user_id=session.get("user_id"))
     album = Album(uuid=uuid)
+
     users = album.get_users()
-    if user.id not in [u["id"] for u in users]:
+    if user.id not in users:
         flash(_("You are not a member of this album"))
         return redirect(request.referrer)
 
@@ -234,7 +235,7 @@ def delete_album(uuid):
     users = album.get_users()
     if len(users) > 1:
         error = _("You are not alone in this album.")
-    elif len(users) == 1 and users[0]["id"] != user.id:
+    elif len(users) == 1 and users[0] != user.id:
         error = _("You don't own this album.")
 
     if user.access_level == 1:

partitioncloud/modules/classes/album.py

@@ -51,11 +51,11 @@ class Album():
 
     def get_users(self, force_reload=False):
         """
-        Renvoie les utilisateurs liés à l'album
+        Renvoie les data["id"] des utilisateurs liés à l'album
         """
         if self.users is None or force_reload:
             db = get_db()
-            self.users = db.execute(
+            data = db.execute(
                 """
                 SELECT * FROM user
                 JOIN contient_user ON user_id = user.id
@@ -64,6 +64,7 @@ class Album():
                 """,
                 (self.uuid,)
             ).fetchall()
+            self.users = [i["id"] for i in data]
         return self.users
 
     def get_partitions(self):

partitioncloud/modules/classes/groupe.py

@@ -75,21 +75,23 @@ class Groupe():
             album.delete(instance_path)
 
 
-    def get_users(self):
+    def get_users(self, force_reload=False):
         """
         Renvoie les data["id"] des utilisateurs liés au groupe
-        TODO: uniformiser le tout
         """
-        db = get_db()
+        if self.users is None or force_reload:
-        return db.execute(
+            db = get_db()
-            """
+            data = db.execute(
-            SELECT * FROM user
+                """
-            JOIN groupe_contient_user ON user_id = user.id
+                SELECT * FROM user
-            JOIN groupe ON groupe.id = groupe_id
+                JOIN groupe_contient_user ON user_id = user.id
-            WHERE groupe.id = ?
+                JOIN groupe ON groupe.id = groupe_id
-            """,
+                WHERE groupe.id = ?
-            (self.id,)
+                """,
-        ).fetchall()
+                (self.id,)
+            ).fetchall()
+            self.users = [i["id"] for i in data]
+        return self.users
 
     def get_albums(self, force_reload=False):
         """
@@ -126,6 +128,21 @@ class Groupe():
         ).fetchall()
         return [i["id"] for i in data]
 
+    def set_admin(self, user_id, value):
+        """
+        Rend un utilisateur administrateur du groupe
+        """
+        db = get_db()
+        data = db.execute(
+            """
+            UPDATE groupe_contient_user
+            SET is_admin=?
+            WHERE user_id=? AND groupe_id=?
+            """,
+            (value, user_id, self.id)
+        )
+        db.commit()
+
     def to_zip(self, instance_path):
         data = io.BytesIO()
         with zipfile.ZipFile(data, mode="w") as z:

partitioncloud/modules/groupe.py

@@ -35,7 +35,7 @@ def get_groupe(uuid):
         except LookupError:
             return abort(404)
 
-    groupe.users = [User(user_id=i["id"]) for i in groupe.get_users()]
+    groupe.users = [User(user_id=u_id) for u_id in groupe.get_users()]
     groupe.get_albums()
     user = User(user_id=session.get("user_id"))
 
@@ -131,7 +131,7 @@ def quit_groupe(uuid):
     user = User(user_id=session.get("user_id"))
     groupe = Groupe(uuid=uuid)
     users = groupe.get_users()
-    if user.id not in [u["id"] for u in users]:
+    if user.id not in users:
         flash(_("You are not a member of this group."))
         return redirect(f"/groupe/{uuid}")
 
@@ -140,6 +140,11 @@ def quit_groupe(uuid):
         return redirect(f"/groupe/{uuid}#delete")
 
     user.quit_groupe(groupe.uuid)
+
+    if len(groupe.get_admins()) == 0: # On s'assure que le groupe contient toujours des administrateurs
+        for user_id in groupe.get_users(force_reload=True):
+            groupe.set_admin(user_id, True)
+
     flash(_("Group quitted."))
     return redirect("/albums")
 
@@ -151,8 +156,7 @@ def delete_groupe(uuid):
     user = User(user_id=session.get("user_id"))
 
     error = None
-    users = groupe.get_users()
+    if len(groupe.get_users()) > 1:
-    if len(users) > 1:
         error = _("You are not alone in this group.")
 
     if user.access_level == 1 or user.id not in groupe.get_admins():
@@ -185,7 +189,7 @@ def create_album_req(groupe_uuid):
     if not name or name.strip() == "":
         error = _("Missing name.")
 
-    if user.id not in groupe.get_admins():
+    if user.id not in groupe.get_admins() and user.access_level != 1:
         error = _("You are not admin of this group.")
 
     if error is None:
@@ -241,7 +245,7 @@ def get_album(groupe_uuid, album_uuid):
     user = User(user_id=session.get("user_id"))
 
     # List of users without duplicate
-    users_id = list({i["id"] for i in album.get_users()+groupe.get_users()})
+    users_id = list(set(album.get_users()+groupe.get_users()))
     album.users = [User(user_id=id) for id in users_id]
 
     partitions = album.get_partitions()