Add configurable per-gallery public access

2026-05-11 15:49:46 +02:00 · 2026-05-11 15:49:46 +02:00 · 1cdd1dce26
commit 1cdd1dce26
parent 72e9344102
10 changed files with 119 additions and 45 deletions
--- a/photo21/templates/base.html
+++ b/photo21/templates/base.html
@ -37,6 +37,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
            </button>
            <div class="collapse navbar-collapse" id="navbarSupportedContent">
                <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+                    {% if request.user.is_authenticated %}
                    <li class="nav-item">
                        {% url 'photologue:pl-gallery-archive' as url %}
                        <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">{% trans 'Galleries' %}</a>
@ -52,6 +53,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                        <a class="nav-link" href="{% url 'admin:index' %}">{% trans 'Manage' %}</a>
                    </li>
                    {% endif %}
+                    {% endif %}
                </ul>
                <ul class="navbar-nav">
                    {% get_available_languages as LANGUAGES %}
--- a/photo21/views.py
+++ b/photo21/views.py
@ -9,14 +9,30 @@ from django.contrib.auth import get_user_model
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.http import FileResponse, Http404
 from django.views.generic import ListView, View
-from photologue.models import Gallery
+from photologue.models import Gallery, Photo


 class MediaAccess(View):
    def get(self, request, path):
-        if not request.user.is_authenticated and not request.session.get('public_gallery_access'):
+        if not request.user.is_authenticated:
            from django.contrib.auth.views import redirect_to_login
-            return redirect_to_login(request.get_full_path())
+            try:
+                # Direct match (original photo file)
+                allowed = Photo.objects.filter(
+                    image=path,
+                    galleries__is_public=True,
+                ).exists()
+                # Cache files (thumbnails/display) are derived from original photos
+                if not allowed and '/cache/' in path:
+                    original_dir = os.path.dirname(os.path.dirname(path))
+                    allowed = Photo.objects.filter(
+                        image__startswith=original_dir + '/',
+                        galleries__is_public=True,
+                    ).exists()
+            except Exception:
+                return redirect_to_login(request.get_full_path())
+            if not allowed:
+                return redirect_to_login(request.get_full_path())
        media_root = os.path.realpath(settings.MEDIA_ROOT)
        file_path = os.path.realpath(os.path.join(media_root, path))
        if not file_path.startswith(media_root + os.sep):