Staff members can inspect private pictures

2022-01-30 12:29:27 +01:00 · 2022-01-30 12:29:27 +01:00 · 696bc4d5c1
commit 696bc4d5c1
parent d7a39a0334
7 changed files with 49 additions and 53 deletions
--- a/photologue/views.py
+++ b/photologue/views.py
@ -24,11 +24,19 @@ from .models import Gallery, Photo, Tag


 class GalleryDateView(LoginRequiredMixin):
-    queryset = Gallery.objects.filter(is_public=True)
+    model = Gallery
    date_field = 'date_start'
    uses_datetime_field = False  # Fix related object access
    allow_empty = True

+    def get_queryset(self):
+        """Non-staff members only see public galleries"""
+        qs = super().get_queryset()
+        if self.request.user.is_staff:
+            return qs
+        else:
+            return qs.filter(is_public=True)
+

 class GalleryArchiveIndexView(GalleryDateView, ArchiveIndexView):
    pass
@ -39,7 +47,15 @@ class GalleryYearArchiveView(GalleryDateView, YearArchiveView):


 class PhotoDetailView(LoginRequiredMixin, DetailView):
-    queryset = Photo.objects.filter(is_public=True)
+    model = Photo
+
+    def get_queryset(self):
+        """Non-staff members only see public photos"""
+        qs = super().get_queryset()
+        if self.request.user.is_staff:
+            return qs
+        else:
+            return qs.filter(is_public=True)


 class TagDetail(LoginRequiredMixin, DetailView):
@ -57,17 +73,28 @@ class TagDetail(LoginRequiredMixin, DetailView):
        return context


-class CustomGalleryDetailView(LoginRequiredMixin, DetailView):
+class GalleryDetailView(LoginRequiredMixin, DetailView):
    """
-    Custom gallery detail view to filter on photo owner
+    Gallery detail view to filter on photo owner
    """
-    queryset = Gallery.objects.filter(is_public=True)
+    model = Gallery
+
+    def get_queryset(self):
+        """Non-staff members only see public galleries"""
+        qs = super().get_queryset()
+        if self.request.user.is_staff:
+            return qs
+        else:
+            return qs.filter(is_public=True)

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)

-        # Query with owner to reduce database lag
-        context['photos'] = self.object.public().select_related('owner')
+        # Non-staff members only see public photos
+        if self.request.user.is_staff:
+            context['photos'] = self.object.photos.all()
+        else:
+            context['photos'] = self.object.photos.filter(is_public=True)

        # List owners
        context['owners'] = []
@ -83,7 +110,7 @@ class CustomGalleryDetailView(LoginRequiredMixin, DetailView):


 class GalleryDownload(LoginRequiredMixin, DetailView):
-    model = Gallery
+    queryset = Gallery.objects.filter(is_public=True)

    def get(self, request, *args, **kwargs):
        """
@ -93,7 +120,7 @@ class GalleryDownload(LoginRequiredMixin, DetailView):
        gallery = self.get_object()
        byte_data = BytesIO()
        zip_file = zipfile.ZipFile(byte_data, "w")
-        for photo in gallery.public():
+        for photo in gallery.photos.filter(is_public=True):
            filename = os.path.basename(os.path.normpath(photo.image.path))
            zip_file.write(photo.image.path, filename)
        zip_file.close()