sinfonie/photo26
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Allow photo owners to delete their own photos

Browse source
This commit is contained in:
krek0 2026-04-20 22:56:05 +02:00
parent a875c2707b
commit 71937f5c4d
3 changed files with 16 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
photologue/static/lightgallery/plugins/admin/lg-admin.js
View file

@ -11,6 +11,7 @@ class lgAdmin {
this.core = instance; this.core = instance;
this.$LG = $LG; this.$LG = $LG;
this.isStaff = document.querySelector('[name=is_staff]').value === "true"; this.isStaff = document.querySelector('[name=is_staff]').value === "true";
this.userId = document.querySelector('[name=user_id]').value;
this.csrfToken = document.querySelector('[name=csrfmiddlewaretoken]').value; this.csrfToken = document.querySelector('[name=csrfmiddlewaretoken]').value;
this.photoId = 0; this.photoId = 0;
return this; return this;
@ -27,7 +28,7 @@ class lgAdmin {
// Add button to delete photo // Add button to delete photo
this.core.$toolbar.append(`<a href="#" id="lg-delete" title="Remove this photo" class="lg-icon lg-bi-icon">${deleteIcon}</a>`); this.core.$toolbar.append(`<a href="#" id="lg-delete" title="Remove this photo" class="lg-icon lg-bi-icon">${deleteIcon}</a>`);
document.getElementById("lg-delete").style.display = this.isStaff ? 'block' : 'none'; document.getElementById("lg-delete").style.display = 'none';
document.getElementById("lg-delete").addEventListener('click', this.onDelete.bind(this)); document.getElementById("lg-delete").addEventListener('click', this.onDelete.bind(this));
// Add button to report photo // Add button to report photo
@ -41,6 +42,10 @@ class lgAdmin {
onAfterSlide(event) { onAfterSlide(event) {
this.photoId = this.core.galleryItems[event.detail.index].slideName; this.photoId = this.core.galleryItems[event.detail.index].slideName;
document.getElementById("lg-admin").href = `/admin/photologue/photo/${this.photoId}/change/`; document.getElementById("lg-admin").href = `/admin/photologue/photo/${this.photoId}/change/`;
const el = document.querySelector(`[data-slide-name='${this.photoId}']`);
const ownerId = el ? el.dataset.ownerId : null;
const canDelete = this.isStaff || (ownerId && ownerId === this.userId);
document.getElementById("lg-delete").style.display = canDelete ? 'block' : 'none';
} }
// Event called when user click on delete button // Event called when user click on delete button

3
photologue/templates/photologue/gallery_detail.html
View file

@ -18,6 +18,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
{# Javascript code fetches CSRF token from HTML #} {# Javascript code fetches CSRF token from HTML #}
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="is_staff" value="{{ request.user.is_staff|yesno:'true,false' }}"> <input type="hidden" name="is_staff" value="{{ request.user.is_staff|yesno:'true,false' }}">
<input type="hidden" name="user_id" value="{{ request.user.id }}">
<script src="{% static 'lightgallery/lightgallery.min.js' %}"></script> <script src="{% static 'lightgallery/lightgallery.min.js' %}"></script>
<script src="{% static 'lightgallery/plugins/admin/lg-admin.js' %}"></script> <script src="{% static 'lightgallery/plugins/admin/lg-admin.js' %}"></script>
<script src="{% static 'lightgallery/plugins/hash/lg-hash.min.js' %}"></script> <script src="{% static 'lightgallery/plugins/hash/lg-hash.min.js' %}"></script>
@ -87,7 +88,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% endif %} {% endif %}
<div class="card-body row" id="lightgallery"> <div class="card-body row" id="lightgallery">
{% for photo in photos %} {% for photo in photos %}
<a class="col-6 col-md-3 mb-2 text-center" href="{{ photo.get_absolute_url }}" data-src="{{ photo.get_display_url}}" data-download-url="{{ photo.image.url }}" data-slide-name="{{ photo.id }}"> <a class="col-6 col-md-3 mb-2 text-center" href="{{ photo.get_absolute_url }}" data-src="{{ photo.get_display_url}}" data-download-url="{{ photo.image.url }}" data-slide-name="{{ photo.id }}" data-owner-id="{{ photo.owner.id }}">
<img src="{{ photo.get_thumbnail_url }}" loading="lazy" class="img-thumbnail p-0{% if not photo.is_public %} border-danger border-5{% endif %}" alt="{{ photo.title }}{% if photo.date_taken %} - {{ photo.date_taken|date }} {{ photo.date_taken|time }}{% endif %}{% if photo.owner.get_full_name %} - {{ photo.owner.get_full_name }}{% else %} - {{ photo.owner.username }}{% endif %}{% if photo.license %} - {{ photo.license }}{% endif %}{% if not photo.is_public %} - !PRIVATE!{% endif %}"> <img src="{{ photo.get_thumbnail_url }}" loading="lazy" class="img-thumbnail p-0{% if not photo.is_public %} border-danger border-5{% endif %}" alt="{{ photo.title }}{% if photo.date_taken %} - {{ photo.date_taken|date }} {{ photo.date_taken|time }}{% endif %}{% if photo.owner.get_full_name %} - {{ photo.owner.get_full_name }}{% else %} - {{ photo.owner.username }}{% endif %}{% if photo.license %} - {{ photo.license }}{% endif %}{% if not photo.is_public %} - !PRIVATE!{% endif %}">
</a> </a>
{% endfor %} {% endfor %}

10
photologue/views.py
View file

@ -77,9 +77,15 @@ class PhotoDetailView(LoginRequiredMixin, DetailView):
return qs.filter(is_public=True) return qs.filter(is_public=True)
class PhotoDeleteView(PermissionRequiredMixin, DeleteView): class PhotoDeleteView(LoginRequiredMixin, DeleteView):
model = Photo model = Photo
permission_required = "photologue.delete_photo"
def get_object(self, queryset=None):
obj = super().get_object(queryset)
if obj.owner != self.request.user and not self.request.user.has_perm("photologue.delete_photo"):
from django.core.exceptions import PermissionDenied
raise PermissionDenied
return obj
def get_success_url(self): def get_success_url(self):
galleries = self.object.galleries.all() galleries = self.object.galleries.all()