sinfonie/photo26
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Fix public gallery media access bypass via session flag.

Browse source
This commit is contained in:
krek0 2026-05-07 14:02:09 +02:00
parent 9ff8e969f4
commit 96afb9cc0b
3 changed files with 28 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
photologue/templates/photologue/gallery_detail.html
View file

@ -91,8 +91,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% endif %}
<div class="card-body p-0" id="lightgallery">
{% for photo in photos %}
{% if guest_mode %}{% with t=gallery.public_token %}
<a class="photo-item" href="{{ photo.get_absolute_url }}" data-src="{{ photo.get_display_url }}?token={{ t }}" data-download-url="{{ photo.image.url }}?token={{ t }}" data-slide-name="{{ photo.id }}" data-owner-id="{{ photo.owner.id }}" data-is-public="{{ photo.is_public|yesno:'true,false' }}" data-width="{{ photo.image_width|default:1 }}" data-height="{{ photo.image_height|default:1 }}">
<img src="{{ photo.get_thumbnail_url }}?token={{ t }}" data-lazy="{{ photo.get_thumbnail_url }}?token={{ t }}" class="{% if not photo.is_public %}photo-private{% endif %}" alt="{{ photo.title }}{% if photo.date_taken %} - {{ photo.date_taken|date }} {{ photo.date_taken|time }}{% endif %}{% if photo.owner.get_full_name %} - {{ photo.owner.get_full_name }}{% else %} - {{ photo.owner.username }}{% endif %}{% if photo.license %} - {{ photo.license }}{% endif %}{% if not photo.is_public %} - !PRIVATE!{% endif %}">
{% endwith %}{% else %}
<a class="photo-item" href="{{ photo.get_absolute_url }}" data-src="{{ photo.get_display_url}}" data-download-url="{{ photo.image.url }}" data-slide-name="{{ photo.id }}" data-owner-id="{{ photo.owner.id }}" data-is-public="{{ photo.is_public|yesno:'true,false' }}" data-width="{{ photo.image_width|default:1 }}" data-height="{{ photo.image_height|default:1 }}">
<img src="{{ photo.get_thumbnail_url }}" data-lazy="{{ photo.get_thumbnail_url }}" class="{% if not photo.is_public %}photo-private{% endif %}" alt="{{ photo.title }}{% if photo.date_taken %} - {{ photo.date_taken|date }} {{ photo.date_taken|time }}{% endif %}{% if photo.owner.get_full_name %} - {{ photo.owner.get_full_name }}{% else %} - {{ photo.owner.username }}{% endif %}{% if photo.license %} - {{ photo.license }}{% endif %}{% if not photo.is_public %} - !PRIVATE!{% endif %}">
{% endif %}
</a>
{% endfor %}
</div>

1
photologue/views.py
View file

@ -237,7 +237,6 @@ class GalleryPublicView(DetailView):
if request.user.is_authenticated:
gallery = self.get_object()
return redirect("photologue:pl-gallery", slug=gallery.slug)
request.session['public_gallery_access'] = True
request.guest_mode = True
return super().get(request, *args, **kwargs)