Mirrorlandia_minetest/contentdb
1
0
Fork 0
mirror of https://github.com/minetest/contentdb.git synced 2024-12-22 14:02:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix collections API showing unapproved packages

Browse Source 
Fixes #504
This commit is contained in:
rubenwardy 2024-03-30 17:46:54 +00:00
parent e82dac4403
commit f0a33927bd
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/blueprints/api/endpoints.py
View File

@ -867,18 +867,21 @@ def collection_list():
@bp.route("/api/collections/<author>/<name>/")
@is_api_authd
@cors_allowed
def collection_view(author, name):
def collection_view(token, author, name):
user = token.owner if token else None
collection = Collection.query \
.filter(Collection.name == name, Collection.author.has(username=author)) \
.one_or_404()
if not collection.check_perm(current_user, Permission.VIEW_COLLECTION):
if not collection.check_perm(user, Permission.VIEW_COLLECTION):
error(404, "Collection not found")
items = collection.items
if collection.check_perm(current_user, Permission.EDIT_COLLECTION):
items = [x for x in items if x.package.check_perm(current_user, Permission.VIEW_PACKAGE)]
if not collection.check_perm(user, Permission.EDIT_COLLECTION):
items = [x for x in items if x.package.check_perm(user, Permission.VIEW_PACKAGE)]
ret = collection.as_dict()
ret["items"] = [x.as_dict() for x in items]

2
app/models/collections.py
View File

@ -95,7 +95,7 @@ class Collection(db.Model):
elif type(perm) != Permission:
raise Exception("Unknown permission given to Collection.check_perm()")
if not user.is_authenticated:
if user is None or not user.is_authenticated:
return perm == Permission.VIEW_COLLECTION and not self.private
can_view = not self.private or self.author == user or user.rank.at_least(UserRank.MODERATOR)