mirror of
https://github.com/minetest/contentdb.git
synced 2025-01-08 22:17:34 +01:00
parent
e82dac4403
commit
f0a33927bd
@ -867,18 +867,21 @@ def collection_list():
|
|||||||
|
|
||||||
|
|
||||||
@bp.route("/api/collections/<author>/<name>/")
|
@bp.route("/api/collections/<author>/<name>/")
|
||||||
|
@is_api_authd
|
||||||
@cors_allowed
|
@cors_allowed
|
||||||
def collection_view(author, name):
|
def collection_view(token, author, name):
|
||||||
|
user = token.owner if token else None
|
||||||
|
|
||||||
collection = Collection.query \
|
collection = Collection.query \
|
||||||
.filter(Collection.name == name, Collection.author.has(username=author)) \
|
.filter(Collection.name == name, Collection.author.has(username=author)) \
|
||||||
.one_or_404()
|
.one_or_404()
|
||||||
|
|
||||||
if not collection.check_perm(current_user, Permission.VIEW_COLLECTION):
|
if not collection.check_perm(user, Permission.VIEW_COLLECTION):
|
||||||
error(404, "Collection not found")
|
error(404, "Collection not found")
|
||||||
|
|
||||||
items = collection.items
|
items = collection.items
|
||||||
if collection.check_perm(current_user, Permission.EDIT_COLLECTION):
|
if not collection.check_perm(user, Permission.EDIT_COLLECTION):
|
||||||
items = [x for x in items if x.package.check_perm(current_user, Permission.VIEW_PACKAGE)]
|
items = [x for x in items if x.package.check_perm(user, Permission.VIEW_PACKAGE)]
|
||||||
|
|
||||||
ret = collection.as_dict()
|
ret = collection.as_dict()
|
||||||
ret["items"] = [x.as_dict() for x in items]
|
ret["items"] = [x.as_dict() for x in items]
|
||||||
|
@ -95,7 +95,7 @@ class Collection(db.Model):
|
|||||||
elif type(perm) != Permission:
|
elif type(perm) != Permission:
|
||||||
raise Exception("Unknown permission given to Collection.check_perm()")
|
raise Exception("Unknown permission given to Collection.check_perm()")
|
||||||
|
|
||||||
if not user.is_authenticated:
|
if user is None or not user.is_authenticated:
|
||||||
return perm == Permission.VIEW_COLLECTION and not self.private
|
return perm == Permission.VIEW_COLLECTION and not self.private
|
||||||
|
|
||||||
can_view = not self.private or self.author == user or user.rank.at_least(UserRank.MODERATOR)
|
can_view = not self.private or self.author == user or user.rank.at_least(UserRank.MODERATOR)
|
||||||
|
Loading…
Reference in New Issue
Block a user