def picture_as_image(request):
"""Return an image file for the requested picture."""
session = DBSession()
picture_id = request.matchdict['picture_id']
user_id = get_user_metadata(request).get('id', None)
if user_id:
query = (
"SELECT DISTINCT pictures.* "
"FROM pictures, album_viewers "
"WHERE pictures.id=%(picture_id)s AND "
" pictures.album_id=album_viewers.album_id AND "
" album_viewers.user_id='%(user_id)s' "
" UNION "
" SELECT DISTINCT pictures.* "
" FROM pictures, albums, gallery_administrators "
" WHERE pictures.id=%(picture_id)s AND "
" pictures.album_id=albums.id AND "
" albums.gallery_id=gallery_administrators.gallery_id AND "
" gallery_administrators.user_id='%(user_id)s' "
) % {'picture_id': picture_id, 'user_id': user_id}
picture = session.execute(query).first() # may return None
else:
picture = None
if picture is None:
# We always raise Forbidden, whether the picture exists (and
# the user is not allowed to view it) or not.
raise HTTPForbidden()
base_path = request.registry.settings['lasco.pictures_base_path']
full_path = os.path.join(base_path, picture.path)
return FileResponse(full_path, request=request)
def __init__(self, request, title):
self.layout = get_renderer('../templates/layout.pt').implementation()
self.page_title = title
self.request = request
self.app_url = request.application_url
self.referrer = request.environ.get('HTTP_REFERER', None)
self.here_url = request.url
self.previous_url = None
self.next_url = None
self.show_footer = True
if self.here_url.split('?')[0].endswith(('login_form', 'login')):
self.show_footer = False
user_md = get_user_metadata(request)
self.logged_in = user_md
self.user_fullname = user_md.get('fullname', None)
self.color_theme = request.cookies.get('color_theme', 'default')
def lasco_index(request):
session = DBSession()
user_id = get_user_metadata(request).get('id', None)
if user_id:
query = ("SELECT DISTINCT galleries.* "
"FROM galleries, albums, "
" album_viewers "
"WHERE (galleries.id = albums.gallery_id AND "
" albums.id = album_viewers.album_id AND "
" album_viewers.user_id = :user_id)"
" UNION SELECT DISTINCT galleries.* "
" FROM galleries, gallery_administrators "
" WHERE (galleries.id=gallery_administrators.gallery_id AND"
" gallery_administrators.user_id = :user_id)")
galleries = session.execute(query, {'user_id': user_id})
else:
galleries = ()
api = TemplateAPI(request, 'Lasco')
return {'api': api,
'galleries': galleries}
def gallery_index(request):
session = DBSession()
gallery_name = request.matchdict['gallery_name']
try:
gallery = session.query(Gallery).filter_by(name=gallery_name).one()
except NoResultFound:
raise HTTPNotFound(request.url)
role = get_user_role(request, session, gallery)
if role == ROLE_GALLERY_ADMIN:
albums = sorted(gallery.albums, key=lambda a: a.title)
else:
user_id = get_user_metadata(request).get('id', None)
albums = session.query(Album).select_from(
orm_join(Album, AlbumViewer)).\
filter(Album.gallery_id==gallery.id).\
filter(Album.id==AlbumViewer.album_id).\
filter(AlbumViewer.user_id==user_id).order_by(Album.title).all()
if not albums:
raise HTTPForbidden()
api = TemplateAPI(request, gallery.title)
return {'api': api,
'gallery': gallery,
'albums': albums}
def _call_fut(self, request):
from lasco.auth import get_user_metadata
return get_user_metadata(request)