def album_index(request):
"""An index page for an album """
session = DBSession()
gallery_name = request.matchdict['gallery_name']
album_name = request.matchdict['album_name']
page = int(request.GET.get('page', 1))
try:
gallery = session.query(Gallery).filter_by(name=gallery_name).one()
album = session.query(Album).filter_by(gallery_id=gallery.id,
name=album_name).one()
except NoResultFound:
raise HTTPNotFound(request.url)
if not get_user_role(request, session, gallery, album):
raise HTTPForbidden()
pictures = sorted(album.pictures, key=lambda p: p.date)
settings = request.registry.settings
pictures = Batch(pictures,
batch_length=int(settings['lasco.pictures_per_page']),
current=page)
api = TemplateAPI(request,
'%s - %s' % (gallery.title, album.title))
url_of_page = '%s?page=%%s' % request.route_url(
'album',
gallery_name=gallery.name, album_name=album.name)
if pictures.previous:
api.previous_url = url_of_page % pictures.previous
if pictures.next:
api.next_url = url_of_page % pictures.next
return {'api': api,
'gallery': gallery,
'album': album,
'pictures': pictures,
'url_of_page': url_of_page}
def picture_as_image(request):
"""Return an image file for the requested picture."""
session = DBSession()
picture_id = request.matchdict['picture_id']
user_id = get_user_metadata(request).get('id', None)
if user_id:
query = (
"SELECT DISTINCT pictures.* "
"FROM pictures, album_viewers "
"WHERE pictures.id=%(picture_id)s AND "
" pictures.album_id=album_viewers.album_id AND "
" album_viewers.user_id='%(user_id)s' "
" UNION "
" SELECT DISTINCT pictures.* "
" FROM pictures, albums, gallery_administrators "
" WHERE pictures.id=%(picture_id)s AND "
" pictures.album_id=albums.id AND "
" albums.gallery_id=gallery_administrators.gallery_id AND "
" gallery_administrators.user_id='%(user_id)s' "
) % {'picture_id': picture_id, 'user_id': user_id}
picture = session.execute(query).first() # may return None
else:
picture = None
if picture is None:
# We always raise Forbidden, whether the picture exists (and
# the user is not allowed to view it) or not.
raise HTTPForbidden()
base_path = request.registry.settings['lasco.pictures_base_path']
full_path = os.path.join(base_path, picture.path)
return FileResponse(full_path, request=request)
def get_user(self, **kwargs):
session = DBSession()
user = None
try:
user = session.query(User).filter_by(**kwargs).one()
except (NoResultFound, MultipleResultsFound):
pass
return user
def ajax_update(request):
session = DBSession()
pic_id = int(request.matchdict['picture_id'])
picture = session.query(Picture).filter_by(id=pic_id).one()
gallery = session.query(Gallery).select_from(
orm_join(Gallery, Album)).\
filter(Album.id==picture.album_id).\
filter(Gallery.id==Album.gallery_id).one()
if get_user_role(request, session, gallery) != ROLE_GALLERY_ADMIN:
raise HTTPForbidden()
picture.caption = request.POST['caption']
picture.location = request.POST['location']
return {'pic_info': picture.get_info}
def picture_in_album(request):
session = DBSession()
gallery_name = request.matchdict['gallery_name']
album_name = request.matchdict['album_name']
try:
gallery = session.query(Gallery).filter_by(name=gallery_name).one()
album = session.query(Album).filter_by(gallery_id=gallery.id,
name=album_name).one()
except NoResultFound:
raise HTTPNotFound(request.url)
role = get_user_role(request, session, gallery, album)
if not role:
raise HTTPForbidden()
can_edit = role == ROLE_GALLERY_ADMIN
pictures = sorted(album.pictures, key=lambda p: p.date)
picture_index = None
picture_id = int(request.matchdict['picture_id'])
previous_id = next_id = None
for i in range(len(pictures)):
i_id = pictures[i].id
if i_id == picture_id:
picture_index = i
break
previous_id = i_id
if picture_index is None:
raise HTTPNotFound(request.url)
picture = pictures[picture_index]
if picture_index != len(pictures) - 1:
next_id = pictures[picture_index + 1].id
api = TemplateAPI(request,
'%s - %s' % (gallery.title, album.title))
if previous_id:
api.previous_url = request.route_url(
'picture_in_album',
gallery_name=gallery_name, album_name=album_name,
picture_id=previous_id)
if next_id:
api.next_url = request.route_url(
'picture_in_album',
gallery_name=gallery_name, album_name=album_name,
picture_id=next_id)
return {'api': api,
'gallery': gallery,
'album': album,
'picture': picture,
'picture_index': picture_index,
'previous_id': previous_id,
'next_id': next_id,
'can_edit': can_edit}
def lasco_index(request):
session = DBSession()
user_id = get_user_metadata(request).get('id', None)
if user_id:
query = ("SELECT DISTINCT galleries.* "
"FROM galleries, albums, "
" album_viewers "
"WHERE (galleries.id = albums.gallery_id AND "
" albums.id = album_viewers.album_id AND "
" album_viewers.user_id = :user_id)"
" UNION SELECT DISTINCT galleries.* "
" FROM galleries, gallery_administrators "
" WHERE (galleries.id=gallery_administrators.gallery_id AND"
" gallery_administrators.user_id = :user_id)")
galleries = session.execute(query, {'user_id': user_id})
else:
galleries = ()
api = TemplateAPI(request, 'Lasco')
return {'api': api,
'galleries': galleries}
def gallery_index(request):
session = DBSession()
gallery_name = request.matchdict['gallery_name']
try:
gallery = session.query(Gallery).filter_by(name=gallery_name).one()
except NoResultFound:
raise HTTPNotFound(request.url)
role = get_user_role(request, session, gallery)
if role == ROLE_GALLERY_ADMIN:
albums = sorted(gallery.albums, key=lambda a: a.title)
else:
user_id = get_user_metadata(request).get('id', None)
albums = session.query(Album).select_from(
orm_join(Album, AlbumViewer)).\
filter(Album.gallery_id==gallery.id).\
filter(Album.id==AlbumViewer.album_id).\
filter(AlbumViewer.user_id==user_id).order_by(Album.title).all()
if not albums:
raise HTTPForbidden()
api = TemplateAPI(request, gallery.title)
return {'api': api,
'gallery': gallery,
'albums': albums}
def tearDown(self):
from lasco.models import DBSession
DBSession.remove()
