Exemple #1
0
def picture_as_image(request):
    """Return an image file for the requested picture."""
    session = DBSession()
    picture_id = request.matchdict['picture_id']
    user_id = get_user_metadata(request).get('id', None)

    if user_id:
        query = (
            "SELECT DISTINCT pictures.* "
            "FROM pictures, album_viewers "
            "WHERE pictures.id=%(picture_id)s AND "
            "      pictures.album_id=album_viewers.album_id AND "
            "      album_viewers.user_id='%(user_id)s' "
            " UNION "
            "   SELECT DISTINCT pictures.* "
            "   FROM pictures, albums, gallery_administrators "
            "   WHERE pictures.id=%(picture_id)s AND "
            "         pictures.album_id=albums.id AND "
            "         albums.gallery_id=gallery_administrators.gallery_id AND "
            "         gallery_administrators.user_id='%(user_id)s' "
            ) % {'picture_id': picture_id, 'user_id': user_id}
        picture = session.execute(query).first()  # may return None
    else:
        picture = None

    if picture is None:
        # We always raise Forbidden, whether the picture exists (and
        # the user is not allowed to view it) or not.
        raise HTTPForbidden()

    base_path = request.registry.settings['lasco.pictures_base_path']
    full_path = os.path.join(base_path, picture.path)
    return FileResponse(full_path, request=request)
Exemple #2
0
def lasco_index(request):
    session = DBSession()
    user_id = get_user_metadata(request).get('id', None)
    if user_id:
        query = ("SELECT DISTINCT galleries.* "
                 "FROM galleries, albums, "
                 "     album_viewers "
                 "WHERE (galleries.id = albums.gallery_id AND "
                 "       albums.id = album_viewers.album_id AND "
                 "       album_viewers.user_id = :user_id)"
                 " UNION SELECT DISTINCT galleries.* "
                 "       FROM galleries, gallery_administrators "
                 "   WHERE (galleries.id=gallery_administrators.gallery_id AND"
                 "       gallery_administrators.user_id = :user_id)")
        galleries = session.execute(query, {'user_id': user_id})
    else:
        galleries = ()
    api = TemplateAPI(request, 'Lasco')
    return {'api': api,
            'galleries': galleries}