def add_to_shelf(shelf_id, book_id): xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest' shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first() if shelf is None: log.error("Invalid shelf specified: %s", shelf_id) if not xhr: flash(_(u"Invalid shelf specified"), category="error") return redirect(url_for('web.index')) return "Invalid shelf specified", 400 if not shelf.is_public and not shelf.user_id == int(current_user.id): log.error("User %s not allowed to add a book to %s", current_user, shelf) if not xhr: flash(_( u"Sorry you are not allowed to add a book to the the shelf: %(shelfname)s", shelfname=shelf.name), category="error") return redirect(url_for('web.index')) return "Sorry you are not allowed to add a book to the the shelf: %s" % shelf.name, 403 if shelf.is_public and not current_user.role_edit_shelfs(): log.info("User %s not allowed to edit public shelves", current_user) if not xhr: flash(_(u"You are not allowed to edit public shelves"), category="error") return redirect(url_for('web.index')) return "User is not allowed to edit public shelves", 403 book_in_shelf = ub.session.query(ub.BookShelf).filter( ub.BookShelf.shelf == shelf_id, ub.BookShelf.book_id == book_id).first() if book_in_shelf: log.error("Book %s is already part of %s", book_id, shelf) if not xhr: flash(_(u"Book is already part of the shelf: %(shelfname)s", shelfname=shelf.name), category="error") return redirect(url_for('web.index')) return "Book is already part of the shelf: %s" % shelf.name, 400 maxOrder = ub.session.query(func.max( ub.BookShelf.order)).filter(ub.BookShelf.shelf == shelf_id).first() if maxOrder[0] is None: maxOrder = 0 else: maxOrder = maxOrder[0] ins = ub.BookShelf(shelf=shelf.id, book_id=book_id, order=maxOrder + 1) ub.session.add(ins) ub.session.commit() if not xhr: flash(_(u"Book has been added to shelf: %(sname)s", sname=shelf.name), category="success") if "HTTP_REFERER" in request.environ: return redirect(request.environ["HTTP_REFERER"]) else: return redirect(url_for('web.index')) return "", 204
def check_shelf_edit_permissions(cur_shelf): if not cur_shelf.is_public and not cur_shelf.user_id == int(current_user.id): log.error("User %s not allowed to edit shelf %s", current_user, cur_shelf) return False if cur_shelf.is_public and not current_user.role_edit_shelfs(): log.info("User %s not allowed to edit public shelves", current_user) return False return True
def check_shelf_edit_permissions(cur_shelf): if not cur_shelf.is_public and not cur_shelf.user_id == int(current_user.id): log.error("User {} not allowed to edit shelf: {}".format(current_user.id, cur_shelf.name)) return False if cur_shelf.is_public and not current_user.role_edit_shelfs(): log.info("User {} not allowed to edit public shelves".format(current_user.id)) return False return True
def create_edit_shelf(shelf, page_title, page, shelf_id=False): sync_only_selected_shelves = current_user.kobo_only_shelves_sync # calibre_db.session.query(ub.Shelf).filter(ub.Shelf.user_id == current_user.id).filter(ub.Shelf.kobo_sync).count() if request.method == "POST": to_save = request.form.to_dict() if not current_user.role_edit_shelfs() and to_save.get( "is_public") == "on": flash(_(u"Sorry you are not allowed to create a public shelf"), category="error") return redirect(url_for('web.index')) is_public = 1 if to_save.get("is_public") == "on" else 0 if config.config_kobo_sync: shelf.kobo_sync = True if to_save.get("kobo_sync") else False if shelf.kobo_sync: ub.session.query(ub.ShelfArchive).filter( ub.ShelfArchive.user_id == current_user.id).filter( ub.ShelfArchive.uuid == shelf.uuid).delete() ub.session_commit() shelf_title = to_save.get("title", "") if check_shelf_is_unique(shelf, shelf_title, is_public, shelf_id): shelf.name = shelf_title shelf.is_public = is_public if not shelf_id: shelf.user_id = int(current_user.id) ub.session.add(shelf) shelf_action = "created" flash_text = _(u"Shelf %(title)s created", title=shelf_title) else: shelf_action = "changed" flash_text = _(u"Shelf %(title)s changed", title=shelf_title) try: ub.session.commit() log.info(u"Shelf {} {}".format(shelf_title, shelf_action)) flash(flash_text, category="success") return redirect(url_for('shelf.show_shelf', shelf_id=shelf.id)) except (OperationalError, InvalidRequestError) as ex: ub.session.rollback() log.error_or_exception(ex) log.error_or_exception( "Settings Database error: {}".format(ex)) flash(_(u"Database error: %(error)s.", error=ex.orig), category="error") except Exception as ex: ub.session.rollback() log.error_or_exception(ex) flash(_(u"There was an error"), category="error") return render_title_template( 'shelf_edit.html', shelf=shelf, title=page_title, page=page, kobo_sync_enabled=config.config_kobo_sync, sync_only_selected_shelves=sync_only_selected_shelves)
def remove_from_shelf(shelf_id, book_id): xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest' shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first() if shelf is None: log.error("Invalid shelf specified: %s", shelf_id) if not xhr: return redirect(url_for('web.index')) return "Invalid shelf specified", 400 # if shelf is public and use is allowed to edit shelfs, or if shelf is private and user is owner # allow editing shelfs # result shelf public user allowed user owner # false 1 0 x # true 1 1 x # true 0 x 1 # false 0 x 0 if (not shelf.is_public and shelf.user_id == int(current_user.id)) \ or (shelf.is_public and current_user.role_edit_shelfs()): book_shelf = ub.session.query(ub.BookShelf).filter( ub.BookShelf.shelf == shelf_id, ub.BookShelf.book_id == book_id).first() if book_shelf is None: log.error("Book %s already removed from %s", book_id, shelf) if not xhr: return redirect(url_for('web.index')) return "Book already removed from shelf", 410 ub.session.delete(book_shelf) ub.session.commit() if not xhr: flash(_(u"Book has been removed from shelf: %(sname)s", sname=shelf.name), category="success") if "HTTP_REFERER" in request.environ: return redirect(request.environ["HTTP_REFERER"]) else: return redirect(url_for('web.index')) return "", 204 else: log.error("User %s not allowed to remove a book from %s", current_user, shelf) if not xhr: flash(_( u"Sorry you are not allowed to remove a book from this shelf: %(sname)s", sname=shelf.name), category="error") return redirect(url_for('web.index')) return "Sorry you are not allowed to remove a book from this shelf: %s" % shelf.name, 403
def search_to_shelf(shelf_id): shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first() if shelf is None: log.error("Invalid shelf specified: %s", shelf_id) flash(_(u"Invalid shelf specified"), category="error") return redirect(url_for('web.index')) if not shelf.is_public and not shelf.user_id == int(current_user.id): log.error("User %s not allowed to add a book to %s", current_user, shelf) flash(_(u"You are not allowed to add a book to the the shelf: %(name)s", name=shelf.name), category="error") return redirect(url_for('web.index')) if shelf.is_public and not current_user.role_edit_shelfs(): log.error("User %s not allowed to edit public shelves", current_user) flash(_(u"User is not allowed to edit public shelves"), category="error") return redirect(url_for('web.index')) if current_user.id in searched_ids and searched_ids[current_user.id]: books_for_shelf = list() books_in_shelf = ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id).all() if books_in_shelf: book_ids = list() for book_id in books_in_shelf: book_ids.append(book_id.book_id) for searchid in searched_ids[current_user.id]: if searchid not in book_ids: books_for_shelf.append(searchid) else: books_for_shelf = searched_ids[current_user.id] if not books_for_shelf: log.error("Books are already part of %s", shelf) flash(_(u"Books are already part of the shelf: %(name)s", name=shelf.name), category="error") return redirect(url_for('web.index')) maxOrder = ub.session.query(func.max(ub.BookShelf.order)).filter(ub.BookShelf.shelf == shelf_id).first() if maxOrder[0] is None: maxOrder = 0 else: maxOrder = maxOrder[0] for book in books_for_shelf: maxOrder = maxOrder + 1 ins = ub.BookShelf(shelf=shelf.id, book_id=book, order=maxOrder) ub.session.add(ins) ub.session.commit() flash(_(u"Books have been added to shelf: %(sname)s", sname=shelf.name), category="success") else: flash(_(u"Could not add books to shelf: %(sname)s", sname=shelf.name), category="error") return redirect(url_for('web.index'))
def delete_shelf(shelf_id): cur_shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first() deleted = None if current_user.role_admin(): deleted = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).delete() else: if (not cur_shelf.is_public and cur_shelf.user_id == int(current_user.id)) \ or (cur_shelf.is_public and current_user.role_edit_shelfs()): deleted = ub.session.query(ub.Shelf).filter(or_(and_(ub.Shelf.user_id == int(current_user.id), ub.Shelf.id == shelf_id), and_(ub.Shelf.is_public == 1, ub.Shelf.id == shelf_id))).delete() if deleted: ub.session.query(ub.BookShelf).filter(ub.BookShelf.shelf == shelf_id).delete() ub.session.commit() log.info("successfully deleted %s", cur_shelf) return redirect(url_for('web.index'))