first
This commit is contained in:
223
routes/rooms.py
Normal file
223
routes/rooms.py
Normal file
@@ -0,0 +1,223 @@
|
||||
from flask import Blueprint, render_template, redirect, url_for, flash, request
|
||||
from flask_login import login_required, current_user
|
||||
from models import db, Room, User, RoomMemberPermission, RoomFile
|
||||
from forms import RoomForm
|
||||
from routes.room_files import user_has_permission
|
||||
|
||||
rooms_bp = Blueprint('rooms', __name__, url_prefix='/rooms')
|
||||
|
||||
@rooms_bp.route('/')
|
||||
@login_required
|
||||
def rooms():
|
||||
search = request.args.get('search', '').strip()
|
||||
if current_user.is_admin:
|
||||
query = Room.query
|
||||
else:
|
||||
query = Room.query.filter(Room.members.any(id=current_user.id))
|
||||
if search:
|
||||
query = query.filter(Room.name.ilike(f'%{search}%'))
|
||||
rooms = query.order_by(Room.created_at.desc()).all()
|
||||
return render_template('rooms.html', rooms=rooms, search=search)
|
||||
|
||||
@rooms_bp.route('/create', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
def create_room():
|
||||
form = RoomForm()
|
||||
if form.validate_on_submit():
|
||||
room = Room(
|
||||
name=form.name.data,
|
||||
description=form.description.data,
|
||||
created_by=current_user.id
|
||||
)
|
||||
|
||||
# Add creator as a member with full permissions
|
||||
room.members.append(current_user)
|
||||
creator_permission = RoomMemberPermission(
|
||||
room=room,
|
||||
user=current_user,
|
||||
can_view=True,
|
||||
can_upload=True,
|
||||
can_delete=True,
|
||||
can_share=True
|
||||
)
|
||||
db.session.add(room)
|
||||
db.session.add(creator_permission)
|
||||
db.session.commit()
|
||||
|
||||
flash('Room created successfully!', 'success')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
return render_template('create_room.html', form=form)
|
||||
|
||||
@rooms_bp.route('/<int:room_id>')
|
||||
@login_required
|
||||
def room(room_id):
|
||||
room = Room.query.get_or_404(room_id)
|
||||
# Admins always have access
|
||||
if not current_user.is_admin:
|
||||
is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
|
||||
if not is_member:
|
||||
flash('You do not have access to this room.', 'error')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
can_download = user_has_permission(room, 'can_download')
|
||||
can_upload = user_has_permission(room, 'can_upload')
|
||||
can_delete = user_has_permission(room, 'can_delete')
|
||||
can_rename = user_has_permission(room, 'can_rename')
|
||||
can_move = user_has_permission(room, 'can_move')
|
||||
can_share = user_has_permission(room, 'can_share')
|
||||
return render_template('room.html', room=room, can_download=can_download, can_upload=can_upload, can_delete=can_delete, can_rename=can_rename, can_move=can_move, can_share=can_share)
|
||||
|
||||
@rooms_bp.route('/<int:room_id>/members')
|
||||
@login_required
|
||||
def room_members(room_id):
|
||||
room = Room.query.get_or_404(room_id)
|
||||
# Admins always have access
|
||||
if not current_user.is_admin:
|
||||
is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
|
||||
if not is_member:
|
||||
flash('You do not have access to this room.', 'error')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
if not current_user.is_admin:
|
||||
flash('Only administrators can manage room members.', 'error')
|
||||
return redirect(url_for('rooms.room', room_id=room_id))
|
||||
member_permissions = {p.user_id: p for p in room.member_permissions}
|
||||
available_users = User.query.filter(~User.id.in_(member_permissions.keys())).all()
|
||||
return render_template('room_members.html', room=room, available_users=available_users, member_permissions=member_permissions)
|
||||
|
||||
@rooms_bp.route('/<int:room_id>/members/add', methods=['POST'])
|
||||
@login_required
|
||||
def add_member(room_id):
|
||||
room = Room.query.get_or_404(room_id)
|
||||
# Membership check using RoomMemberPermission
|
||||
is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
|
||||
if not is_member:
|
||||
flash('You do not have access to this room.', 'error')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
if not current_user.is_admin:
|
||||
flash('Only administrators can manage room members.', 'error')
|
||||
return redirect(url_for('rooms.room', room_id=room_id))
|
||||
user_id = request.form.get('user_id')
|
||||
if not user_id:
|
||||
flash('Please select a user to add.', 'error')
|
||||
return redirect(url_for('rooms.room_members', room_id=room_id))
|
||||
user = User.query.get_or_404(user_id)
|
||||
# Check if already a member
|
||||
if RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user.id).first():
|
||||
flash('User is already a member of this room.', 'error')
|
||||
else:
|
||||
perm = RoomMemberPermission(room_id=room_id, user_id=user.id, can_view=True)
|
||||
db.session.add(perm)
|
||||
# Ensure user is added to the room.members relationship
|
||||
if user not in room.members:
|
||||
room.members.append(user)
|
||||
db.session.commit()
|
||||
flash(f'{user.username} has been added to the room.', 'success')
|
||||
return redirect(url_for('rooms.room_members', room_id=room_id))
|
||||
|
||||
@rooms_bp.route('/<int:room_id>/members/<int:user_id>/remove', methods=['POST'])
|
||||
@login_required
|
||||
def remove_member(room_id, user_id):
|
||||
room = Room.query.get_or_404(room_id)
|
||||
# Membership check using RoomMemberPermission
|
||||
is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
|
||||
if not is_member:
|
||||
flash('You do not have access to this room.', 'error')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
if not current_user.is_admin:
|
||||
flash('Only administrators can manage room members.', 'error')
|
||||
return redirect(url_for('rooms.room', room_id=room_id))
|
||||
if user_id == room.created_by:
|
||||
flash('Cannot remove the room creator.', 'error')
|
||||
else:
|
||||
perm = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first()
|
||||
if not perm:
|
||||
flash('User is not a member of this room.', 'error')
|
||||
else:
|
||||
db.session.delete(perm)
|
||||
db.session.commit()
|
||||
flash('User has been removed from the room.', 'success')
|
||||
return redirect(url_for('rooms.room_members', room_id=room_id))
|
||||
|
||||
@rooms_bp.route('/<int:room_id>/members/<int:user_id>/permissions', methods=['POST'])
|
||||
@login_required
|
||||
def update_member_permissions(room_id, user_id):
|
||||
room = Room.query.get_or_404(room_id)
|
||||
if not current_user.is_admin:
|
||||
flash('Only administrators can update permissions.', 'error')
|
||||
return redirect(url_for('rooms.room_members', room_id=room_id))
|
||||
perm = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first()
|
||||
if not perm:
|
||||
flash('Member not found.', 'error')
|
||||
return redirect(url_for('rooms.room_members', room_id=room_id))
|
||||
perm.can_view = bool(request.form.get('can_view'))
|
||||
perm.can_download = bool(request.form.get('can_download'))
|
||||
perm.can_upload = bool(request.form.get('can_upload'))
|
||||
perm.can_delete = bool(request.form.get('can_delete'))
|
||||
perm.can_rename = bool(request.form.get('can_rename'))
|
||||
perm.can_move = bool(request.form.get('can_move'))
|
||||
perm.can_share = bool(request.form.get('can_share'))
|
||||
db.session.commit()
|
||||
flash('Permissions updated.', 'success')
|
||||
return redirect(url_for('rooms.room_members', room_id=room_id))
|
||||
|
||||
@rooms_bp.route('/<int:room_id>/edit', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
def edit_room(room_id):
|
||||
if not current_user.is_admin:
|
||||
flash('Only administrators can edit rooms.', 'error')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
|
||||
room = Room.query.get_or_404(room_id)
|
||||
form = RoomForm()
|
||||
|
||||
if form.validate_on_submit():
|
||||
room.name = form.name.data
|
||||
room.description = form.description.data
|
||||
db.session.commit()
|
||||
flash('Room updated successfully!', 'success')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
|
||||
# Pre-populate form with existing room data
|
||||
if request.method == 'GET':
|
||||
form.name.data = room.name
|
||||
form.description.data = room.description
|
||||
|
||||
return render_template('edit_room.html', form=form, room=room)
|
||||
|
||||
@rooms_bp.route('/<int:room_id>/delete', methods=['POST'])
|
||||
@login_required
|
||||
def delete_room(room_id):
|
||||
if not current_user.is_admin:
|
||||
flash('Only administrators can delete rooms.', 'error')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
|
||||
room = Room.query.get_or_404(room_id)
|
||||
room_name = room.name
|
||||
|
||||
try:
|
||||
print(f"Attempting to delete room {room_id} ({room_name})")
|
||||
|
||||
# Delete the room (cascade will handle the rest)
|
||||
db.session.delete(room)
|
||||
db.session.commit()
|
||||
print("Room deleted successfully")
|
||||
|
||||
flash(f'Room "{room_name}" has been deleted.', 'success')
|
||||
except Exception as e:
|
||||
db.session.rollback()
|
||||
flash('An error occurred while deleting the room. Please try again.', 'error')
|
||||
print(f"Error deleting room: {str(e)}")
|
||||
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
|
||||
@rooms_bp.route('/room/<int:room_id>/view/<path:file_path>')
|
||||
@login_required
|
||||
def view_file(room_id, file_path):
|
||||
room = Room.query.get_or_404(room_id)
|
||||
# Check if user has access to the room
|
||||
if not current_user.is_admin and current_user not in room.members:
|
||||
flash('You do not have access to this room.', 'error')
|
||||
return redirect(url_for('rooms.rooms'))
|
||||
|
||||
file = RoomFile.query.filter_by(room_id=room_id, path=file_path).first_or_404()
|
||||
|
||||
# Continue with file viewing logic...
|
||||
Reference in New Issue
Block a user