from flask import Blueprint, jsonify, request, abort from flask_login import login_required, current_user from models import db, Room, User, RoomMemberPermission from utils import user_has_permission, log_event room_members_bp = Blueprint('room_members', __name__) @room_members_bp.route('//members', methods=['GET']) @login_required def list_room_members(room_id): room = Room.query.get_or_404(room_id) if not user_has_permission(room, 'can_view'): abort(403) members = [] for member in room.members: permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=member.id).first() members.append({ 'id': member.id, 'username': member.username, 'last_name': member.last_name, 'email': member.email, 'profile_picture': member.profile_picture, 'permissions': { 'can_view': permission.can_view if permission else False, 'can_download': permission.can_download if permission else False, 'can_upload': permission.can_upload if permission else False, 'can_delete': permission.can_delete if permission else False, 'can_rename': permission.can_rename if permission else False, 'can_move': permission.can_move if permission else False, 'can_share': permission.can_share if permission else False } }) return jsonify(members) @room_members_bp.route('//members', methods=['POST']) @login_required def add_room_member(room_id): room = Room.query.get_or_404(room_id) if not user_has_permission(room, 'can_share'): abort(403) data = request.get_json() user_id = data.get('user_id') permissions = data.get('permissions', {}) if not user_id: return jsonify({'error': 'User ID is required'}), 400 user = User.query.get_or_404(user_id) # Add user to room members if user not in room.members: room.members.append(user) # Update permissions permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first() if not permission: permission = RoomMemberPermission(room_id=room_id, user_id=user_id) db.session.add(permission) permission.can_view = permissions.get('can_view', True) permission.can_download = permissions.get('can_download', False) permission.can_upload = permissions.get('can_upload', False) permission.can_delete = permissions.get('can_delete', False) permission.can_rename = permissions.get('can_rename', False) permission.can_move = permissions.get('can_move', False) permission.can_share = permissions.get('can_share', False) db.session.commit() log_event( event_type='room_member_add', details={ 'room_id': room_id, 'room_name': room.name, 'added_user_id': user_id, 'added_user_name': f"{user.username} {user.last_name}", 'added_by': f"{current_user.username} {current_user.last_name}", 'permissions': permissions }, user_id=current_user.id ) return jsonify({'success': True}) @room_members_bp.route('//members/', methods=['DELETE']) @login_required def remove_room_member(room_id, user_id): room = Room.query.get_or_404(room_id) if not user_has_permission(room, 'can_share'): abort(403) user = User.query.get_or_404(user_id) # Remove user from room members if user in room.members: room.members.remove(user) # Remove permissions permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first() if permission: db.session.delete(permission) db.session.commit() log_event( event_type='room_member_remove', details={ 'room_id': room_id, 'room_name': room.name, 'removed_user_id': user_id, 'removed_user_name': f"{user.username} {user.last_name}", 'removed_by': f"{current_user.username} {current_user.last_name}" }, user_id=current_user.id ) return jsonify({'success': True}) @room_members_bp.route('//members//permissions', methods=['PUT']) @login_required def update_member_permissions(room_id, user_id): room = Room.query.get_or_404(room_id) if not user_has_permission(room, 'can_share'): abort(403) data = request.get_json() permissions = data.get('permissions', {}) permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first() if not permission: return jsonify({'error': 'User is not a member of this room'}), 404 permission.can_view = permissions.get('can_view', permission.can_view) permission.can_download = permissions.get('can_download', permission.can_download) permission.can_upload = permissions.get('can_upload', permission.can_upload) permission.can_delete = permissions.get('can_delete', permission.can_delete) permission.can_rename = permissions.get('can_rename', permission.can_rename) permission.can_move = permissions.get('can_move', permission.can_move) permission.can_share = permissions.get('can_share', permission.can_share) db.session.commit() log_event( event_type='room_member_permissions_update', details={ 'room_id': room_id, 'room_name': room.name, 'user_id': user_id, 'user_name': f"{permission.user.username} {permission.user.last_name}", 'updated_by': f"{current_user.username} {current_user.last_name}", 'old_permissions': { 'can_view': permission.can_view, 'can_download': permission.can_download, 'can_upload': permission.can_upload, 'can_delete': permission.can_delete, 'can_rename': permission.can_rename, 'can_move': permission.can_move, 'can_share': permission.can_share }, 'new_permissions': permissions }, user_id=current_user.id ) return jsonify({'success': True})