from flask import Blueprint, render_template, redirect, url_for, flash, request from flask_login import login_required, current_user from models import db, Room, User, RoomMemberPermission, RoomFile from forms import RoomForm from routes.room_files import user_has_permission rooms_bp = Blueprint('rooms', __name__, url_prefix='/rooms') @rooms_bp.route('/') @login_required def rooms(): search = request.args.get('search', '').strip() if current_user.is_admin: query = Room.query else: query = Room.query.filter(Room.members.any(id=current_user.id)) if search: query = query.filter(Room.name.ilike(f'%{search}%')) rooms = query.order_by(Room.created_at.desc()).all() return render_template('rooms/rooms.html', rooms=rooms, search=search) @rooms_bp.route('/create', methods=['GET', 'POST']) @login_required def create_room(): form = RoomForm() if form.validate_on_submit(): room = Room( name=form.name.data, description=form.description.data, created_by=current_user.id ) # Add creator as a member with full permissions room.members.append(current_user) creator_permission = RoomMemberPermission( room=room, user=current_user, can_view=True, can_upload=True, can_delete=True, can_share=True ) db.session.add(room) db.session.add(creator_permission) db.session.commit() flash('Room created successfully!', 'success') return redirect(url_for('rooms.rooms')) return render_template('rooms/create_room.html', form=form) @rooms_bp.route('/') @login_required def room(room_id): room = Room.query.get_or_404(room_id) # Admins always have access if not current_user.is_admin: is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None if not is_member: flash('You do not have access to this room.', 'error') return redirect(url_for('rooms.rooms')) can_download = user_has_permission(room, 'can_download') can_upload = user_has_permission(room, 'can_upload') can_delete = user_has_permission(room, 'can_delete') can_rename = user_has_permission(room, 'can_rename') can_move = user_has_permission(room, 'can_move') can_share = user_has_permission(room, 'can_share') return render_template('rooms/room.html', room=room, can_download=can_download, can_upload=can_upload, can_delete=can_delete, can_rename=can_rename, can_move=can_move, can_share=can_share) @rooms_bp.route('//members') @login_required def room_members(room_id): room = Room.query.get_or_404(room_id) # Admins always have access if not current_user.is_admin: is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None if not is_member: flash('You do not have access to this room.', 'error') return redirect(url_for('rooms.rooms')) if not current_user.is_admin: flash('Only administrators can manage room members.', 'error') return redirect(url_for('rooms.room', room_id=room_id)) member_permissions = {p.user_id: p for p in room.member_permissions} available_users = User.query.filter(~User.id.in_(member_permissions.keys())).all() return render_template('rooms/room_members.html', room=room, available_users=available_users, member_permissions=member_permissions) @rooms_bp.route('//members/add', methods=['POST']) @login_required def add_member(room_id): room = Room.query.get_or_404(room_id) # Membership check using RoomMemberPermission is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None if not is_member: flash('You do not have access to this room.', 'error') return redirect(url_for('rooms.rooms')) if not current_user.is_admin: flash('Only administrators can manage room members.', 'error') return redirect(url_for('rooms.room', room_id=room_id)) user_id = request.form.get('user_id') if not user_id: flash('Please select a user to add.', 'error') return redirect(url_for('rooms.room_members', room_id=room_id)) user = User.query.get_or_404(user_id) # Check if already a member if RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user.id).first(): flash('User is already a member of this room.', 'error') else: perm = RoomMemberPermission(room_id=room_id, user_id=user.id, can_view=True) db.session.add(perm) # Ensure user is added to the room.members relationship if user not in room.members: room.members.append(user) db.session.commit() flash(f'{user.username} has been added to the room.', 'success') return redirect(url_for('rooms.room_members', room_id=room_id)) @rooms_bp.route('//members//remove', methods=['POST']) @login_required def remove_member(room_id, user_id): room = Room.query.get_or_404(room_id) # Membership check using RoomMemberPermission is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None if not is_member: flash('You do not have access to this room.', 'error') return redirect(url_for('rooms.rooms')) if not current_user.is_admin: flash('Only administrators can manage room members.', 'error') return redirect(url_for('rooms.room', room_id=room_id)) if user_id == room.created_by: flash('Cannot remove the room creator.', 'error') else: perm = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first() if not perm: flash('User is not a member of this room.', 'error') else: db.session.delete(perm) db.session.commit() flash('User has been removed from the room.', 'success') return redirect(url_for('rooms.room_members', room_id=room_id)) @rooms_bp.route('//members//permissions', methods=['POST']) @login_required def update_member_permissions(room_id, user_id): room = Room.query.get_or_404(room_id) if not current_user.is_admin: flash('Only administrators can update permissions.', 'error') return redirect(url_for('rooms.room_members', room_id=room_id)) perm = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first() if not perm: flash('Member not found.', 'error') return redirect(url_for('rooms.room_members', room_id=room_id)) perm.can_view = bool(request.form.get('can_view')) perm.can_download = bool(request.form.get('can_download')) perm.can_upload = bool(request.form.get('can_upload')) perm.can_delete = bool(request.form.get('can_delete')) perm.can_rename = bool(request.form.get('can_rename')) perm.can_move = bool(request.form.get('can_move')) perm.can_share = bool(request.form.get('can_share')) db.session.commit() flash('Permissions updated.', 'success') return redirect(url_for('rooms.room_members', room_id=room_id)) @rooms_bp.route('//edit', methods=['GET', 'POST']) @login_required def edit_room(room_id): if not current_user.is_admin: flash('Only administrators can edit rooms.', 'error') return redirect(url_for('rooms.rooms')) room = Room.query.get_or_404(room_id) form = RoomForm() if form.validate_on_submit(): room.name = form.name.data room.description = form.description.data db.session.commit() flash('Room updated successfully!', 'success') return redirect(url_for('rooms.rooms')) # Pre-populate form with existing room data if request.method == 'GET': form.name.data = room.name form.description.data = room.description return render_template('rooms/edit_room.html', form=form, room=room) @rooms_bp.route('//delete', methods=['POST']) @login_required def delete_room(room_id): if not current_user.is_admin: flash('Only administrators can delete rooms.', 'error') return redirect(url_for('rooms.rooms')) room = Room.query.get_or_404(room_id) room_name = room.name try: print(f"Attempting to delete room {room_id} ({room_name})") # Delete the room (cascade will handle the rest) db.session.delete(room) db.session.commit() print("Room deleted successfully") flash(f'Room "{room_name}" has been deleted.', 'success') except Exception as e: db.session.rollback() flash('An error occurred while deleting the room. Please try again.', 'error') print(f"Error deleting room: {str(e)}") return redirect(url_for('rooms.rooms')) @rooms_bp.route('/room//view/') @login_required def view_file(room_id, file_path): room = Room.query.get_or_404(room_id) # Check if user has access to the room if not current_user.is_admin and current_user not in room.members: flash('You do not have access to this room.', 'error') return redirect(url_for('rooms.rooms')) file = RoomFile.query.filter_by(room_id=room_id, path=file_path).first_or_404() # Continue with file viewing logic...