121 lines
4.6 KiB
Python
121 lines
4.6 KiB
Python
from flask import Blueprint, jsonify, request, abort
|
|
from flask_login import login_required, current_user
|
|
from models import db, Room, User, RoomMemberPermission
|
|
from utils import user_has_permission
|
|
|
|
room_members_bp = Blueprint('room_members', __name__)
|
|
|
|
@room_members_bp.route('/<int:room_id>/members', methods=['GET'])
|
|
@login_required
|
|
def list_room_members(room_id):
|
|
room = Room.query.get_or_404(room_id)
|
|
if not user_has_permission(room, 'can_view'):
|
|
abort(403)
|
|
|
|
members = []
|
|
for member in room.members:
|
|
permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=member.id).first()
|
|
members.append({
|
|
'id': member.id,
|
|
'username': member.username,
|
|
'last_name': member.last_name,
|
|
'email': member.email,
|
|
'profile_picture': member.profile_picture,
|
|
'permissions': {
|
|
'can_view': permission.can_view if permission else False,
|
|
'can_download': permission.can_download if permission else False,
|
|
'can_upload': permission.can_upload if permission else False,
|
|
'can_delete': permission.can_delete if permission else False,
|
|
'can_rename': permission.can_rename if permission else False,
|
|
'can_move': permission.can_move if permission else False,
|
|
'can_share': permission.can_share if permission else False
|
|
}
|
|
})
|
|
|
|
return jsonify(members)
|
|
|
|
@room_members_bp.route('/<int:room_id>/members', methods=['POST'])
|
|
@login_required
|
|
def add_room_member(room_id):
|
|
room = Room.query.get_or_404(room_id)
|
|
if not user_has_permission(room, 'can_share'):
|
|
abort(403)
|
|
|
|
data = request.get_json()
|
|
user_id = data.get('user_id')
|
|
permissions = data.get('permissions', {})
|
|
|
|
if not user_id:
|
|
return jsonify({'error': 'User ID is required'}), 400
|
|
|
|
user = User.query.get_or_404(user_id)
|
|
|
|
# Add user to room members
|
|
if user not in room.members:
|
|
room.members.append(user)
|
|
|
|
# Update permissions
|
|
permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first()
|
|
if not permission:
|
|
permission = RoomMemberPermission(room_id=room_id, user_id=user_id)
|
|
db.session.add(permission)
|
|
|
|
permission.can_view = permissions.get('can_view', True)
|
|
permission.can_download = permissions.get('can_download', False)
|
|
permission.can_upload = permissions.get('can_upload', False)
|
|
permission.can_delete = permissions.get('can_delete', False)
|
|
permission.can_rename = permissions.get('can_rename', False)
|
|
permission.can_move = permissions.get('can_move', False)
|
|
permission.can_share = permissions.get('can_share', False)
|
|
|
|
db.session.commit()
|
|
|
|
return jsonify({'success': True})
|
|
|
|
@room_members_bp.route('/<int:room_id>/members/<int:user_id>', methods=['DELETE'])
|
|
@login_required
|
|
def remove_room_member(room_id, user_id):
|
|
room = Room.query.get_or_404(room_id)
|
|
if not user_has_permission(room, 'can_share'):
|
|
abort(403)
|
|
|
|
user = User.query.get_or_404(user_id)
|
|
|
|
# Remove user from room members
|
|
if user in room.members:
|
|
room.members.remove(user)
|
|
|
|
# Remove permissions
|
|
permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first()
|
|
if permission:
|
|
db.session.delete(permission)
|
|
|
|
db.session.commit()
|
|
|
|
return jsonify({'success': True})
|
|
|
|
@room_members_bp.route('/<int:room_id>/members/<int:user_id>/permissions', methods=['PUT'])
|
|
@login_required
|
|
def update_member_permissions(room_id, user_id):
|
|
room = Room.query.get_or_404(room_id)
|
|
if not user_has_permission(room, 'can_share'):
|
|
abort(403)
|
|
|
|
data = request.get_json()
|
|
permissions = data.get('permissions', {})
|
|
|
|
permission = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first()
|
|
if not permission:
|
|
return jsonify({'error': 'User is not a member of this room'}), 404
|
|
|
|
permission.can_view = permissions.get('can_view', permission.can_view)
|
|
permission.can_download = permissions.get('can_download', permission.can_download)
|
|
permission.can_upload = permissions.get('can_upload', permission.can_upload)
|
|
permission.can_delete = permissions.get('can_delete', permission.can_delete)
|
|
permission.can_rename = permissions.get('can_rename', permission.can_rename)
|
|
permission.can_move = permissions.get('can_move', permission.can_move)
|
|
permission.can_share = permissions.get('can_share', permission.can_share)
|
|
|
|
db.session.commit()
|
|
|
|
return jsonify({'success': True}) |