Fixed work create and some security issues
This commit is contained in:
parent
5a201cef85
commit
e74043ae67
@ -9,7 +9,7 @@ class WorkCreateForm(forms.ModelForm, BaseForm):
|
|||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Work
|
model = Work
|
||||||
fields = ['name', 'composer', 'edition', 'code', 'running_time', 'notes']
|
fields = ['name', 'composer', 'edition', 'code', 'orchestration', 'licence', 'running_time', 'notes']
|
||||||
|
|
||||||
class PlaylistAddForm(forms.Form):
|
class PlaylistAddForm(forms.Form):
|
||||||
work = forms.ModelChoiceField(queryset=Work.objects.all())
|
work = forms.ModelChoiceField(queryset=Work.objects.all())
|
||||||
|
|||||||
33
app/library/migrations/0012_auto_20230220_1013.py
Normal file
33
app/library/migrations/0012_auto_20230220_1013.py
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# Generated by Django 3.2.7 on 2023-02-19 23:13
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import django.db.models.deletion
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('library', '0011_section_page'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RemoveField(
|
||||||
|
model_name='orchestration',
|
||||||
|
name='ensemble',
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='orchestration',
|
||||||
|
name='collection',
|
||||||
|
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='custom_orchestrations', to='library.collection'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='work',
|
||||||
|
name='original_parts',
|
||||||
|
field=models.JSONField(blank=True, default=dict, help_text='Original printed parts (IMSLP format)'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='work',
|
||||||
|
name='running_time',
|
||||||
|
field=models.DurationField(blank=True, help_text='Running time in mm:ss format', null=True),
|
||||||
|
),
|
||||||
|
]
|
||||||
@ -33,7 +33,9 @@ class Orchestration(models.Model):
|
|||||||
Stores a list of instrument codes as a single entry (space delimited).
|
Stores a list of instrument codes as a single entry (space delimited).
|
||||||
Can be global or ensemble specific
|
Can be global or ensemble specific
|
||||||
"""
|
"""
|
||||||
ensemble = models.ForeignKey('interface.Ensemble', on_delete=models.CASCADE, related_name="orchestrations", null=True, blank=True)
|
# TODO: change ensemble to collection
|
||||||
|
#ensemble = models.ForeignKey('interface.Ensemble', on_delete=models.CASCADE, related_name="orchestrations", null=True, blank=True)
|
||||||
|
collection = models.ForeignKey('Collection', on_delete=models.CASCADE, related_name="custom_orchestrations", null=True, blank=True)
|
||||||
name = models.CharField(max_length=100)
|
name = models.CharField(max_length=100)
|
||||||
instruments = models.TextField()
|
instruments = models.TextField()
|
||||||
|
|
||||||
@ -181,7 +183,7 @@ class Work(models.Model):
|
|||||||
max_projects = models.IntegerField(default=1, help_text="How many active projects can this work be attached to")
|
max_projects = models.IntegerField(default=1, help_text="How many active projects can this work be attached to")
|
||||||
|
|
||||||
# Extra info
|
# Extra info
|
||||||
running_time = models.DurationField(null=True, blank=True, help_text="Running time in seconds")
|
running_time = models.DurationField(null=True, blank=True, help_text="Running time in mm:ss format")
|
||||||
notes = models.TextField(blank=True)
|
notes = models.TextField(blank=True)
|
||||||
|
|
||||||
# Allocation to projects
|
# Allocation to projects
|
||||||
|
|||||||
@ -161,7 +161,7 @@ class WorkListView(CollectionMixin, ListView):
|
|||||||
|
|
||||||
def get_works(self):
|
def get_works(self):
|
||||||
collections = CollectionMixin.get_queryset(self)
|
collections = CollectionMixin.get_queryset(self)
|
||||||
return Work.objects.filter(collection__in=collections).order_by('name').distinct().select_related('collection')
|
return Work.objects.filter(collection__in=collections).select_related('collection')
|
||||||
|
|
||||||
def get_context_data(self, *args, **kwargs):
|
def get_context_data(self, *args, **kwargs):
|
||||||
data = super(WorkListView, self).get_context_data(*args, **kwargs)
|
data = super(WorkListView, self).get_context_data(*args, **kwargs)
|
||||||
@ -180,15 +180,16 @@ class WorkListView(CollectionMixin, ListView):
|
|||||||
else:
|
else:
|
||||||
works = works.filter(Q(name__contains=q) | Q(composer__contains=q) | Q(meta_info__value__contains=q))
|
works = works.filter(Q(name__contains=q) | Q(composer__contains=q) | Q(meta_info__value__contains=q))
|
||||||
|
|
||||||
return works.order_by('name', 'pk')
|
return works.order_by('name', 'composer', 'edition', 'pk')
|
||||||
|
|
||||||
class CollectionWorkListView(WorkListView):
|
class CollectionWorkListView(WorkListView):
|
||||||
|
|
||||||
def get_works(self):
|
def get_works(self):
|
||||||
works = Work.objects.filter(collection=self.kwargs['collection']).distinct()
|
works = Work.objects.filter(collection=self.kwargs['collection'])
|
||||||
|
|
||||||
loan_count = Count('project_items', Q(project_items__checkout__lte=now(), project_items__returned=None))
|
if self.request.is_admin:
|
||||||
works = works.annotate(loan_count=loan_count)
|
loan_count = Count('project_items', Q(project_items__checkout__lte=now(), project_items__returned=None))
|
||||||
|
works = works.annotate(loan_count=loan_count)
|
||||||
return works
|
return works
|
||||||
|
|
||||||
def get_context_data(self, *args, **kwargs):
|
def get_context_data(self, *args, **kwargs):
|
||||||
@ -202,6 +203,12 @@ class WorkAddView(CollectionMixin, FormView):
|
|||||||
|
|
||||||
title = "Add a new work"
|
title = "Add a new work"
|
||||||
|
|
||||||
|
def get_form(self, form_class=None):
|
||||||
|
form = super().get_form(form_class)
|
||||||
|
qs = models.Orchestration.objects.filter(Q(collection=None) | Q(collection=self.collection))
|
||||||
|
form.fields['orchestration'].queryset = qs.order_by('-collection_id', 'pk')
|
||||||
|
return form
|
||||||
|
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
work = form.save(commit=False)
|
work = form.save(commit=False)
|
||||||
#work.ensemble_id = self.request.ensemble_id
|
#work.ensemble_id = self.request.ensemble_id
|
||||||
@ -219,19 +226,12 @@ class WorkAddView(CollectionMixin, FormView):
|
|||||||
else:
|
else:
|
||||||
return redirect('work_detail', collection=self.collection.pk, pk=work.pk)
|
return redirect('work_detail', collection=self.collection.pk, pk=work.pk)
|
||||||
|
|
||||||
class WorkMixin(object):
|
class WorkDetailView(CollectionMixin, DetailView):
|
||||||
|
|
||||||
def get_queryset(self):
|
|
||||||
if self.request.is_admin:
|
|
||||||
return Work.objects.all()
|
|
||||||
|
|
||||||
return Work.objects.filter(collection__allowed_ensembles__ensemble=self.request.ensemble_id)
|
|
||||||
|
|
||||||
class WorkDetailView(CollectionMixin, WorkMixin, DetailView):
|
|
||||||
pass
|
pass
|
||||||
|
|
||||||
class WorkUpdateView(CollectionMixin, WorkMixin, UpdateView):
|
class WorkUpdateView(CollectionMixin, UpdateView):
|
||||||
fields = ['name', 'composer', 'edition', 'code', 'licence', 'max_projects', 'running_time', 'notes']
|
#fields = ['name', 'composer', 'edition', 'code', 'orchestration', 'licence', 'max_projects', 'running_time', 'notes']
|
||||||
|
form_class = forms.WorkCreateForm
|
||||||
template_name = 'interface/default_form.html'
|
template_name = 'interface/default_form.html'
|
||||||
|
|
||||||
def get_success_url(self):
|
def get_success_url(self):
|
||||||
@ -266,7 +266,7 @@ class WorkAddToProject(ProjectMixin, FormView):
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
class WorkPartSetView(EnsembleMixin, DetailView):
|
class WorkPartSetView(CollectionMixin, DetailView):
|
||||||
template_name = "library/work_partset.html"
|
template_name = "library/work_partset.html"
|
||||||
|
|
||||||
def post(self, request, *args, **kwargs):
|
def post(self, request, *args, **kwargs):
|
||||||
|
|||||||
@ -32,8 +32,7 @@ class WorkExportView(EnsembleMixin, WorkMixin, View):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from library.views import WorkMixin
|
from interface.views import AuthorizedResourceMixin
|
||||||
from interface.views import EnsembleMixin
|
|
||||||
|
|
||||||
from rest_framework import routers, serializers, viewsets
|
from rest_framework import routers, serializers, viewsets
|
||||||
|
|
||||||
@ -168,25 +167,25 @@ class CollectionSerializer(serializers.Serializer):
|
|||||||
|
|
||||||
from rest_framework import generics
|
from rest_framework import generics
|
||||||
|
|
||||||
class CollectionExportView(generics.RetrieveAPIView):
|
class CollectionExportView(AuthorizedResourceMixin, generics.RetrieveAPIView):
|
||||||
serializer_class = CollectionSerializer
|
serializer_class = CollectionSerializer
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
return Collection.objects.filter(administrators=self.request.user)
|
return Collection.objects.filter(administrators=self.request.user)
|
||||||
|
|
||||||
class WorkExportView(generics.RetrieveAPIView):
|
class WorkExportView(AuthorizedResourceMixin, generics.RetrieveAPIView):
|
||||||
serializer_class = WorkSerializer
|
serializer_class = WorkSerializer
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
return Work.objects.filter(collection__administrators=self.request.user)
|
return Work.objects.filter(collection__administrators=self.request.user)
|
||||||
|
|
||||||
class WorkImportView(generics.CreateAPIView):
|
class WorkImportView(AuthorizedResourceMixin, generics.CreateAPIView):
|
||||||
serializer_class = WorkSerializer
|
serializer_class = WorkSerializer
|
||||||
|
|
||||||
def perform_create(self, serializer):
|
def perform_create(self, serializer):
|
||||||
serializer.save(collection_id=self.kwargs['pk'])
|
serializer.save(collection_id=self.kwargs['pk'])
|
||||||
|
|
||||||
class CollectionImportView(generics.CreateAPIView):
|
class CollectionImportView(AuthorizedResourceMixin, generics.CreateAPIView):
|
||||||
serializer_class = CollectionSerializer
|
serializer_class = CollectionSerializer
|
||||||
|
|
||||||
def perform_create(self, serializer):
|
def perform_create(self, serializer):
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user