open-law/app/views/book/settings.py

from flask import (
    render_template,
    flash,
    redirect,
    url_for,
)
from flask_login import login_required

from app.controllers import (
    register_book_verify_route,
)
from app import models as m, db, forms as f
from app.controllers.require_permission import require_permission
from app.logger import log
from .bp import bp


@bp.route("/<int:book_id>/settings", methods=["GET"])
@register_book_verify_route(bp.name)
@require_permission(
    entity_type=m.Permission.Entity.BOOK,
    access=[m.Permission.Access.U],
    entities=[m.Book],
)
@login_required
def settings(book_id: int):
    book: m.Book = db.session.get(m.Book, book_id)

    return render_template(
        "book/settings.html", book=book, roles=m.BookContributor.Roles
    )


@bp.route("/<int:book_id>/add_contributor", methods=["POST"])
@register_book_verify_route(bp.name)
@require_permission(
    entity_type=m.Permission.Entity.BOOK,
    access=[m.Permission.Access.U],
    entities=[m.Book],
)
@login_required
def add_contributor(book_id: int):
    form = f.AddContributorForm()

    if form.validate_on_submit():
        user_id = form.user_id.data
        book_contributor = m.BookContributor.query.filter_by(
            user_id=user_id, book_id=book_id
        ).first()
        if book_contributor:
            log(log.INFO, "Contributor: [%s] already exists", book_contributor)
            flash("Already exists!", "danger")
            return redirect(url_for("book.settings", book_id=book_id))

        role = m.BookContributor.Roles(int(form.role.data))
        contributor = m.BookContributor(user_id=user_id, book_id=book_id, role=role)
        log(log.INFO, "New contributor [%s]", contributor)
        contributor.save()

        groups = (
            db.session.query(m.AccessGroup)
            .filter(
                m.BookAccessGroups.book_id == book_id,
                m.AccessGroup.id == m.BookAccessGroups.access_group_id,
                m.AccessGroup.name == role.name.lower(),
            )
            .all()
        )
        for group in groups:
            m.UserAccessGroups(user_id=user_id, access_group_id=group.id).save()

        flash("Contributor was added!", "success")
        return redirect(url_for("book.settings", book_id=book_id))
    else:
        log(log.ERROR, "Book create errors: [%s]", form.errors)
        for field, errors in form.errors.items():
            field_label = form._fields[field].label.text
            for error in errors:
                flash(error.replace("Field", field_label), "danger")
        return redirect(url_for("book.settings", book_id=book_id))


@bp.route("/<int:book_id>/delete_contributor", methods=["POST"])
@register_book_verify_route(bp.name)
@require_permission(
    entity_type=m.Permission.Entity.BOOK,
    access=[m.Permission.Access.U],
    entities=[m.Book],
)
@login_required
def delete_contributor(book_id: int):
    form = f.DeleteContributorForm()

    if form.validate_on_submit():
        user_id = int(form.user_id.data)
        book_contributor = m.BookContributor.query.filter_by(
            user_id=user_id, book_id=book_id
        ).first()
        if not book_contributor:
            log(
                log.INFO,
                "BookContributor does not exists user: [%s], book: [%s]",
                user_id,
                book_id,
            )
            flash("Does not exists!", "success")
            return redirect(url_for("book.settings", book_id=book_id))

        book: m.Book = db.session.get(m.Book, book_id)
        user: m.User = db.session.get(m.User, user_id)
        for access_group in book.access_groups:
            access_group: m.AccessGroup
            if user in access_group.users:
                log(
                    log.INFO,
                    "Delete user [%s] from AccessGroup [%s]",
                    user,
                    access_group,
                )
                relationships_to_delete = m.UserAccessGroups.query.filter_by(
                    user_id=user_id, access_group_id=access_group.id
                ).all()
                for relationship in relationships_to_delete:
                    db.session.delete(relationship)

        log(log.INFO, "Delete BookContributor [%s]", book_contributor)
        db.session.delete(book_contributor)
        db.session.commit()

        flash("Success!", "success")
        return redirect(url_for("book.settings", book_id=book_id))
    else:
        log(log.ERROR, "Book create errors: [%s]", form.errors)
        for field, errors in form.errors.items():
            field_label = form._fields[field].label.text
            for error in errors:
                flash(error.replace("Field", field_label), "danger")
        return redirect(url_for("book.settings", book_id=book_id))


@bp.route("/<int:book_id>/edit_contributor_role", methods=["POST"])
@register_book_verify_route(bp.name)
@require_permission(
    entity_type=m.Permission.Entity.BOOK,
    access=[m.Permission.Access.U],
    entities=[m.Book],
)
@login_required
def edit_contributor_role(book_id: int):
    form = f.EditContributorRoleForm()

    if form.validate_on_submit():
        book_contributor: m.BookContributor = m.BookContributor.query.filter_by(
            user_id=int(form.user_id.data), book_id=book_id
        ).first()
        if not book_contributor:
            log(
                log.INFO,
                "BookContributor does not exists user: [%s], book: [%s]",
                form.user_id.data,
                book_id,
            )
            flash("Does not exists!", "success")
            return redirect(url_for("book.settings", book_id=book_id))

        role = m.BookContributor.Roles(int(form.role.data))

        # change access group
        current_group = m.AccessGroup.query.filter_by(
            book_id=book_id, name=book_contributor.role.name.lower()
        ).first()
        user_access_group = m.UserAccessGroups.query.filter_by(
            user_id=book_contributor.user_id, access_group_id=current_group.id
        ).first()
        if user_access_group:
            db.session.delete(user_access_group)

        new_group = m.AccessGroup.query.filter_by(
            book_id=book_id, name=role.name.lower()
        ).first()
        m.UserAccessGroups(
            user_id=book_contributor.user_id, access_group_id=new_group.id
        ).save(False)

        book_contributor.role = role

        log(
            log.INFO,
            "Update contributor [%s] role: new role: [%s]",
            book_contributor,
            role,
        )
        book_contributor.save()

        flash("Success!", "success")
        return redirect(url_for("book.settings", book_id=book_id))
    else:
        log(log.ERROR, "Book create errors: [%s]", form.errors)
        for field, errors in form.errors.items():
            field_label = form._fields[field].label.text
            for error in errors:
                flash(error.replace("Field", field_label), "danger")
        return redirect(url_for("book.settings", book_id=book_id))
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`from flask import (`
			`render_template,`
			`flash,`
			`redirect,`
			`url_for,`
			`)`
			`from flask_login import login_required`

			`from app.controllers import (`
			`register_book_verify_route,`
			`)`
			`from app import models as m, db, forms as f`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`from app.controllers.require_permission import require_permission`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`from app.logger import log`
			`from .bp import bp`


			`@bp.route("/<int:book_id>/settings", methods=["GET"])`
			`@register_book_verify_route(bp.name)`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`@require_permission(`
			`entity_type=m.Permission.Entity.BOOK,`
			`access=[m.Permission.Access.U],`
connected permissions checks and testing editor access 2023-05-31 11:18:11 +00:00			`entities=[m.Book],`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`)`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`@login_required`
			`def settings(book_id: int):`
			`book: m.Book = db.session.get(m.Book, book_id)`

			`return render_template(`
			`"book/settings.html", book=book, roles=m.BookContributor.Roles`
			`)`


			`@bp.route("/<int:book_id>/add_contributor", methods=["POST"])`
			`@register_book_verify_route(bp.name)`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`@require_permission(`
			`entity_type=m.Permission.Entity.BOOK,`
			`access=[m.Permission.Access.U],`
connected permissions checks and testing editor access 2023-05-31 11:18:11 +00:00			`entities=[m.Book],`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`)`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`@login_required`
			`def add_contributor(book_id: int):`
			`form = f.AddContributorForm()`

			`if form.validate_on_submit():`
adding contributor to access group 2023-05-25 11:11:19 +00:00			`user_id = form.user_id.data`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`book_contributor = m.BookContributor.query.filter_by(`
adding contributor to access group 2023-05-25 11:11:19 +00:00			`user_id=user_id, book_id=book_id`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`).first()`
			`if book_contributor:`
			`log(log.INFO, "Contributor: [%s] already exists", book_contributor)`
			`flash("Already exists!", "danger")`
			`return redirect(url_for("book.settings", book_id=book_id))`

			`role = m.BookContributor.Roles(int(form.role.data))`
adding contributor to access group 2023-05-25 11:11:19 +00:00			`contributor = m.BookContributor(user_id=user_id, book_id=book_id, role=role)`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`log(log.INFO, "New contributor [%s]", contributor)`
			`contributor.save()`

adding contributor to access group 2023-05-25 11:11:19 +00:00			`groups = (`
			`db.session.query(m.AccessGroup)`
			`.filter(`
			`m.BookAccessGroups.book_id == book_id,`
			`m.AccessGroup.id == m.BookAccessGroups.access_group_id,`
			`m.AccessGroup.name == role.name.lower(),`
			`)`
			`.all()`
			`)`
			`for group in groups:`
			`m.UserAccessGroups(user_id=user_id, access_group_id=group.id).save()`

split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`flash("Contributor was added!", "success")`
			`return redirect(url_for("book.settings", book_id=book_id))`
			`else:`
			`log(log.ERROR, "Book create errors: [%s]", form.errors)`
			`for field, errors in form.errors.items():`
			`field_label = form._fields[field].label.text`
			`for error in errors:`
			`flash(error.replace("Field", field_label), "danger")`
			`return redirect(url_for("book.settings", book_id=book_id))`


			`@bp.route("/<int:book_id>/delete_contributor", methods=["POST"])`
			`@register_book_verify_route(bp.name)`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`@require_permission(`
			`entity_type=m.Permission.Entity.BOOK,`
			`access=[m.Permission.Access.U],`
connected permissions checks and testing editor access 2023-05-31 11:18:11 +00:00			`entities=[m.Book],`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`)`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`@login_required`
			`def delete_contributor(book_id: int):`
			`form = f.DeleteContributorForm()`

			`if form.validate_on_submit():`
adding user to access group on adding 2023-05-25 14:13:40 +00:00			`user_id = int(form.user_id.data)`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`book_contributor = m.BookContributor.query.filter_by(`
adding user to access group on adding 2023-05-25 14:13:40 +00:00			`user_id=user_id, book_id=book_id`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`).first()`
			`if not book_contributor:`
			`log(`
			`log.INFO,`
			`"BookContributor does not exists user: [%s], book: [%s]",`
adding user to access group on adding 2023-05-25 14:13:40 +00:00			`user_id,`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`book_id,`
			`)`
			`flash("Does not exists!", "success")`
			`return redirect(url_for("book.settings", book_id=book_id))`

adding user to access group on adding 2023-05-25 14:13:40 +00:00			`book: m.Book = db.session.get(m.Book, book_id)`
			`user: m.User = db.session.get(m.User, user_id)`
			`for access_group in book.access_groups:`
			`access_group: m.AccessGroup`
			`if user in access_group.users:`
			`log(`
			`log.INFO,`
			`"Delete user [%s] from AccessGroup [%s]",`
			`user,`
			`access_group,`
			`)`
			`relationships_to_delete = m.UserAccessGroups.query.filter_by(`
			`user_id=user_id, access_group_id=access_group.id`
			`).all()`
			`for relationship in relationships_to_delete:`
			`db.session.delete(relationship)`

split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`log(log.INFO, "Delete BookContributor [%s]", book_contributor)`
			`db.session.delete(book_contributor)`
			`db.session.commit()`

			`flash("Success!", "success")`
			`return redirect(url_for("book.settings", book_id=book_id))`
			`else:`
			`log(log.ERROR, "Book create errors: [%s]", form.errors)`
			`for field, errors in form.errors.items():`
			`field_label = form._fields[field].label.text`
			`for error in errors:`
			`flash(error.replace("Field", field_label), "danger")`
			`return redirect(url_for("book.settings", book_id=book_id))`


			`@bp.route("/<int:book_id>/edit_contributor_role", methods=["POST"])`
			`@register_book_verify_route(bp.name)`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`@require_permission(`
			`entity_type=m.Permission.Entity.BOOK,`
			`access=[m.Permission.Access.U],`
connected permissions checks and testing editor access 2023-05-31 11:18:11 +00:00			`entities=[m.Book],`
require_permission, start connecting permissions to routes 2023-05-29 13:14:00 +00:00			`)`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`@login_required`
			`def edit_contributor_role(book_id: int):`
			`form = f.EditContributorRoleForm()`

			`if form.validate_on_submit():`
permissions checks on UI 2023-05-31 12:51:14 +00:00			`book_contributor: m.BookContributor = m.BookContributor.query.filter_by(`
split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`user_id=int(form.user_id.data), book_id=book_id`
			`).first()`
			`if not book_contributor:`
			`log(`
			`log.INFO,`
			`"BookContributor does not exists user: [%s], book: [%s]",`
			`form.user_id.data,`
			`book_id,`
			`)`
			`flash("Does not exists!", "success")`
			`return redirect(url_for("book.settings", book_id=book_id))`

			`role = m.BookContributor.Roles(int(form.role.data))`
permissions checks on UI 2023-05-31 12:51:14 +00:00
			`# change access group`
			`current_group = m.AccessGroup.query.filter_by(`
			`book_id=book_id, name=book_contributor.role.name.lower()`
			`).first()`
permissions Ui 2023-06-01 04:57:31 +00:00			`user_access_group = m.UserAccessGroups.query.filter_by(`
			`user_id=book_contributor.user_id, access_group_id=current_group.id`
			`).first()`
			`if user_access_group:`
			`db.session.delete(user_access_group)`
permissions checks on UI 2023-05-31 12:51:14 +00:00
			`new_group = m.AccessGroup.query.filter_by(`
			`book_id=book_id, name=role.name.lower()`
			`).first()`
			`m.UserAccessGroups(`
			`user_id=book_contributor.user_id, access_group_id=new_group.id`
			`).save(False)`

split view/book.py to multiple files 2023-05-17 16:21:53 +00:00			`book_contributor.role = role`

			`log(`
			`log.INFO,`
			`"Update contributor [%s] role: new role: [%s]",`
			`book_contributor,`
			`role,`
			`)`
			`book_contributor.save()`

			`flash("Success!", "success")`
			`return redirect(url_for("book.settings", book_id=book_id))`
			`else:`
			`log(log.ERROR, "Book create errors: [%s]", form.errors)`
			`for field, errors in form.errors.items():`
			`field_label = form._fields[field].label.text`
			`for error in errors:`
			`flash(error.replace("Field", field_label), "danger")`
			`return redirect(url_for("book.settings", book_id=book_id))`