create, edit book

2023-05-11 11:02:12 +03:00 · 2023-05-11 11:02:12 +03:00 · 1e1c799d41
parent a0591386b2
commit 1e1c799d41
5 changed files with 61 additions and 9 deletions
--- a/app/controllers/init.py
+++ b/app/controllers/init.py
@ -1,3 +1,4 @@
 # flake8: noqa F401
 from .pagination import create_pagination
 from .breadcrumbs import create_breadcrumbs
+from .book_verify import register_book_verify_route, book_validator
--- a/app/controllers/book_verify.py
+++ b/app/controllers/book_verify.py
@ -0,0 +1,46 @@
+from flask_login import current_user
+from flask import Response, flash, redirect, url_for, request
+
+from app import models as m, db
+from app.logger import log
+
+
+class BookRouteVerifier:
+    _routes = []
+
+    @classmethod
+    def add_route(cls, route_name: str):
+        cls._routes.append(route_name)
+
+    @classmethod
+    def remove_route(cls, route_name: str):
+        cls._routes.remove(route_name)
+
+    @classmethod
+    def is_present(cls, route_name: str) -> bool:
+        return route_name in cls._routes
+
+
+def register_book_verify_route(blueprint_name: str):
+    def decorator(func: callable):
+        BookRouteVerifier.add_route(f"{blueprint_name}.{func.__name__}")
+        return func
+
+    return decorator
+
+
+def book_validator() -> Response | None:
+    if not BookRouteVerifier.is_present(request.endpoint):
+        return None
+
+    request_args = (
+        {**request.view_args, **request.args} if request.view_args else {**request.args}
+    )
+
+    book_id = request_args.get("book_id")
+    if book_id:
+        book: m.Book = db.session.get(m.Book, book_id)
+        if not book or book.is_deleted or book.owner != current_user:
+            log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
+            flash("You are not owner of this book!", "danger")
+            return redirect(url_for("book.my_books"))
--- a/app/forms/book.py
+++ b/app/forms/book.py
@ -18,13 +18,6 @@ class EditBookForm(BaseBookForm):
    book_id = StringField("User ID", [DataRequired()])
    submit = SubmitField("Edit book")

-    def validate_book_id(self, field):
-        book_id = field.data
-        book: m.Book = db.session.get(m.Book, book_id)
-        if not book or book.is_deleted:
-            log(log.WARNING, "Book with id [%s] not found", book_id)
-            raise ValidationError("Book not found")
-
    def validate_label(self, field):
        label = field.data
        book_id = self.book_id.data
--- a/app/views/book.py
+++ b/app/views/book.py
@ -8,13 +8,24 @@ from flask import (
 )
 from flask_login import login_required, current_user

-from app.controllers import create_pagination, create_breadcrumbs
+from app.controllers import (
+    create_pagination,
+    create_breadcrumbs,
+    register_book_verify_route,
+    book_validator,
+)
 from app import models as m, db, forms as f
 from app.logger import log

 bp = Blueprint("book", __name__, url_prefix="/book")


+@bp.before_request
+def before_request():
+    if res := book_validator():
+        return res
+
+
@bp.route("/all", methods=["GET"])
 def get_all():
    q = request.args.get("q", type=str, default=None)
@ -77,6 +88,7 @@ def create():


@bp.route("/<int:book_id>/edit", methods=["POST"])
+@register_book_verify_route(bp.name)
@login_required
 def edit(book_id: int):
    form = f.EditBookForm()
--- a/tests/test_book.py
+++ b/tests/test_book.py
@ -72,7 +72,7 @@ def test_create_edit_book(client: FlaskClient):
    )

    assert response.status_code == 200
-    assert b"Book not found" in response.data
+    assert b"You are not owner of this book!" in response.data

    response: Response = client.post(
        f"/book/{book.id}/edit",