collection/subcollection crud

2023-05-11 12:32:59 +03:00 · 2023-05-11 12:32:59 +03:00 · b231bdc396
parent e5c477ce3c
commit b231bdc396
3 changed files with 84 additions and 68 deletions
--- a/app/controllers/book_verify.py
+++ b/app/controllers/book_verify.py
@ -44,3 +44,25 @@ def book_validator() -> Response | None:
            log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
            flash("You are not owner of this book!", "danger")
            return redirect(url_for("book.my_books"))
+
+    collection_id = request_args.get("collection_id")
+    if collection_id:
+        collection: m.Collection = db.session.get(m.Collection, collection_id)
+        if not collection or collection.is_deleted:
+            log(log.WARNING, "Collection with id [%s] not found", collection_id)
+            flash("Collection not found", "danger")
+            return redirect(url_for("book.collection_view", book_id=book_id))
+
+    sub_collection_id = request_args.get("sub_collection_id")
+    if sub_collection_id:
+        sub_collection: m.Collection = db.session.get(m.Collection, sub_collection_id)
+        if not sub_collection or sub_collection.is_deleted:
+            log(log.WARNING, "Sub_collection with id [%s] not found", sub_collection_id)
+            flash("SubCollection not found", "danger")
+            return redirect(
+                url_for(
+                    "book.sub_collection_view",
+                    book_id=book_id,
+                    collection_id=collection_id,
+                )
+            )
--- a/app/views/book.py
+++ b/app/views/book.py
@ -405,20 +405,15 @@ def edit_contributor_role(book_id: int):

@bp.route("/<int:book_id>/create_collection", methods=["POST"])
@bp.route("/<int:book_id>/<int:collection_id>/create_sub_collection", methods=["POST"])
+@register_book_verify_route(bp.name)
@login_required
 def collection_create(book_id: int, collection_id: int | None = None):
    book: m.Book = db.session.get(m.Book, book_id)
-    if not book or book.owner != current_user or book.is_deleted:
-        log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
-        flash("You are not owner of this book!", "danger")
-        return redirect(url_for("book.my_books"))
+
+    redirect_url = url_for("book.collection_view", book_id=book_id)
    if collection_id:
        collection: m.Collection = db.session.get(m.Collection, collection_id)
-        if not collection or collection.is_deleted:
-            log(log.WARNING, "Collection with id [%s] not found", collection_id)
-            flash("Collection not found", "danger")
-            return redirect(url_for("book.collection_view", book_id=book_id))
-        elif collection.is_leaf:
+        if collection.is_leaf:
            log(log.WARNING, "Collection with id [%s] is leaf", collection_id)
            flash("You can't create subcollection for this collection", "danger")
            return redirect(
@ -429,8 +424,6 @@ def collection_create(book_id: int, collection_id: int | None = None):
                )
            )

-    redirect_url = url_for("book.collection_view", book_id=book_id)
-    if collection_id:
        redirect_url = url_for(
            "book.sub_collection_view", book_id=book_id, collection_id=collection_id
        )
@ -493,35 +486,15 @@ def collection_create(book_id: int, collection_id: int | None = None):
@bp.route(
    "/<int:book_id>/<int:collection_id>/<int:sub_collection_id>/edit", methods=["POST"]
 )
+@register_book_verify_route(bp.name)
@login_required
 def collection_edit(
    book_id: int, collection_id: int, sub_collection_id: int | None = None
 ):
    book: m.Book = db.session.get(m.Book, book_id)
-    if not book or book.owner != current_user or book.is_deleted:
-        log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
-        flash("You are not owner of this book!", "danger")
-        return redirect(url_for("book.my_books"))
-
    collection: m.Collection = db.session.get(m.Collection, collection_id)
-    if not collection or collection.is_deleted:
-        log(log.WARNING, "Collection with id [%s] not found", collection_id)
-        flash("Collection not found", "danger")
-        return redirect(url_for("book.collection_view", book_id=book_id))
-    collection_to_edit = collection
    if sub_collection_id:
-        sub_collection: m.Collection = db.session.get(m.Collection, sub_collection_id)
-        if not sub_collection or sub_collection.is_deleted:
-            log(log.WARNING, "Sub_collection with id [%s] not found", sub_collection_id)
-            flash("SubCollection not found", "danger")
-            return redirect(
-                url_for(
-                    "book.sub_collection_view",
-                    book_id=book_id,
-                    collection_id=collection_id,
-                )
-            )
-        collection_to_edit = sub_collection
+        collection = db.session.get(m.Collection, sub_collection_id)

    form = f.EditCollectionForm()
    redirect_url = url_for(
@ -535,13 +508,13 @@ def collection_edit(
        collection_query: m.Collection = m.Collection.query.filter_by(
            is_deleted=False,
            label=label,
-        ).filter(m.Collection.id != collection_to_edit.id)
+        ).filter(m.Collection.id != collection.id)

        if sub_collection_id:
            collection_query = collection_query.filter_by(parent_id=collection_id)
        else:
            collection_query = collection_query.filter_by(
-                parent_id=collection_to_edit.parent.id
+                parent_id=collection.parent.id
            )

        if collection_query.first():
@ -549,21 +522,21 @@ def collection_edit(
                log.INFO,
                "Collection with similar label already exists. Book: [%s], Collection: [%s], Label: [%s]",
                book.id,
-                collection.id,
+                collection_id,
                label,
            )
            flash("Collection label must be unique!", "danger")
            return redirect(redirect_url)

        if label:
-            collection_to_edit.label = label
+            collection.label = label

        about = form.about.data
        if about:
-            collection_to_edit.about = about
+            collection.about = about

-        log(log.INFO, "Edit collection [%s]", collection_to_edit.id)
-        collection_to_edit.save()
+        log(log.INFO, "Edit collection [%s]", collection.id)
+        collection.save()

        flash("Success!", "success")
        if sub_collection_id:
@ -588,40 +561,19 @@ def collection_edit(
    "/<int:book_id>/<int:collection_id>/<int:sub_collection_id>/delete",
    methods=["POST"],
 )
+@register_book_verify_route(bp.name)
@login_required
 def collection_delete(
    book_id: int, collection_id: int, sub_collection_id: int | None = None
 ):
-    book: m.Book = db.session.get(m.Book, book_id)
-    if not book or book.owner != current_user:
-        log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
-        flash("You are not owner of this book!", "danger")
-        return redirect(url_for("book.my_books"))
-
    collection: m.Collection = db.session.get(m.Collection, collection_id)
-    if not collection or collection.is_deleted:
-        log(log.WARNING, "Collection with id [%s] not found", collection_id)
-        flash("Collection not found", "danger")
-        return redirect(url_for("book.collection_view", book_id=book_id))
-    collection_to_delete = collection
    if sub_collection_id:
-        sub_collection: m.Collection = db.session.get(m.Collection, sub_collection_id)
-        if not sub_collection or sub_collection.is_deleted:
-            log(log.WARNING, "Sub_collection with id [%s] not found", sub_collection_id)
-            flash("SubCollection not found", "danger")
-            return redirect(
-                url_for(
-                    "book.sub_collection_view",
-                    book_id=book_id,
-                    collection_id=collection_id,
-                )
-            )
-        collection_to_delete = sub_collection
+        collection: m.Collection = db.session.get(m.Collection, sub_collection_id)

-    collection_to_delete.is_deleted = True
+    collection.is_deleted = True

-    log(log.INFO, "Delete collection [%s]", collection_to_delete.id)
-    collection_to_delete.save()
+    log(log.INFO, "Delete collection [%s]", collection.id)
+    collection.save()

    flash("Success!", "success")
    return redirect(
--- a/tests/test_book.py
+++ b/tests/test_book.py
@ -193,6 +193,15 @@ def test_delete_contributor(client: FlaskClient, runner: FlaskCliRunner):
    assert response.status_code == 200
    assert b"Does not exists!" in response.data

+    response: Response = client.post(
+        f"/book/{123}/add_contributor",
+        data=dict(user_id=1, role=m.BookContributor.Roles.MODERATOR),
+        follow_redirects=True,
+    )
+
+    assert response.status_code == 200
+    assert b"You are not owner of this book!" in response.data
+

 def test_edit_contributor_role(client: FlaskClient, runner: FlaskCliRunner):
    _, user = login(client)
@ -236,7 +245,6 @@ def test_edit_contributor_role(client: FlaskClient, runner: FlaskCliRunner):
    assert response.status_code == 200
    assert b"You are not owner of this book!" in response.data

-    moderators_book = m.Book(label="Test Book", user_id=moderator.id).save()
    response: Response = client.post(
        f"/book/999/add_contributor",
        data=dict(user_id=moderator.id, role=m.BookContributor.Roles.MODERATOR),
@ -276,6 +284,14 @@ def test_crud_collection(client: FlaskClient, runner: FlaskCliRunner):
    assert response.status_code == 200
    assert b"Collection label must be unique!" in response.data

+    response: Response = client.post(
+        f"/book/999/create_collection",
+        data=dict(label="Test Collection #1 Label", about="Test Collection #1 About"),
+        follow_redirects=True,
+    )
+    assert response.status_code == 200
+    assert b"You are not owner of this book!" in response.data
+
    collection: m.Collection = m.Collection.query.filter_by(
        label="Test Collection #1 Label"
    ).first()
@ -311,6 +327,14 @@ def test_crud_collection(client: FlaskClient, runner: FlaskCliRunner):
    assert response.status_code == 200
    assert b"Success!" in response.data

+    response: Response = client.post(
+        f"/book/999/{collection.id}/edit",
+        data=dict(label="Test Collection #1 Label", about="Test Collection #1 About"),
+        follow_redirects=True,
+    )
+    assert response.status_code == 200
+    assert b"You are not owner of this book!" in response.data
+
    edited_collection: m.Collection = m.Collection.query.filter_by(
        label=new_label, about=new_about
    ).first()
@ -347,12 +371,20 @@ def test_crud_collection(client: FlaskClient, runner: FlaskCliRunner):
    assert response.status_code == 200
    assert b"Collection not found" in response.data

+    response: Response = client.post(
+        f"/book/999/{collection.id}/delete",
+        follow_redirects=True,
+    )
+
+    assert response.status_code == 200
+    assert b"You are not owner of this book!" in response.data
+

 def test_crud_subcollection(client: FlaskClient, runner: FlaskCliRunner):
    _, user = login(client)
    user: m.User

-    # add dummmy data
+    # add dummy data
    runner.invoke(args=["db-populate"])

    book: m.Book = db.session.get(m.Book, 1)
@ -369,6 +401,16 @@ def test_crud_subcollection(client: FlaskClient, runner: FlaskCliRunner):
        label="Test Collection #1 Label", version_id=book.last_version.id
    ).save()

+    response: Response = client.post(
+        f"/book/999/{leaf_collection.id}/create_sub_collection",
+        data=dict(
+            label="Test SubCollection #1 Label", about="Test SubCollection #1 About"
+        ),
+        follow_redirects=True,
+    )
+    assert response.status_code == 200
+    assert b"You are not owner of this book!" in response.data
+
    response: Response = client.post(
        f"/book/{book.id}/{leaf_collection.id}/create_sub_collection",
        data=dict(