From 572b23169c62c837b21d24e1ef0ef47eab28d3e8 Mon Sep 17 00:00:00 2001 From: Simon Date: Sun, 15 Oct 2023 14:56:54 +0700 Subject: [PATCH] finetune limited permission user --- tubearchivist/api/views.py | 10 +- .../home/templates/home/base_settings.html | 9 +- .../home/templates/home/channel_id.html | 4 +- .../home/templates/home/channel_id_about.html | 125 +++++++++--------- .../templates/home/channel_id_playlist.html | 5 +- tubearchivist/home/templates/home/video.html | 2 +- tubearchivist/home/views.py | 10 ++ 7 files changed, 96 insertions(+), 69 deletions(-) diff --git a/tubearchivist/api/views.py b/tubearchivist/api/views.py index 9d5eafa..dc67e01 100644 --- a/tubearchivist/api/views.py +++ b/tubearchivist/api/views.py @@ -437,6 +437,7 @@ class PlaylistApiListView(ApiBaseView): self.get_document_list(request) return Response(self.response) + @method_decorator(user_passes_test(check_admin), name="dispatch") def post(self, request): """subscribe/unsubscribe to list of playlists""" data = request.data @@ -483,6 +484,7 @@ class PlaylistApiView(ApiBaseView): self.get_document(playlist_id) return Response(self.response, status=self.status_code) + @method_decorator(user_passes_test(check_admin), name="dispatch") def delete(self, request, playlist_id): """delete playlist""" print(f"{playlist_id}: delete playlist") @@ -513,6 +515,7 @@ class PlaylistApiVideoView(ApiBaseView): return Response(self.response, status=self.status_code) +@method_decorator(user_passes_test(check_admin), name="dispatch") class DownloadApiView(ApiBaseView): """resolves to /api/download// GET: returns metadata dict of an item in the download queue @@ -529,7 +532,6 @@ class DownloadApiView(ApiBaseView): self.get_document(video_id) return Response(self.response, status=self.status_code) - @method_decorator(user_passes_test(check_admin), name="dispatch") def post(self, request, video_id): """post to video to change status""" item_status = request.data.get("status") @@ -550,7 +552,6 @@ class DownloadApiView(ApiBaseView): return Response(request.data) - @method_decorator(user_passes_test(check_admin), name="dispatch") @staticmethod def delete(request, video_id): # pylint: disable=unused-argument @@ -561,6 +562,7 @@ class DownloadApiView(ApiBaseView): return Response({"success": True}) +@method_decorator(user_passes_test(check_admin), name="dispatch") class DownloadApiListView(ApiBaseView): """resolves to /api/download/ GET: returns latest videos in the download queue @@ -596,7 +598,6 @@ class DownloadApiListView(ApiBaseView): self.get_document_list(request) return Response(self.response) - @method_decorator(user_passes_test(check_admin), name="dispatch") @staticmethod def post(request): """add list of videos to download queue""" @@ -622,7 +623,6 @@ class DownloadApiListView(ApiBaseView): return Response(data) - @method_decorator(user_passes_test(check_admin), name="dispatch") def delete(self, request): """delete download queue""" query_filter = request.GET.get("filter", False) @@ -740,6 +740,7 @@ class SnapshotApiView(ApiBaseView): return Response(response) +@method_decorator(user_passes_test(check_admin), name="dispatch") class TaskListView(ApiBaseView): """resolves to /api/task-name/ GET: return a list of all stored task results @@ -877,6 +878,7 @@ class RefreshView(ApiBaseView): return Response(data) +@method_decorator(user_passes_test(check_admin), name="dispatch") class CookieView(ApiBaseView): """resolves to /api/cookie/ GET: check if cookie is enabled diff --git a/tubearchivist/home/templates/home/base_settings.html b/tubearchivist/home/templates/home/base_settings.html index 3eb6c13..31787ef 100644 --- a/tubearchivist/home/templates/home/base_settings.html +++ b/tubearchivist/home/templates/home/base_settings.html @@ -1,14 +1,17 @@ {# Base file for all of the settings pages to ensure a common menu #} {% extends "home/base.html" %} {% load static %} +{% load auth_extras %} {% block content %}

Dashboard

User

 -

Application

 -

Scheduling

 -

Actions

 + {% if request.user|has_group:"admin" or request.user.is_staff %} +

Application

 +

Scheduling

 +

Actions

 + {% endif %}
{% block settings_content %}{% endblock %} diff --git a/tubearchivist/home/templates/home/channel_id.html b/tubearchivist/home/templates/home/channel_id.html index c3f535c..0d45bd8 100644 --- a/tubearchivist/home/templates/home/channel_id.html +++ b/tubearchivist/home/templates/home/channel_id.html @@ -21,7 +21,9 @@ {% endif %}

About

 {% if has_pending %} -

Downloads

 + {% if request.user|has_group:"admin" or request.user.is_staff %} +

Downloads

 + {% endif %} {% endif %}
diff --git a/tubearchivist/home/templates/home/channel_id_about.html b/tubearchivist/home/templates/home/channel_id_about.html index d4afcbc..cd965f3 100644 --- a/tubearchivist/home/templates/home/channel_id_about.html +++ b/tubearchivist/home/templates/home/channel_id_about.html @@ -2,6 +2,7 @@ {% block content %} {% load static %} {% load humanize %} +{% load auth_extras %}
channel_banner @@ -19,7 +20,9 @@ {% endif %}

About

 {% if has_pending %} -

Downloads

 + {% if request.user|has_group:"admin" or request.user.is_staff %} +

Downloads

 + {% endif %} {% endif %}
@@ -56,19 +59,21 @@ {% elif channel_info.channel_views > 0 %}

Channel views: {{ channel_info.channel_views|intcomma }}

{% endif %} -
- -
- Delete {{ channel_info.channel_name }} including all videos? -
-
- {% if reindex %} -

Reindex scheduled

- {% else %} -
- - + {% if request.user|has_group:"admin" or request.user.is_staff %} +
+ +
+ Delete {{ channel_info.channel_name }} including all videos? +
+ {% if reindex %} +

Reindex scheduled

+ {% else %} +
+ + +
+ {% endif %} {% endif %}
@@ -90,53 +95,55 @@ {% endif %} -
-
-

Customize {{ channel_info.channel_name }}

-
- {% csrf_token %} -
-

Download format: - {% if channel_info.channel_overwrites.download_format %} - {{ channel_info.channel_overwrites.download_format }} - {% else %} - False - {% endif %}

- {{ channel_overwrite_form.download_format }}
-
-
-

Auto delete watched videos after x days: - {% if channel_info.channel_overwrites.autodelete_days %} - {{ channel_info.channel_overwrites.autodelete_days }} - {% else %} - False - {% endif %}

- {{ channel_overwrite_form.autodelete_days }}
-
-
-

Index playlists: - {% if channel_info.channel_overwrites.index_playlists %} - {{ channel_info.channel_overwrites.index_playlists }} - {% else %} - False - {% endif %}

- {{ channel_overwrite_form.index_playlists }}
-
-
-

Enable SponsorBlock: - {% if channel_info.channel_overwrites.integrate_sponsorblock %} - {{ channel_info.channel_overwrites.integrate_sponsorblock }} - {% elif channel_info.channel_overwrites.integrate_sponsorblock == False %} - Disabled - {% else %} - False - {% endif %}

- {{ channel_overwrite_form.integrate_sponsorblock }}
-
- -
+ {% if request.user|has_group:"admin" or request.user.is_staff %} +
+
+

Customize {{ channel_info.channel_name }}

+
+ {% csrf_token %} +
+

Download format: + {% if channel_info.channel_overwrites.download_format %} + {{ channel_info.channel_overwrites.download_format }} + {% else %} + False + {% endif %}

+ {{ channel_overwrite_form.download_format }}
+
+
+

Auto delete watched videos after x days: + {% if channel_info.channel_overwrites.autodelete_days %} + {{ channel_info.channel_overwrites.autodelete_days }} + {% else %} + False + {% endif %}

+ {{ channel_overwrite_form.autodelete_days }}
+
+
+

Index playlists: + {% if channel_info.channel_overwrites.index_playlists %} + {{ channel_info.channel_overwrites.index_playlists }} + {% else %} + False + {% endif %}

+ {{ channel_overwrite_form.index_playlists }}
+
+
+

Enable SponsorBlock: + {% if channel_info.channel_overwrites.integrate_sponsorblock %} + {{ channel_info.channel_overwrites.integrate_sponsorblock }} + {% elif channel_info.channel_overwrites.integrate_sponsorblock == False %} + Disabled + {% else %} + False + {% endif %}

+ {{ channel_overwrite_form.integrate_sponsorblock }}
+
+ +
+
-
+ {% endif %}
{% endblock content %} \ No newline at end of file diff --git a/tubearchivist/home/templates/home/channel_id_playlist.html b/tubearchivist/home/templates/home/channel_id_playlist.html index 4122e4f..539d438 100644 --- a/tubearchivist/home/templates/home/channel_id_playlist.html +++ b/tubearchivist/home/templates/home/channel_id_playlist.html @@ -2,6 +2,7 @@ {% block content %} {% load static %} {% load humanize %} +{% load auth_extras %}
channel_banner @@ -19,7 +20,9 @@ {% endif %}

About

 {% if has_pending %} -

Downloads

 + {% if request.user|has_group:"admin" or request.user.is_staff %} +

Downloads

 + {% endif %} {% endif %}
diff --git a/tubearchivist/home/templates/home/video.html b/tubearchivist/home/templates/home/video.html index f499365..b9ad04a 100644 --- a/tubearchivist/home/templates/home/video.html +++ b/tubearchivist/home/templates/home/video.html @@ -88,8 +88,8 @@
{% endif %} {% endif %} - {% if request.user|has_group:"admin" or request.user.is_staff %} + {% if request.user|has_group:"admin" or request.user.is_staff %}
Are you sure? diff --git a/tubearchivist/home/views.py b/tubearchivist/home/views.py index 488bef0..c3051bb 100644 --- a/tubearchivist/home/views.py +++ b/tubearchivist/home/views.py @@ -9,11 +9,14 @@ import urllib.parse from time import sleep from api.src.search_processor import SearchProcess, process_aggs +from api.views import check_admin from django.conf import settings from django.contrib.auth import login +from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.forms import AuthenticationForm from django.http import Http404, JsonResponse from django.shortcuts import redirect, render +from django.utils.decorators import method_decorator from django.views import View from home.src.download.queue import PendingInteract from home.src.download.yt_dlp_base import CookieHandler @@ -317,6 +320,7 @@ class AboutView(MinView): return render(request, "home/about.html", context) +@method_decorator(user_passes_test(check_admin), name="dispatch") class DownloadView(ArchivistResultsView): """resolves to /download/ handle the download queue @@ -597,6 +601,7 @@ class ChannelIdAboutView(ChannelIdBaseView): return render(request, "home/channel_id_about.html", self.context) + @method_decorator(user_passes_test(check_admin), name="dispatch") @staticmethod def post(request, channel_id): """handle post request""" @@ -681,6 +686,7 @@ class ChannelView(ArchivistResultsView): "term": {"channel_subscribed": {"value": True}} } + @method_decorator(user_passes_test(check_admin), name="dispatch") @staticmethod def post(request): """handle http post requests""" @@ -824,6 +830,7 @@ class PlaylistView(ArchivistResultsView): } } + @method_decorator(user_passes_test(check_admin), name="dispatch") @staticmethod def post(request): """handle post from search form""" @@ -986,6 +993,7 @@ class SettingsUserView(MinView): return redirect("settings_user", permanent=True) +@method_decorator(user_passes_test(check_admin), name="dispatch") class SettingsApplicationView(MinView): """resolves to /settings/application/ handle the settings sub-page for application configuration, @@ -1075,6 +1083,7 @@ class SettingsApplicationView(MinView): RedisArchivist().set_message(key, message=message, expire=True) +@method_decorator(user_passes_test(check_admin), name="dispatch") class SettingsSchedulingView(MinView): """resolves to /settings/scheduling/ handle the settings sub-page for scheduling settings, @@ -1108,6 +1117,7 @@ class SettingsSchedulingView(MinView): return redirect("settings_scheduling", permanent=True) +@method_decorator(user_passes_test(check_admin), name="dispatch") class SettingsActionsView(MinView): """resolves to /settings/actions/ handle the settings actions sub-page