X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/ff382f6c37063c0c4c5d21c2834a8759e25c5d02..fc0b706f8c7eb67531df0a2acd972412e47c7010:/src/catalogue/api/views.py?ds=sidebyside diff --git a/src/catalogue/api/views.py b/src/catalogue/api/views.py index ee345ba68..34971c45f 100644 --- a/src/catalogue/api/views.py +++ b/src/catalogue/api/views.py @@ -1,20 +1,23 @@ -# -*- coding: utf-8 -*- # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later. # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information. # import json from django.http import Http404, HttpResponse +from django.utils.decorators import method_decorator +from django.views.decorators.cache import never_cache from rest_framework.generics import ListAPIView, RetrieveAPIView, get_object_or_404 from rest_framework.permissions import DjangoModelPermissionsOrAnonReadOnly from rest_framework.response import Response from rest_framework import status -from paypal.permissions import IsSubscribed from api.handlers import read_tags +from api.utils import vary_on_auth +from club.models import Membership from .helpers import books_after, order_books from . import serializers from catalogue.forms import BookImportForm -from catalogue.models import Book, Collection, Tag, Fragment +from catalogue.models import Book, Collection, Tag, Fragment, BookMedia from catalogue.models.tag import prefetch_relations +from club.permissions import IsClubMember from wolnelektury.utils import re_escape @@ -26,12 +29,14 @@ class CollectionList(ListAPIView): serializer_class = serializers.CollectionListSerializer +@vary_on_auth # Because of 'liked'. class CollectionDetail(RetrieveAPIView): queryset = Collection.objects.all() lookup_field = 'slug' serializer_class = serializers.CollectionSerializer +@vary_on_auth # Because of 'liked'. class BookList(ListAPIView): permission_classes = [DjangoModelPermissionsOrAnonReadOnly] queryset = Book.objects.none() # Required for DjangoModelPermissions @@ -49,6 +54,11 @@ class BookList(ListAPIView): new_api = self.request.query_params.get('new_api') after = self.request.query_params.get('after', self.kwargs.get('after')) count = self.request.query_params.get('count', self.kwargs.get('count')) + if count: + try: + count = int(count) + except TypeError: + raise Http404 # Fixme if tags: if self.kwargs.get('top_level'): @@ -62,6 +72,9 @@ class BookList(ListAPIView): books = Book.objects.all() books = order_books(books, new_api) + if not Membership.is_active_for(self.request.user): + books = books.exclude(preview=True) + if self.kwargs.get('top_level'): books = books.filter(parent=None) if self.kwargs.get('audiobooks'): @@ -87,7 +100,12 @@ class BookList(ListAPIView): return books def post(self, request, **kwargs): - # Permission needed. + if kwargs.get('audiobooks'): + return self.post_audiobook(request, **kwargs) + else: + return self.post_book(request, **kwargs) + + def post_book(self, request, **kwargs): data = json.loads(request.POST.get('data')) form = BookImportForm(data) if form.is_valid(): @@ -96,22 +114,57 @@ class BookList(ListAPIView): else: raise Http404 + def post_audiobook(self, request, **kwargs): + index = int(request.POST['part_index']) + parts_count = int(request.POST['parts_count']) + media_type = request.POST['type'].lower() + source_sha1 = request.POST.get('source_sha1') + name = request.POST.get('name', '') + part_name = request.POST.get('part_name', '') + + _rest, slug = request.POST['book'].rstrip('/').rsplit('/', 1) + book = Book.objects.get(slug=slug) + try: + assert source_sha1 + bm = book.media.get(type=media_type, source_sha1=source_sha1) + except (AssertionError, BookMedia.DoesNotExist): + bm = BookMedia(book=book, type=media_type) + bm.name = name + bm.part_name = part_name + bm.index = index + bm.file.save(None, request.data['file'], save=False) + bm.save(parts_count=parts_count) + + return Response({}, status=status.HTTP_201_CREATED) + + +@vary_on_auth # Because of 'liked'. class BookDetail(RetrieveAPIView): queryset = Book.objects.all() lookup_field = 'slug' serializer_class = serializers.BookDetailSerializer +@vary_on_auth # Because of embargo links. class EbookList(BookList): serializer_class = serializers.EbookSerializer +@method_decorator(never_cache, name='dispatch') class Preview(ListAPIView): - queryset = Book.objects.filter(preview=True) + #queryset = Book.objects.filter(preview=True) serializer_class = serializers.BookPreviewSerializer + def get_queryset(self): + qs = Book.objects.filter(preview=True) + # FIXME: temporary workaround for a problem with iOS app; see #3954. + if 'Darwin' in self.request.META.get('HTTP_USER_AGENT', '') and 'debug' not in self.request.GET: + qs = qs.none() + return qs + +@vary_on_auth # Because of 'liked'. class FilterBookList(ListAPIView): serializer_class = serializers.FilterBookListSerializer @@ -127,6 +180,8 @@ class FilterBookList(ListAPIView): is_lektura = self.parse_bool(self.request.query_params.get('lektura')) is_audiobook = self.parse_bool(self.request.query_params.get('audiobook')) preview = self.parse_bool(self.request.query_params.get('preview')) + if not Membership.is_active_for(self.request.user): + preview = False new_api = self.request.query_params.get('new_api') after = self.request.query_params.get('after') @@ -186,8 +241,9 @@ class FilterBookList(ListAPIView): class EpubView(RetrieveAPIView): queryset = Book.objects.all() lookup_field = 'slug' - permission_classes = [IsSubscribed] + permission_classes = [IsClubMember] + @method_decorator(never_cache) def get(self, *args, **kwargs): return HttpResponse(self.get_object().get_media('epub')) @@ -224,6 +280,7 @@ class TagView(RetrieveAPIView): ) +@vary_on_auth # Because of 'liked'. class FragmentList(ListAPIView): serializer_class = serializers.FragmentSerializer @@ -239,6 +296,7 @@ class FragmentList(ListAPIView): return Fragment.tagged.with_all(tags).select_related('book') +@vary_on_auth # Because of 'liked'. class FragmentView(RetrieveAPIView): serializer_class = serializers.FragmentDetailSerializer