CopyBot/mediacms
1
0
Fork 0
mirror of https://github.com/mediacms-io/mediacms.git synced 2026-05-05 20:23:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

wtv

Browse Source
This commit is contained in:
Markos Gogoulos
2026-04-29 16:40:43 +03:00
parent 8bda85df97
commit 386b845bd4
2 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
files/views/comments.py
+6 -3
View File
@@ -75,8 +75,11 @@ class CommentDetail(APIView):
try: try:
media = Media.objects.select_related("user").get(friendly_token=friendly_token) media = Media.objects.select_related("user").get(friendly_token=friendly_token)
self.check_object_permissions(self.request, media) self.check_object_permissions(self.request, media)
if media.state == "private" and self.request.user != media.user: if media.state == "private":
return Response({"detail": "media is private"}, status=status.HTTP_400_BAD_REQUEST) user = self.request.user
has_access = user.is_authenticated and (user.has_member_access_to_media(media) or is_mediacms_editor(user))
if not has_access:
return Response({"detail": "media is private"}, status=status.HTTP_400_BAD_REQUEST)
return media return media
except PermissionDenied: except PermissionDenied:
return Response({"detail": "bad permissions"}, status=status.HTTP_400_BAD_REQUEST) return Response({"detail": "bad permissions"}, status=status.HTTP_400_BAD_REQUEST)
@@ -97,7 +100,7 @@ class CommentDetail(APIView):
media = self.get_object(friendly_token) media = self.get_object(friendly_token)
if isinstance(media, Response): if isinstance(media, Response):
return media return media
comments = media.comments.filter().prefetch_related("user") comments = media.comments.filter().prefetch_related("user").order_by("-add_date")
pagination_class = api_settings.DEFAULT_PAGINATION_CLASS pagination_class = api_settings.DEFAULT_PAGINATION_CLASS
paginator = pagination_class() paginator = pagination_class()
page = paginator.paginate_queryset(comments, request) page = paginator.paginate_queryset(comments, request)
files/views/media.py
+7 -9
View File
@@ -2,7 +2,7 @@ from datetime import datetime, timedelta
from django.conf import settings from django.conf import settings
from django.contrib.postgres.search import SearchQuery from django.contrib.postgres.search import SearchQuery
from django.db.models import Count, Prefetch, Q, prefetch_related_objects from django.db.models import Count, F, Prefetch, Q, prefetch_related_objects
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from drf_yasg import openapi from drf_yasg import openapi
from drf_yasg.utils import swagger_auto_schema from drf_yasg.utils import swagger_auto_schema
@@ -779,24 +779,22 @@ class MediaBulkUserActions(APIView):
if has_media: if has_media:
if remove_permissions: if remove_permissions:
MediaPermission.objects.filter(media__in=selected_media, user__in=group_users).delete() MediaPermission.objects.filter(media__in=selected_media, user__in=group_users).exclude(user=F('media__user')).delete()
# Delete EmbedMediaCourse records and owner MediaPermissions for embedded media
selected_embedded = embed_qs.filter(media__in=selected_media) selected_embedded = embed_qs.filter(media__in=selected_media)
selected_embedded_media_ids = list(selected_embedded.values_list('media_id', flat=True)) selected_embedded_media_ids = list(selected_embedded.values_list('media_id', flat=True))
selected_embedded.delete() selected_embedded.delete()
MediaPermission.objects.filter(media_id__in=selected_embedded_media_ids).delete() MediaPermission.objects.filter(media_id__in=selected_embedded_media_ids).exclude(user=F('media__user')).delete()
if remove_comments: if remove_comments:
Comment.objects.filter(media__in=selected_media).delete() Comment.objects.filter(media__in=selected_media).delete()
if apply_to_all: if apply_to_all:
other_course_media = all_course_media.exclude(friendly_token__in=media_ids) other_course_media = all_course_media.exclude(friendly_token__in=media_ids)
if remove_permissions: if remove_permissions:
MediaPermission.objects.filter(media__in=other_course_media, user__in=group_users).delete() MediaPermission.objects.filter(media__in=other_course_media, user__in=group_users).exclude(user=F('media__user')).delete()
# exclude selected_media, not other_course_media — LTI-embedded media are not in the M2M
other_embedded = embed_qs.exclude(media__in=selected_media) other_embedded = embed_qs.exclude(media__in=selected_media)
other_embedded_media_ids = list(other_embedded.values_list('media_id', flat=True)) other_embedded_media_ids = list(other_embedded.values_list('media_id', flat=True))
other_embedded.delete() other_embedded.delete()
MediaPermission.objects.filter(media_id__in=other_embedded_media_ids).delete() MediaPermission.objects.filter(media_id__in=other_embedded_media_ids).exclude(user=F('media__user')).delete()
if remove_comments: if remove_comments:
Comment.objects.filter(media__in=other_course_media).delete() Comment.objects.filter(media__in=other_course_media).delete()
for m in other_course_media: for m in other_course_media:
@@ -806,8 +804,8 @@ class MediaBulkUserActions(APIView):
m.category.remove(category) m.category.remove(category)
else: else:
if remove_permissions: if remove_permissions:
MediaPermission.objects.filter(media__in=all_course_media, user__in=group_users).delete() MediaPermission.objects.filter(media__in=all_course_media, user__in=group_users).exclude(user=F('media__user')).delete()
MediaPermission.objects.filter(media_id__in=embedded_media_ids).delete() MediaPermission.objects.filter(media_id__in=embedded_media_ids).exclude(user=F('media__user')).delete()
embed_qs.delete() embed_qs.delete()
if remove_comments: if remove_comments:
Comment.objects.filter(media__in=all_course_media).delete() Comment.objects.filter(media__in=all_course_media).delete()