From 5cf435eca0173bab7a573527677dd22cc512a0ba Mon Sep 17 00:00:00 2001 From: Markos Gogoulos Date: Tue, 30 Dec 2025 13:50:37 +0200 Subject: [PATCH] f --- files/context_processors.py | 35 +++---------------------------- uploader/views.py | 41 +++++-------------------------------- users/models.py | 4 ++++ 3 files changed, 12 insertions(+), 68 deletions(-) diff --git a/files/context_processors.py b/files/context_processors.py index 6dfaf632..0fc539f8 100644 --- a/files/context_processors.py +++ b/files/context_processors.py @@ -65,47 +65,18 @@ def stuff(request): if request.user.is_superuser: ret["DJANGO_ADMIN_URL"] = settings.DJANGO_ADMIN_URL - # LTI Integration: Add category UID for LTI-authenticated users if getattr(settings, 'USE_LTI', False): - # Check if user has an active LTI session lti_session = request.session.get('lti_session') - print("=" * 80) - print("CONTEXT PROCESSOR - LTI CATEGORY LOOKUP") - print("USE_LTI: True") - print(f"User authenticated: {request.user.is_authenticated}") - print(f"LTI session exists: {lti_session is not None}") if lti_session and request.user.is_authenticated: ret['lti_session'] = lti_session - print(f"LTI session data: {lti_session}") - - # Get the category for this LTI context via lti_platform and lti_context_id platform_id = lti_session.get('platform_id') context_id = lti_session.get('context_id') - print(f"Platform ID: {platform_id}, Context ID: {context_id}") if platform_id and context_id: - try: - # Look up category by LTI platform and context - category = Category.objects.get(lti_platform_id=platform_id, lti_context_id=context_id) - print(f"Category found: {category.title} (uid={category.uid})") - - # Check if user has permission to upload to this category - has_access = request.user.has_member_access_to_category(category) - print(f"User has member access: {has_access}") - + category = Category.objects.filter(lti_platform_id=platform_id, lti_context_id=context_id).first() + if category: + has_access = request.user.has_contributor_access_to_category(category) if has_access: ret['lti_category_uid'] = category.uid - print(f"SUCCESS: Set lti_category_uid = {category.uid}") - else: - print("SKIPPED: User does not have member access to category") - except Category.DoesNotExist: - print(f"ERROR: No category found with lti_platform_id={platform_id}, lti_context_id={context_id}") - pass - else: - print("SKIPPED: Missing platform_id or context_id") - else: - print("SKIPPED: No LTI session or user not authenticated") - print("=" * 80) - return ret diff --git a/uploader/views.py b/uploader/views.py index 8656742f..ea57a000 100644 --- a/uploader/views.py +++ b/uploader/views.py @@ -10,7 +10,7 @@ from django.views import generic from files.helpers import rm_file from files.methods import user_allowed_to_upload -from files.models import Media +from files.models import Category, Media from .fineuploader import ChunkedFineUploader from .forms import FineUploaderUploadForm, FineUploaderUploadSuccessForm @@ -61,51 +61,20 @@ class FineUploaderView(generic.FormView): else: self.upload.save() return self.make_response({"success": True}) - # create media! + media_file = os.path.join(settings.MEDIA_ROOT, self.upload.real_path) with open(media_file, "rb") as f: myfile = File(f) new = Media.objects.create(media_file=myfile, user=self.request.user, title=self.upload.original_filename) - # Handle LTI category assignment if publish_to_category parameter is provided publish_to_category = self.request.GET.get('publish_to_category', '').strip() - print("=" * 80) - print("FINE UPLOADER - CATEGORY ASSIGNMENT") - print(f"publish_to_category parameter: '{publish_to_category}'") - print(f"User: {self.request.user.username}") - print(f"Media created: {new.title} (friendly_token={new.friendly_token})") if publish_to_category: - from files.models import Category - - try: - category = Category.objects.get(uid=publish_to_category) - print(f"Category found: {category.title} (uid={category.uid})") - - # Check if user has upload access to this category - has_access = self.request.user.has_member_access_to_category(category) - print(f"User has member access to category: {has_access}") - + category = Category.objects.filter(uid=publish_to_category).first() + if category: + has_access = self.request.user.has_contributor_access_to_category(category) if has_access: - print(f"Attempting to add category '{category.title}' (id={category.id}) to media...") new.category.add(category) - print("media.category.add() completed") - # Verify it was added - new.refresh_from_db() - current_categories = list(new.category.all()) - print(f"Media categories after add: {[c.title for c in current_categories]}") - if category in current_categories: - print(f"SUCCESS: Added media '{new.title}' to category '{category.title}'") - else: - print("WARNING: Category add was called but category not in media.category.all()") - else: - print(f"SKIPPED: User does not have member access to category '{category.title}'") - except Category.DoesNotExist: - # Category doesn't exist, silently ignore - print(f"ERROR: Category with uid='{publish_to_category}' does not exist") - else: - print("No publish_to_category parameter provided") - print("=" * 80) rm_file(media_file) shutil.rmtree(os.path.join(settings.MEDIA_ROOT, self.upload.file_path)) diff --git a/users/models.py b/users/models.py index 02da5e45..473866ee 100644 --- a/users/models.py +++ b/users/models.py @@ -131,6 +131,10 @@ class User(AbstractUser): rbac_groups = RBACGroup.objects.filter(memberships__user=self, memberships__role__in=["member", "contributor", "manager"], categories=category) return rbac_groups.exists() + def has_contributor_access_to_category(self, category): + rbac_groups = RBACGroup.objects.filter(memberships__user=self, memberships__role__in=["contributor", "manager"], categories=category) + return rbac_groups.exists() + def has_member_access_to_media(self, media): # First check if user is the owner if media.user == self: