marcel/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2025-08-08 19:28:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Extract access checks

Browse Source
This commit is contained in:
Sascha Ißbrücker
2025-03-09 12:21:22 +01:00
parent 1a1092d03a
commit 6ab6a031c7
7 changed files with 101 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
bookmarks/views/access.py Normal file
View File

@@ -0,0 +1,56 @@
from django.http import Http404
from bookmarks.models import Bookmark, BookmarkAsset, Toast
from bookmarks.type_defs import HttpRequest
def bookmark_read(request: HttpRequest, bookmark_id: int | str):
try:
bookmark = Bookmark.objects.get(pk=int(bookmark_id))
except Bookmark.DoesNotExist:
raise Http404("Bookmark does not exist")
is_owner = bookmark.owner == request.user
is_shared = (
request.user.is_authenticated
and bookmark.shared
and bookmark.owner.profile.enable_sharing
)
is_public_shared = bookmark.shared and bookmark.owner.profile.enable_public_sharing
if not is_owner and not is_shared and not is_public_shared:
raise Http404("Bookmark does not exist")
if request.method == "POST" and not is_owner:
raise Http404("Bookmark does not exist")
return bookmark
def bookmark_write(request: HttpRequest, bookmark_id: int | str):
try:
return Bookmark.objects.get(pk=bookmark_id, owner=request.user)
except Bookmark.DoesNotExist:
raise Http404("Bookmark does not exist")
def asset_read(request: HttpRequest, asset_id: int | str):
try:
asset = BookmarkAsset.objects.get(pk=asset_id)
except BookmarkAsset.DoesNotExist:
raise Http404("Asset does not exist")
bookmark_read(request, asset.bookmark_id)
return asset
def asset_write(request: HttpRequest, asset_id: int | str):
try:
return BookmarkAsset.objects.get(pk=asset_id, bookmark__owner=request.user)
except BookmarkAsset.DoesNotExist:
raise Http404("Asset does not exist")
def toast_write(request: HttpRequest, toast_id: int | str):
try:
return Toast.objects.get(pk=toast_id, owner=request.user)
except Toast.DoesNotExist:
raise Http404("Toast does not exist")