From eeca90870ad0193b959bca255736564480a615b4 Mon Sep 17 00:00:00 2001 From: Wilco van Beijnum Date: Sat, 12 Mar 2022 15:14:58 +0100 Subject: [PATCH 01/12] Limit photo album visibility --- app/models/photo_album.rb | 5 +++++ app/policies/photo_album_policy.rb | 10 ++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index 9ca74bd0..312e64ff 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -9,6 +9,11 @@ class PhotoAlbum < ApplicationRecord validates :publicly_visible, inclusion: [true, false] scope :publicly_visible, (-> { where(publicly_visible: true) }) + scope :posted_between_or_publicly_visible, (lambda { |start_date, end_date| + where(publicly_visible: true) + .or(where.not(date: nil).where(date: start_date..end_date)) + .or(where(date: nil).where(created_at: start_date..end_date)) + }) def owners if group.present? diff --git a/app/policies/photo_album_policy.rb b/app/policies/photo_album_policy.rb index f54a4e16..15a3d097 100644 --- a/app/policies/photo_album_policy.rb +++ b/app/policies/photo_album_policy.rb @@ -1,8 +1,14 @@ class PhotoAlbumPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve + def resolve # rubocop:disable Metrics/AbcSize if user_can_read? - scope + membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first + return scope.publicly_visible if membership.nil? + + scope.posted_between_or_publicly_visible( + membership.start_date&.advance(months: -18), + membership.end_date&.advance(months: 6) + ) else scope.publicly_visible end From 805b24e7cdd52cf831a2dcba23065412ffe1bb59 Mon Sep 17 00:00:00 2001 From: lodewiges <131907615+lodewiges@users.noreply.github.com> Date: Mon, 3 Mar 2025 16:33:21 +0100 Subject: [PATCH 02/12] Removed blank line photo_album.rb --- app/models/photo_album.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index 34e2ca2a..e2a27c39 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -19,7 +19,6 @@ class PhotoAlbum < ApplicationRecord where.not(id: Photo.joins(:tags).select(:photo_album_id).distinct) } - def owners if group.present? group.active_users + [author] From 12adbf9b3f8d0545f6e6e1aa5ee5e004d7a17014 Mon Sep 17 00:00:00 2001 From: Jorai Geertsema Date: Mon, 3 Mar 2025 17:02:42 +0100 Subject: [PATCH 03/12] 1/2 to introducing visibility for alumni --- PERMISSIONS.md | 2 +- app/models/photo.rb | 6 +++++- app/models/photo_album.rb | 5 +++-- app/models/photo_comment.rb | 7 +++++-- app/resources/v1/photo_album_resource.rb | 4 ++-- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/PERMISSIONS.md b/PERMISSIONS.md index f5d9fee8..541037a8 100644 --- a/PERMISSIONS.md +++ b/PERMISSIONS.md @@ -20,4 +20,4 @@ When the user has the read permission it is able to get all groups (as always). ### Activity/Article/Photo #### Unauthenticated and without permission -When not logged in or when without permission it is possible to get activities, articles and photos which have the publicly visible property to true. +When not logged in or when without permission it is possible to get activities, articles and photos which have the visibility property to everybody. diff --git a/app/models/photo.rb b/app/models/photo.rb index f868cae1..43a64ab2 100644 --- a/app/models/photo.rb +++ b/app/models/photo.rb @@ -20,7 +20,11 @@ class Photo < ApplicationRecord }) scope :publicly_visible, (lambda { - joins(:photo_album).where(photo_albums: { publicly_visible: true }) + joins(:photo_album).where(photo_albums: { visibility: "everybody" }) + }) + + scope :alumni_visible, (lambda { + joins(:photo_album).where(photo_albums: { visibility: "alumni" }) }) before_save :extract_exif diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index 312e64ff..494154b2 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -6,9 +6,10 @@ class PhotoAlbum < ApplicationRecord belongs_to :group, optional: true validates :title, presence: true - validates :publicly_visible, inclusion: [true, false] + validates :visibility, inclusion: { in: ["everybody", "alumni", "members"] } - scope :publicly_visible, (-> { where(publicly_visible: true) }) + scope :alumni_visible, (-> { where(visibility: "alumni") }) + scope :publicly_visible, (-> { where(visibility: "everybody") }) scope :posted_between_or_publicly_visible, (lambda { |start_date, end_date| where(publicly_visible: true) .or(where.not(date: nil).where(date: start_date..end_date)) diff --git a/app/models/photo_comment.rb b/app/models/photo_comment.rb index d7a6e33c..84727376 100644 --- a/app/models/photo_comment.rb +++ b/app/models/photo_comment.rb @@ -6,7 +6,10 @@ class PhotoComment < ApplicationRecord validates :content, presence: true, length: { minimum: 1, maximum: 500 } scope :publicly_visible, (lambda { - joins(photo: :photo_album) - .where(photo_albums: { publicly_visible: true }) + joins(:photo_album).where(photo_albums: { visibility: "everybody" }) + }) + + scope :alumni_visible, (lambda { + joins(:photo_album).where(photo_albums: { visibility: "alumni" }) }) end diff --git a/app/resources/v1/photo_album_resource.rb b/app/resources/v1/photo_album_resource.rb index 825023a8..be30d27f 100644 --- a/app/resources/v1/photo_album_resource.rb +++ b/app/resources/v1/photo_album_resource.rb @@ -1,12 +1,12 @@ class V1::PhotoAlbumResource < V1::ApplicationResource - attributes :title, :date, :publicly_visible + attributes :title, :date, :visibility has_many :photos has_one :author, always_include_linkage_data: true has_one :group, always_include_linkage_data: true def self.creatable_fields(_context) - %i[title date publicly_visible group] + %i[title date visibility group] end def self.searchable_fields From 19eef1fea986aed9f51a3ec8a15ec53aa130ca06 Mon Sep 17 00:00:00 2001 From: Lodewiges Date: Fri, 14 Mar 2025 21:59:05 +0100 Subject: [PATCH 04/12] fix lint --- app/models/photo.rb | 13 ++++++------- app/models/photo_album.rb | 10 +++++----- app/models/photo_comment.rb | 12 ++++++------ 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/app/models/photo.rb b/app/models/photo.rb index cdc02d7b..604e2eb5 100644 --- a/app/models/photo.rb +++ b/app/models/photo.rb @@ -21,19 +21,18 @@ class Photo < ApplicationRecord joins(:comments).distinct } - scope :publicly_visible, (lambda { - joins(:photo_album).where(photo_albums: { visibility: "everybody" }) - }) + scope :publicly_visible, lambda { + joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) + } - scope :alumni_visible, (lambda { - joins(:photo_album).where(photo_albums: { visibility: "alumni" }) - }) + scope :alumni_visible, lambda { + joins(:photo_album).where(photo_albums: { visibility: 'alumni' }) + } scope :with_tags, lambda { joins(:tags).distinct } - before_save :extract_exif def extract_exif # rubocop:disable Metrics/MethodLength diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index 3b5e4ade..e6e44e86 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -7,15 +7,15 @@ class PhotoAlbum < ApplicationRecord belongs_to :group, optional: true validates :title, presence: true - validates :visibility, inclusion: { in: ["everybody", "alumni", "members"] } + validates :visibility, inclusion: { in: %w[everybody alumni members] } - scope :alumni_visible, (-> { where(visibility: "alumni") }) - scope :publicly_visible, (-> { where(visibility: "everybody") }) - scope :posted_between_or_publicly_visible, (lambda { |start_date, end_date| + scope :alumni_visible, -> { where(visibility: 'alumni') } + scope :publicly_visible, -> { where(visibility: 'everybody') } + scope :posted_between_or_publicly_visible, lambda { |start_date, end_date| where(publicly_visible: true) .or(where.not(date: nil).where(date: start_date..end_date)) .or(where(date: nil).where(created_at: start_date..end_date)) - }) + } scope :without_photo_tags, lambda { where.not(id: Photo.joins(:tags).select(:photo_album_id).distinct) } diff --git a/app/models/photo_comment.rb b/app/models/photo_comment.rb index 43574726..6e8c434f 100644 --- a/app/models/photo_comment.rb +++ b/app/models/photo_comment.rb @@ -6,11 +6,11 @@ class PhotoComment < ApplicationRecord validates :content, presence: true, length: { minimum: 1, maximum: 500 } - scope :publicly_visible, (lambda { - joins(:photo_album).where(photo_albums: { visibility: "everybody" }) - }) + scope :publicly_visible, lambda { + joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) + } - scope :alumni_visible, (lambda { - joins(:photo_album).where(photo_albums: { visibility: "alumni" }) - }) + scope :alumni_visible, lambda { + joins(:photo_album).where(photo_albums: { visibility: 'alumni' }) + } end From 8ddbe0049dcecf4b0d76a3941ede2847f5e951f4 Mon Sep 17 00:00:00 2001 From: Lodewiges Date: Fri, 14 Mar 2025 23:03:55 +0100 Subject: [PATCH 05/12] update all policies --- app/models/photo.rb | 8 ++++++-- app/models/photo_album.rb | 15 +++++++++------ app/models/photo_comment.rb | 8 ++++++-- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/app/models/photo.rb b/app/models/photo.rb index 604e2eb5..1f09b83d 100644 --- a/app/models/photo.rb +++ b/app/models/photo.rb @@ -25,8 +25,12 @@ class Photo < ApplicationRecord joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) } - scope :alumni_visible, lambda { - joins(:photo_album).where(photo_albums: { visibility: 'alumni' }) + scope :alumni_visible, lambda { |start_date, end_date| + joins(:photo_album) + .where(photo_albums: { visibility: 'alumni' }) + .or(photo_albums: { visibility: 'everybody' }) + .or(where.not(photo_albums: { date: nil}).where(photo_albums: { date: start_date..end_date})) + .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date})) } scope :with_tags, lambda { diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index e6e44e86..5f709561 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -9,12 +9,15 @@ class PhotoAlbum < ApplicationRecord validates :title, presence: true validates :visibility, inclusion: { in: %w[everybody alumni members] } - scope :alumni_visible, -> { where(visibility: 'alumni') } - scope :publicly_visible, -> { where(visibility: 'everybody') } - scope :posted_between_or_publicly_visible, lambda { |start_date, end_date| - where(publicly_visible: true) - .or(where.not(date: nil).where(date: start_date..end_date)) - .or(where(date: nil).where(created_at: start_date..end_date)) + scope :publicly_visible, lambda { + joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) + } + scope :alumni_visible, lambda { |start_date, end_date| + joins(:photo_album) + .where(photo_albums: { visibility: 'alumni' }) + .or(photo_albums: { visibility: 'everybody' }) + .or(where.not(date: nil).where(date: start_date..end_date)) + .or(where(date: nil).where(created_at: start_date..end_date)) } scope :without_photo_tags, lambda { where.not(id: Photo.joins(:tags).select(:photo_album_id).distinct) diff --git a/app/models/photo_comment.rb b/app/models/photo_comment.rb index 6e8c434f..8d960141 100644 --- a/app/models/photo_comment.rb +++ b/app/models/photo_comment.rb @@ -10,7 +10,11 @@ class PhotoComment < ApplicationRecord joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) } - scope :alumni_visible, lambda { - joins(:photo_album).where(photo_albums: { visibility: 'alumni' }) + scope :alumni_visible, lambda { |start_date, end_date| + joins(:photo_album) + .where(photo_albums: { visibility: 'alumni' }) + .or(photo_albums: { visibility: 'everybody' }) + .or(where.not(photo_albums: { date: nil}).where(photo_albums: { date: start_date..end_date})) + .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date})) } end From e470e59947ab8df492b5065d5cc59739d1804ae4 Mon Sep 17 00:00:00 2001 From: Lodewiges Date: Fri, 14 Mar 2025 23:29:38 +0100 Subject: [PATCH 06/12] updated everything to reflect changes --- app/models/photo.rb | 6 +----- app/models/photo_album.rb | 6 +++--- app/models/photo_comment.rb | 6 +----- app/policies/photo_album_policy.rb | 2 +- app/policies/photo_comment_policy.rb | 12 +++++++---- app/policies/photo_policy.rb | 12 +++++++---- db/migrate/20250314221852_alumni_visibilty.rb | 21 +++++++++++++++++++ 7 files changed, 43 insertions(+), 22 deletions(-) create mode 100644 db/migrate/20250314221852_alumni_visibilty.rb diff --git a/app/models/photo.rb b/app/models/photo.rb index 1f09b83d..efdef6c7 100644 --- a/app/models/photo.rb +++ b/app/models/photo.rb @@ -21,14 +21,10 @@ class Photo < ApplicationRecord joins(:comments).distinct } - scope :publicly_visible, lambda { - joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) - } - scope :alumni_visible, lambda { |start_date, end_date| joins(:photo_album) .where(photo_albums: { visibility: 'alumni' }) - .or(photo_albums: { visibility: 'everybody' }) + .or(photo_albums: { visibility: 'public' }) .or(where.not(photo_albums: { date: nil}).where(photo_albums: { date: start_date..end_date})) .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date})) } diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index 5f709561..d163213d 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -7,15 +7,15 @@ class PhotoAlbum < ApplicationRecord belongs_to :group, optional: true validates :title, presence: true - validates :visibility, inclusion: { in: %w[everybody alumni members] } + validates :visibility, inclusion: { in: %w[public alumni members] } scope :publicly_visible, lambda { - joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) + joins(:photo_album).where(photo_albums: { visibility: 'public' }) } scope :alumni_visible, lambda { |start_date, end_date| joins(:photo_album) .where(photo_albums: { visibility: 'alumni' }) - .or(photo_albums: { visibility: 'everybody' }) + .or(photo_albums: { visibility: 'public' }) .or(where.not(date: nil).where(date: start_date..end_date)) .or(where(date: nil).where(created_at: start_date..end_date)) } diff --git a/app/models/photo_comment.rb b/app/models/photo_comment.rb index 8d960141..90f47342 100644 --- a/app/models/photo_comment.rb +++ b/app/models/photo_comment.rb @@ -6,14 +6,10 @@ class PhotoComment < ApplicationRecord validates :content, presence: true, length: { minimum: 1, maximum: 500 } - scope :publicly_visible, lambda { - joins(:photo_album).where(photo_albums: { visibility: 'everybody' }) - } - scope :alumni_visible, lambda { |start_date, end_date| joins(:photo_album) .where(photo_albums: { visibility: 'alumni' }) - .or(photo_albums: { visibility: 'everybody' }) + .or(photo_albums: { visibility: 'public' }) .or(where.not(photo_albums: { date: nil}).where(photo_albums: { date: start_date..end_date})) .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date})) } diff --git a/app/policies/photo_album_policy.rb b/app/policies/photo_album_policy.rb index 15a3d097..7ecaaf1b 100644 --- a/app/policies/photo_album_policy.rb +++ b/app/policies/photo_album_policy.rb @@ -5,7 +5,7 @@ def resolve # rubocop:disable Metrics/AbcSize membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first return scope.publicly_visible if membership.nil? - scope.posted_between_or_publicly_visible( + scope.alumni_visible( membership.start_date&.advance(months: -18), membership.end_date&.advance(months: 6) ) diff --git a/app/policies/photo_comment_policy.rb b/app/policies/photo_comment_policy.rb index b3322463..f52b6c54 100644 --- a/app/policies/photo_comment_policy.rb +++ b/app/policies/photo_comment_policy.rb @@ -1,10 +1,14 @@ class PhotoCommentPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve + def resolve # rubocop:disable Metrics/AbcSize if user_can_read? - scope - else - scope.publicly_visible + membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first + return if membership.nil? + + scope.alumni_visible( + membership.start_date&.advance(months: -18), + membership.end_date&.advance(months: 6) + ) end end end diff --git a/app/policies/photo_policy.rb b/app/policies/photo_policy.rb index 751a55ed..fa24fc0b 100644 --- a/app/policies/photo_policy.rb +++ b/app/policies/photo_policy.rb @@ -1,10 +1,14 @@ class PhotoPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve + def resolve # rubocop:disable Metrics/AbcSize if user_can_read? - scope - else - scope.publicly_visible + membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first + return if membership.nil? + + scope.alumni_visible( + membership.start_date&.advance(months: -18), + membership.end_date&.advance(months: 6) + ) end end end diff --git a/db/migrate/20250314221852_alumni_visibilty.rb b/db/migrate/20250314221852_alumni_visibilty.rb new file mode 100644 index 00000000..e1547ccf --- /dev/null +++ b/db/migrate/20250314221852_alumni_visibilty.rb @@ -0,0 +1,21 @@ +class AlumniVisibility < ActiveRecord::Migration[7.0] + def up + add_column :photo_albums, :visibility, :string, default: 'members' + + photoAlbums.find_each do |record| + record.update!(visibility: record.publicly_visible ? 'public' : 'members') + end + + remove_column :photo_albums, :publicly_visible + end + + def down + add_column :photo_albums, :publicly_visible, :boolean, default: false + + photoAlbums.find_each do |record| + record.update!(publicly_visible: record.visibility == 'public') + end + + remove_column :photo_albums, :visibility + end +end From e4c2d4cb4633218be38f818e4f7938764b2fc4d3 Mon Sep 17 00:00:00 2001 From: Lodewiges Date: Fri, 14 Mar 2025 23:57:18 +0100 Subject: [PATCH 07/12] Fixed lint --- .rubocop.yml | 3 --- app/models/photo.rb | 10 +++++----- app/models/photo_album.rb | 10 +++++----- app/models/photo_comment.rb | 10 +++++----- app/policies/photo_comment_policy.rb | 2 +- app/policies/photo_policy.rb | 2 +- ...isibilty.rb => 20250314221852_alumni_visibility.rb} | 2 +- 7 files changed, 18 insertions(+), 21 deletions(-) rename db/migrate/{20250314221852_alumni_visibilty.rb => 20250314221852_alumni_visibility.rb} (96%) diff --git a/.rubocop.yml b/.rubocop.yml index 66500cef..dafde3db 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -33,9 +33,6 @@ Metrics/BlockLength: - 'config/routes.rb' - 'spec/**/*' -Layout/LineLength: - Max: 100 - Metrics/MethodLength: Exclude: - 'db/migrate/*' diff --git a/app/models/photo.rb b/app/models/photo.rb index efdef6c7..ad13120e 100644 --- a/app/models/photo.rb +++ b/app/models/photo.rb @@ -22,11 +22,11 @@ class Photo < ApplicationRecord } scope :alumni_visible, lambda { |start_date, end_date| - joins(:photo_album) - .where(photo_albums: { visibility: 'alumni' }) - .or(photo_albums: { visibility: 'public' }) - .or(where.not(photo_albums: { date: nil}).where(photo_albums: { date: start_date..end_date})) - .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date})) + joins(:photo_album) + .where(photo_albums: { visibility: 'alumni' }) + .or(photo_albums: { visibility: 'public' }) + .or(where.not(photo_albums: { date: nil }).where(photo_albums: { date: start_date..end_date })) + .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date })) } scope :with_tags, lambda { diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index d163213d..5c38b9c3 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -13,11 +13,11 @@ class PhotoAlbum < ApplicationRecord joins(:photo_album).where(photo_albums: { visibility: 'public' }) } scope :alumni_visible, lambda { |start_date, end_date| - joins(:photo_album) - .where(photo_albums: { visibility: 'alumni' }) - .or(photo_albums: { visibility: 'public' }) - .or(where.not(date: nil).where(date: start_date..end_date)) - .or(where(date: nil).where(created_at: start_date..end_date)) + joins(:photo_album) + .where(photo_albums: { visibility: 'alumni' }) + .or(photo_albums: { visibility: 'public' }) + .or(where.not(date: nil).where(date: start_date..end_date)) + .or(where(date: nil).where(created_at: start_date..end_date)) } scope :without_photo_tags, lambda { where.not(id: Photo.joins(:tags).select(:photo_album_id).distinct) diff --git a/app/models/photo_comment.rb b/app/models/photo_comment.rb index 90f47342..f628960a 100644 --- a/app/models/photo_comment.rb +++ b/app/models/photo_comment.rb @@ -7,10 +7,10 @@ class PhotoComment < ApplicationRecord validates :content, presence: true, length: { minimum: 1, maximum: 500 } scope :alumni_visible, lambda { |start_date, end_date| - joins(:photo_album) - .where(photo_albums: { visibility: 'alumni' }) - .or(photo_albums: { visibility: 'public' }) - .or(where.not(photo_albums: { date: nil}).where(photo_albums: { date: start_date..end_date})) - .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date})) + joins(:photo_album) + .where(photo_albums: { visibility: 'alumni' }) + .or(photo_albums: { visibility: 'public' }) + .or(where.not(photo_albums: { date: nil }).where(photo_albums: { date: start_date..end_date })) + .or(where(photo_albums: { date: nil }).where(photo_albums: { created_at: start_date..end_date })) } end diff --git a/app/policies/photo_comment_policy.rb b/app/policies/photo_comment_policy.rb index f52b6c54..fbcc4c89 100644 --- a/app/policies/photo_comment_policy.rb +++ b/app/policies/photo_comment_policy.rb @@ -1,6 +1,6 @@ class PhotoCommentPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve # rubocop:disable Metrics/AbcSize + def resolve if user_can_read? membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first return if membership.nil? diff --git a/app/policies/photo_policy.rb b/app/policies/photo_policy.rb index fa24fc0b..5d10b751 100644 --- a/app/policies/photo_policy.rb +++ b/app/policies/photo_policy.rb @@ -1,6 +1,6 @@ class PhotoPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve # rubocop:disable Metrics/AbcSize + def resolve if user_can_read? membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first return if membership.nil? diff --git a/db/migrate/20250314221852_alumni_visibilty.rb b/db/migrate/20250314221852_alumni_visibility.rb similarity index 96% rename from db/migrate/20250314221852_alumni_visibilty.rb rename to db/migrate/20250314221852_alumni_visibility.rb index e1547ccf..d5fae466 100644 --- a/db/migrate/20250314221852_alumni_visibilty.rb +++ b/db/migrate/20250314221852_alumni_visibility.rb @@ -10,7 +10,7 @@ def up end def down - add_column :photo_albums, :publicly_visible, :boolean, default: false + add_column :photo_albums, :publicly_visible, :boolean, default: false, null: false photoAlbums.find_each do |record| record.update!(publicly_visible: record.visibility == 'public') From 6e7f20320342e606ed1bd20194b2fc92885fe278 Mon Sep 17 00:00:00 2001 From: Lodewiges Date: Sat, 15 Mar 2025 00:01:31 +0100 Subject: [PATCH 08/12] Fixed migration --- db/migrate/20250314221852_alumni_visibility.rb | 4 ++-- db/schema.rb | 11 +++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/db/migrate/20250314221852_alumni_visibility.rb b/db/migrate/20250314221852_alumni_visibility.rb index d5fae466..7f92024d 100644 --- a/db/migrate/20250314221852_alumni_visibility.rb +++ b/db/migrate/20250314221852_alumni_visibility.rb @@ -2,7 +2,7 @@ class AlumniVisibility < ActiveRecord::Migration[7.0] def up add_column :photo_albums, :visibility, :string, default: 'members' - photoAlbums.find_each do |record| + PhotoAlbum.find_each do |record| record.update!(visibility: record.publicly_visible ? 'public' : 'members') end @@ -12,7 +12,7 @@ def up def down add_column :photo_albums, :publicly_visible, :boolean, default: false, null: false - photoAlbums.find_each do |record| + PhotoAlbum.find_each do |record| record.update!(publicly_visible: record.visibility == 'public') end diff --git a/db/schema.rb b/db/schema.rb index f73dab89..3926b9c7 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2025_02_18_204807) do +ActiveRecord::Schema[7.0].define(version: 2025_03_14_221852) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -39,7 +39,7 @@ t.string "content_type" t.text "metadata" t.bigint "byte_size", null: false - t.string "checksum", null: false + t.string "checksum" t.datetime "created_at", precision: nil, null: false t.string "service_name", null: false t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true @@ -229,7 +229,7 @@ t.datetime "updated_at", precision: nil, null: false t.boolean "completed", default: false, null: false t.integer "lock_version" - t.index ["form_id", "user_id"], name: "index_form_responses_on_form_id_and_user_id", unique: true + t.index ["form_id", "user_id"], name: "index_form_responses_on_form_id_and_user_id_partial", unique: true, where: "(user_id <> 0)" t.index ["user_id"], name: "index_form_responses_on_user_id" end @@ -411,9 +411,9 @@ t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false t.datetime "deleted_at", precision: nil - t.boolean "publicly_visible", default: false, null: false t.bigint "author_id" t.bigint "group_id" + t.string "visibility", default: "members" t.index ["author_id"], name: "index_photo_albums_on_author_id" t.index ["deleted_at"], name: "index_photo_albums_on_deleted_at" t.index ["group_id"], name: "index_photo_albums_on_group_id" @@ -558,8 +558,7 @@ t.string "almanak_subscription_preference", default: "physical" t.string "digtus_subscription_preference", default: "physical" t.string "user_details_sharing_preference" - t.boolean "allow_tomato_sharing", default: false, null: false - t.string "webdav_secret_key" + t.boolean "allow_sofia_sharing", default: false, null: false t.string "nickname" t.boolean "trailer_drivers_license", default: false, null: false t.boolean "setup_complete", default: false, null: false From 67f074178de546a634032b060fdae3974f00f3ca Mon Sep 17 00:00:00 2001 From: lodewiges <131907615+lodewiges@users.noreply.github.com> Date: Tue, 4 Nov 2025 14:16:18 +0100 Subject: [PATCH 09/12] Update visibility property description in PERMISSIONS.md --- PERMISSIONS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PERMISSIONS.md b/PERMISSIONS.md index 541037a8..0072bd2f 100644 --- a/PERMISSIONS.md +++ b/PERMISSIONS.md @@ -20,4 +20,4 @@ When the user has the read permission it is able to get all groups (as always). ### Activity/Article/Photo #### Unauthenticated and without permission -When not logged in or when without permission it is possible to get activities, articles and photos which have the visibility property to everybody. +When not logged in or when without permission it is possible to get activities, articles and photos which have the visibility property to public. From efb51761a9ba6505e195cdf79c904e261bea8c11 Mon Sep 17 00:00:00 2001 From: Lodewiges Date: Tue, 4 Nov 2025 14:17:38 +0100 Subject: [PATCH 10/12] make photos controler only accesible when authorized --- app/controllers/v1/photos_controller.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/controllers/v1/photos_controller.rb b/app/controllers/v1/photos_controller.rb index 76df8ee2..aaba56c8 100644 --- a/app/controllers/v1/photos_controller.rb +++ b/app/controllers/v1/photos_controller.rb @@ -1,8 +1,2 @@ class V1::PhotosController < V1::ApplicationController - before_action :doorkeeper_authorize!, except: %i[index show get_related_resources] - before_action do - doorkeeper_authorize! unless %w[index show].include?(action_name) || - (action_name == 'get_related_resources' && - params[:source] == 'v1/photo_albums') - end end From 2dc767b342296676606f51c25336b87f42fb7541 Mon Sep 17 00:00:00 2001 From: lodewiges <131907615+lodewiges@users.noreply.github.com> Date: Tue, 4 Nov 2025 14:53:17 +0100 Subject: [PATCH 11/12] Fix joins syntax in alumni_visible scope --- app/models/photo_comment.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/photo_comment.rb b/app/models/photo_comment.rb index f628960a..2eb3e6e8 100644 --- a/app/models/photo_comment.rb +++ b/app/models/photo_comment.rb @@ -7,7 +7,7 @@ class PhotoComment < ApplicationRecord validates :content, presence: true, length: { minimum: 1, maximum: 500 } scope :alumni_visible, lambda { |start_date, end_date| - joins(:photo_album) + joins(photo: :photo_album) .where(photo_albums: { visibility: 'alumni' }) .or(photo_albums: { visibility: 'public' }) .or(where.not(photo_albums: { date: nil }).where(photo_albums: { date: start_date..end_date })) From 8d688224eb64833a30111a916be0f7fb156733e5 Mon Sep 17 00:00:00 2001 From: Lodewiges Date: Tue, 4 Nov 2025 16:56:13 +0100 Subject: [PATCH 12/12] rewrite tests part 1 --- spec/models/photo_spec.rb | 22 ++++++++++++++++--- spec/support/contexts/requests/when_alumni.rb | 10 +++++++++ spec/support/contexts/requests/when_member.rb | 10 +++++++++ 3 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 spec/support/contexts/requests/when_alumni.rb create mode 100644 spec/support/contexts/requests/when_member.rb diff --git a/spec/models/photo_spec.rb b/spec/models/photo_spec.rb index e931031b..5ae5f305 100644 --- a/spec/models/photo_spec.rb +++ b/spec/models/photo_spec.rb @@ -62,12 +62,13 @@ end describe '#publicly_visible' do - let(:public_album) { create(:photo_album, publicly_visible: true) } - let(:private_album) { create(:photo_album, publicly_visible: false) } + let(:public_album) { create(:photo_album, visibility: 'public') } + let(:alumni_album) { create(:photo_album, visibility: 'alumni') } + let(:private_album) { create(:photo_album, visibility: 'members') } before do create(:photo, photo_album: public_album) - create(:photo, photo_album: public_album) + create(:photo, photo_album: alumni_album) create(:photo, photo_album: private_album) end @@ -75,6 +76,21 @@ it { expect(described_class.count - described_class.publicly_visible.count).to be 1 } end + describe '#alumni_visible' do + let(:public_album) { create(:photo_album, visibility: 'public') } + let(:alumni_album) { create(:photo_album, visibility: 'alumni') } + let(:private_album) { create(:photo_album, visibility: 'members') } + + before do + create(:photo, photo_album: public_album) + create(:photo, photo_album: alumni_album) + create(:photo, photo_album: private_album) + end + + it { expect(described_class.alumni_visible.count).to be 2 } + it { expect(described_class.count - described_class.alumni_visible.count).to be 1 } + end + describe '#extract_exif' do subject(:photo) { create(:photo) } diff --git a/spec/support/contexts/requests/when_alumni.rb b/spec/support/contexts/requests/when_alumni.rb new file mode 100644 index 00000000..fc10e779 --- /dev/null +++ b/spec/support/contexts/requests/when_alumni.rb @@ -0,0 +1,10 @@ +shared_context 'when alumni' do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 4.years.ago, end_date: 2.years.ago) } + let(:access_token) { Doorkeeper::AccessToken.create!(resource_owner_id: user.id) } + + before do + header('Authorization', "Bearer #{access_token.plaintext_token}") + end +end diff --git a/spec/support/contexts/requests/when_member.rb b/spec/support/contexts/requests/when_member.rb new file mode 100644 index 00000000..09cde513 --- /dev/null +++ b/spec/support/contexts/requests/when_member.rb @@ -0,0 +1,10 @@ +shared_context 'when member' do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 2.years.ago, end_date: nil) } + let(:access_token) { Doorkeeper::AccessToken.create!(resource_owner_id: user.id) } + + before do + header('Authorization', "Bearer #{access_token.plaintext_token}") + end +end