feature/event privacy + fix eventview error (#271)

Author: imimouni

app/database/models.py

@@ -26,6 +26,7 @@
 
 from app.config import PSQL_ENVIRONMENT
 from app.dependencies import logger
+from app.internal.privacy import PrivacyKinds
 import app.routers.salary.config as SalaryConfig
 
 Base: DeclarativeMeta = declarative_base()
@@ -95,6 +96,7 @@ class Event(Base):
     color = Column(String, nullable=True)
     all_day = Column(Boolean, default=False)
     invitees = Column(String)
+    privacy = Column(String, default=PrivacyKinds.Public.name, nullable=False)
     emotion = Column(String, nullable=True)
     availability = Column(Boolean, default=True, nullable=False)
 

app/internal/calendar_privacy.py

@@ -1,5 +1,6 @@
 from app.dependencies import get_db
 from app.database.models import User
+from app.internal.privacy import PrivacyKinds
 # TODO switch to using this when the user system is merged
 # from app.internal.security.dependancies import (
 #    current_user, CurrentUser)
@@ -23,10 +24,10 @@ def can_show_calendar(
     ).first()
     privacy = current_user.privacy
     is_current_user = current_user.username == requested_user.username
-    if privacy == 'Private' and is_current_user:
+    if privacy == PrivacyKinds.Private.name and is_current_user:
         return True
 
-    elif privacy == 'Public':
+    elif privacy == PrivacyKinds.Public.name:
         return True
 
     return False

app/internal/privacy.py

@@ -0,0 +1,7 @@
+import enum
+
+
+class PrivacyKinds(enum.Enum):
+    Public = 1
+    Private = 2
+    Hidden = 3

app/routers/event.py

@@ -8,6 +8,7 @@
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.orm import Session
 from sqlalchemy.orm.exc import MultipleResultsFound, NoResultFound
+from sqlalchemy.sql.elements import Null
 from starlette import status
 from starlette.responses import RedirectResponse, Response
 from starlette.templating import _TemplateResponse
@@ -22,10 +23,10 @@
 )
 from app.internal import comment as cmt
 from app.internal.emotion import get_emotion
+from app.internal.privacy import PrivacyKinds
 from app.internal.utils import create_model, get_current_user
 from app.routers.categories import get_user_categories
 
-
 EVENT_DATA = Tuple[Event, List[Dict[str, str]], str]
 TIME_FORMAT = "%Y-%m-%d %H:%M"
 START_FORMAT = "%A, %d/%m/%Y %H:%M"
@@ -82,13 +83,20 @@ async def create_event_api(event: EventModel, session=Depends(get_db)):
 
 @router.get("/edit", include_in_schema=False)
 @router.get("/edit")
-async def eventedit(request: Request,
-                    db_session: Session = Depends(get_db)) -> Response:
-    user_id = 1    # until issue#29 will get current user_id from session
+async def eventedit(
+    request: Request,
+    db_session: Session = Depends(get_db),
+) -> Response:
+    user_id = 1  # until issue#29 will get current user_id from session
     categories_list = get_user_categories(db_session, user_id)
-    return templates.TemplateResponse("eventedit.html",
-                                      {"request": request,
-                                       "categories_list": categories_list})
+    return templates.TemplateResponse(
+        "eventedit.html",
+        {
+            "request": request,
+            "categories_list": categories_list,
+            "privacy": PrivacyKinds,
+        },
+    )
 
 
 @router.post("/edit", include_in_schema=False)
@@ -111,8 +119,11 @@ async def create_new_event(
 
     vc_link = data["vc_link"]
     category_id = data.get("category_id")
+    privacy = data["privacy"]
+    privacy_kinds = [kind.name for kind in PrivacyKinds]
+    if privacy not in privacy_kinds:
+        privacy = PrivacyKinds.Public.name
     is_google_event = data.get("is_google_event", "True") == "True"
-
     invited_emails = get_invited_emails(data["invited"])
     uninvited_contacts = get_uninvited_regular_emails(
         session,
@@ -129,25 +140,35 @@ async def create_new_event(
         title=title,
         start=start,
         end=end,
-        owner_id=owner_id,
         all_day=all_day,
+        owner_id=owner_id,
         content=content,
         location=location,
         vc_link=vc_link,
         invitees=invited_emails,
         category_id=category_id,
         availability=availability,
         is_google_event=is_google_event,
+        privacy=privacy,
     )
 
     messages = get_messages(session, event, uninvited_contacts)
     return RedirectResponse(
         router.url_path_for("eventview", event_id=event.id)
-        + f'messages={"---".join(messages)}',
+        + f'?messages={"---".join(messages)}',
         status_code=status.HTTP_302_FOUND,
     )
 
 
+def raise_for_nonexisting_event(event_id: int) -> None:
+    error_message = f"Event ID does not exist. ID: {event_id}"
+    logger.exception(error_message)
+    raise HTTPException(
+        status_code=status.HTTP_404_NOT_FOUND,
+        detail=error_message,
+    )
+
+
 @router.get("/{event_id}", include_in_schema=False)
 async def eventview(
     request: Request,
@@ -159,12 +180,15 @@ async def eventview(
     if event.all_day:
         start_format = "%A, %d/%m/%Y"
         end_format = ""
+    event_considering_privacy = event_to_show(event, db)
+    if not event_considering_privacy:
+        raise_for_nonexisting_event(event.id)
     messages = request.query_params.get("messages", "").split("---")
     return templates.TemplateResponse(
         "eventview.html",
         {
             "request": request,
-            "event": event,
+            "event": event_considering_privacy,
             "comments": comments,
             "start_format": start_format,
             "end_format": end_format,
@@ -173,6 +197,46 @@ async def eventview(
     )
 
 
+def check_event_owner(
+    event: Event,
+    session: Depends(get_db),
+    user: Optional[User] = None,
+) -> bool:
+    # TODO use current_user after user system merge
+    if not user:
+        user = get_current_user(session)
+    is_owner = event.owner_id == user.id
+    return is_owner
+
+
+def event_to_show(
+    event: Event,
+    session: Depends(get_db),
+    user: Optional[User] = None,
+) -> Optional[Event]:
+    """Check the given event's privacy and return
+    event/fixed private event/ nothing (hidden) accordingly"""
+    is_owner = check_event_owner(event, session, user)
+    if event.privacy == PrivacyKinds.Private.name and not is_owner:
+        event_dict = event.__dict__.copy()
+        if event_dict.get("_sa_instance_state", None):
+            event_dict.pop("_sa_instance_state")
+        event_dict.pop("id")
+        private_event = Event(**event_dict)
+        private_event.title = PrivacyKinds.Private.name
+        private_event.content = PrivacyKinds.Private.name
+        private_event.location = PrivacyKinds.Private.name
+        private_event.color = Null
+        private_event.invitees = PrivacyKinds.Private.name
+        private_event.category_id = Null
+        private_event.emotion = Null
+        return private_event
+    elif event.privacy == PrivacyKinds.Hidden.name and not is_owner:
+        return
+    elif event.privacy == PrivacyKinds.Public.name or is_owner:
+        return event
+
+
 @router.post("/{event_id}/owner")
 async def change_owner(
     request: Request,
@@ -220,12 +284,7 @@ def by_id(db: Session, event_id: int) -> Event:
     try:
         event = db.query(Event).filter_by(id=event_id).one()
     except NoResultFound:
-        error_message = f"Event ID does not exist. ID: {event_id}"
-        logger.exception(error_message)
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail=error_message,
-        )
+        raise_for_nonexisting_event(event_id)
     except MultipleResultsFound:
         error_message = (
             f"Multiple results found when getting event. Expected only one. "
@@ -337,6 +396,7 @@ def create_event(
     category_id: Optional[int] = None,
     availability: bool = True,
     is_google_event: bool = False,
+    privacy: str = PrivacyKinds.Public.name,
 ):
     """Creates an event and an association."""
 
@@ -348,6 +408,7 @@ def create_event(
         title=title,
         start=start,
         end=end,
+        privacy=privacy,
         content=content,
         owner_id=owner_id,
         location=location,

app/routers/profile.py

@@ -13,6 +13,7 @@
 from app.internal.on_this_day_events import get_on_this_day_events
 from app.internal.import_holidays import (get_holidays_from_file,
                                           save_holidays_to_db)
+from app.internal.privacy import PrivacyKinds
 
 PICTURE_EXTENSION = config.PICTURE_EXTENSION
 PICTURE_SIZE = config.AVATAR_SIZE
@@ -58,8 +59,9 @@ async def profile(
         "user": user,
         "events": upcoming_events,
         "signs": signs,
-        'google_error': GOOGLE_ERROR,
+        "google_error": GOOGLE_ERROR,
         "on_this_day_data": on_this_day_data,
+        "privacy": PrivacyKinds
     })
 
 

app/templates/partials/calendar/event/edit_event_details_tab.html

@@ -80,8 +80,9 @@
 
     <label for="privacy">Privacy:</label>
     <select id="privacy" name="privacy">
-      <option value="private">Private</option>
-      <option value="public" selected>Public</option>
+      <option value="{{ privacy.Private.name }}">{{ privacy.Private.name }}</option>
+      <option value="{{ privacy.Public.name }}" selected>{{ privacy.Public.name }}</option>
+      <option value="{{ privacy.Hidden.name }}">{{ privacy.Hidden.name }}</option>
     </select>
 
     <label for="user_categories">Category</label>
@@ -104,4 +105,3 @@
 
   </div>
 </div>
-

app/templates/partials/user_profile/sidebar_left/profile_card/modals/calendar_privacy_modal.html

@@ -7,10 +7,10 @@ <h2 class="modal-title">Set your calendar privacy</h2>
         <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
       </div>
       <div class="modal-body">
-        <form action="update_calendar_privacy" method="post">
+        <form action="privacy" method="post">
           <select class="form-control-sm" name="privacy">
-            <option value="private">Private</option>
-            <option value="public">Public</option>
+            <option value="{{ privacy.Private.name }}">{{ privacy.Private.name }}</option>
+            <option value="{{ privacy.Public.name }}">{{ privacy.Public.name }}</option>
           </select>
           <div class="d-flex flex-row-reverse mt-4">
             <button type="submit" class="btn btn-sm btn-success">Save changes</button>
@@ -19,4 +19,4 @@ <h2 class="modal-title">Set your calendar privacy</h2>
       </div>
     </div>
   </div>
-</div>
+</div>

app/templates/profile.html

@@ -16,4 +16,4 @@
   </div>
 </div>
 {% include "partials/calendar/event/text_editor_partial_body.html" %}
-{% endblock content %}
+{% endblock content %}