Commit 03573426 authored by Agate's avatar Agate 💬

Merge branch '563-radio-anon' into 'develop'

Fix #563: unplayable radios for anonymous users

Closes #563

See merge request !743
parents 444ba858 0be93ec0
Pipeline #4052 passed with stages
in 9 minutes and 58 seconds
......@@ -536,11 +536,11 @@ REST_FRAMEWORK = {
),
"DEFAULT_AUTHENTICATION_CLASSES": (
"oauth2_provider.contrib.rest_framework.OAuth2Authentication",
"rest_framework.authentication.SessionAuthentication",
"funkwhale_api.common.authentication.JSONWebTokenAuthenticationQS",
"funkwhale_api.common.authentication.BearerTokenHeaderAuth",
"funkwhale_api.common.authentication.JSONWebTokenAuthentication",
"rest_framework.authentication.BasicAuthentication",
"rest_framework.authentication.SessionAuthentication",
),
"DEFAULT_PERMISSION_CLASSES": (
"funkwhale_api.users.oauth.permissions.ScopePermission",
......
......@@ -47,6 +47,6 @@ class OwnerPermission(BasePermission):
owner_field = getattr(view, "owner_field", "user")
owner = operator.attrgetter(owner_field)(obj)
if owner != request.user:
if not owner or not request.user.is_authenticated or owner != request.user:
raise Http404
return True
......@@ -47,6 +47,8 @@ class SessionRadio(SimpleRadio):
qs = Track.objects.all()
if not self.session:
return qs
if not self.session.user:
return qs
query = moderation_filters.get_filtered_content_query(
config=moderation_filters.USER_FILTER_CONFIG["TRACK"],
user=self.session.user,
......@@ -62,7 +64,9 @@ class SessionRadio(SimpleRadio):
if self.session:
queryset = self.filter_from_session(queryset)
if kwargs.pop("filter_playable", True):
queryset = queryset.playable_by(self.session.user.actor)
queryset = queryset.playable_by(
self.session.user.actor if self.session.user else None
)
queryset = self.filter_queryset(queryset)
return queryset
......@@ -129,7 +133,7 @@ class CustomRadio(SessionRadio):
try:
user = data["user"]
except KeyError:
user = context["user"]
user = context.get("user")
try:
assert data["custom_radio"].user == user or data["custom_radio"].is_public
except KeyError:
......
......@@ -70,7 +70,7 @@ class RadioSessionSerializer(serializers.ModelSerializer):
return data
def create(self, validated_data):
validated_data["user"] = self.context["user"]
validated_data["user"] = self.context.get("user")
if validated_data.get("related_object_id"):
radio = registry[validated_data["radio_type"]]()
validated_data["related_object"] = radio.get_related_object(
......
from django.db.models import Q
from rest_framework import mixins, permissions, status, viewsets
from rest_framework import mixins, status, viewsets
from rest_framework.decorators import action
from rest_framework.response import Response
......@@ -28,6 +28,7 @@ class RadioViewSet(
required_scope = "radios"
owner_field = "user"
owner_checks = ["write"]
anonymous_policy = "setting"
def get_queryset(self):
queryset = models.Radio.objects.all()
......@@ -82,11 +83,30 @@ class RadioSessionViewSet(
serializer_class = serializers.RadioSessionSerializer
queryset = models.RadioSession.objects.all()
permission_classes = [permissions.IsAuthenticated]
permission_classes = []
def get_queryset(self):
queryset = super().get_queryset()
return queryset.filter(user=self.request.user)
if self.request.user.is_authenticated:
return queryset.filter(
Q(user=self.request.user)
| Q(session_key=self.request.session.session_key)
)
return queryset.filter(session_key=self.request.session.session_key).exclude(
session_key=None
)
def perform_create(self, serializer):
if (
not self.request.user.is_authenticated
and not self.request.session.session_key
):
self.request.session.create()
return serializer.save(
user=self.request.user if self.request.user.is_authenticated else None,
session_key=self.request.session.session_key,
)
def get_serializer_context(self):
context = super().get_serializer_context()
......@@ -97,14 +117,19 @@ class RadioSessionViewSet(
class RadioSessionTrackViewSet(mixins.CreateModelMixin, viewsets.GenericViewSet):
serializer_class = serializers.RadioSessionTrackSerializer
queryset = models.RadioSessionTrack.objects.all()
permission_classes = [permissions.IsAuthenticated]
permission_classes = []
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
session = serializer.validated_data["session"]
if not request.user.is_authenticated and not request.session.session_key:
self.request.session.create()
try:
assert request.user == session.user
assert (request.user == session.user) or (
request.session.session_key == session.session_key
and session.session_key
)
except AssertionError:
return Response(status=status.HTTP_403_FORBIDDEN)
session.radio.pick()
......
Fixed unplayable radios for anonymous users (#563)
......@@ -10,9 +10,9 @@
<translate translate-context="Content/Radio/Title">Instance radios</translate>
</h3>
<div class="ui cards">
<radio-card :type="'favorites'"></radio-card>
<radio-card v-if="$store.state.auth.authenticated" :type="'favorites'"></radio-card>
<radio-card :type="'random'"></radio-card>
<radio-card :type="'less-listened'"></radio-card>
<radio-card v-if="$store.state.auth.authenticated" :type="'less-listened'"></radio-card>
</div>
</div>
......
......@@ -118,10 +118,6 @@ export default {
}
},
fetchProfile ({commit, dispatch, state}) {
if (document) {
// this is to ensure we do not have any leaking cookie set by django
document.cookie = 'sessionid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;'
}
return new Promise((resolve, reject) => {
axios.get('users/users/me/').then((response) => {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment