Verified Commit 159c07c2 authored by Eliot Berriot's avatar Eliot Berriot
Browse files

See #170: don't expose channels libraries in API

parent 7ac5a2f3
......@@ -203,7 +203,9 @@ class MusicLibraryViewSet(
authentication_classes = [authentication.SignatureAuthentication]
renderer_classes = renderers.get_ap_renderers()
serializer_class = serializers.LibrarySerializer
queryset = music_models.Library.objects.all().select_related("actor")
queryset = (
music_models.Library.objects.all().select_related("actor").filter(channel=None)
)
lookup_field = "uuid"
def retrieve(self, request, *args, **kwargs):
......
......@@ -39,7 +39,18 @@ def get_stats(tracks, target):
data["track_favorites"] = favorites_models.TrackFavorite.objects.filter(
track__in=tracks
).count()
data["libraries"] = uploads.values_list("library", flat=True).distinct().count()
data["libraries"] = (
uploads.filter(library__channel=None)
.values_list("library", flat=True)
.distinct()
.count()
)
data["channels"] = (
uploads.exclude(library__channel=None)
.values_list("library", flat=True)
.distinct()
.count()
)
data["uploads"] = uploads.count()
data["reports"] = moderation_models.Report.objects.get_for_target(target).count()
data.update(get_media_stats(uploads))
......@@ -233,6 +244,7 @@ class ManageLibraryViewSet(
lookup_field = "uuid"
queryset = (
music_models.Library.objects.all()
.filter(channel=None)
.order_by("-id")
.select_related("actor")
.annotate(
......
......@@ -50,7 +50,7 @@ def get_libraries(filter_uploads):
uploads = filter_uploads(obj, uploads)
uploads = uploads.playable_by(actor)
qs = models.Library.objects.filter(
pk__in=uploads.values_list("library", flat=True)
pk__in=uploads.values_list("library", flat=True), channel=None,
).annotate(_uploads_count=Count("uploads"))
qs = qs.prefetch_related("actor")
page = self.paginate_queryset(qs)
......@@ -232,6 +232,7 @@ class LibraryViewSet(
lookup_field = "uuid"
queryset = (
models.Library.objects.all()
.filter(channel=None)
.order_by("-creation_date")
.annotate(_uploads_count=Count("uploads"))
.annotate(_size=Sum("uploads__size"))
......
......@@ -169,6 +169,16 @@ def test_music_library_retrieve(factories, api_client, privacy_level):
assert response.data == expected
def test_music_library_retrieve_excludes_channel_libraries(factories, api_client):
channel = factories["audio.Channel"]()
library = channel.library
url = reverse("federation:music:libraries-detail", kwargs={"uuid": library.uuid})
response = api_client.get(url)
assert response.status_code == 404
def test_music_library_retrieve_page_public(factories, api_client):
library = factories["music.Library"](privacy_level="everyone")
upload = factories["music.Upload"](library=library, import_status="finished")
......
......@@ -185,6 +185,7 @@ def test_artist_detail_stats(factories, superuser_api_client):
response = superuser_api_client.get(url)
expected = {
"libraries": 0,
"channels": 0,
"uploads": 0,
"listenings": 0,
"playlists": 0,
......@@ -235,6 +236,7 @@ def test_album_detail_stats(factories, superuser_api_client):
response = superuser_api_client.get(url)
expected = {
"libraries": 0,
"channels": 0,
"uploads": 0,
"listenings": 0,
"playlists": 0,
......@@ -282,6 +284,7 @@ def test_track_detail_stats(factories, superuser_api_client):
response = superuser_api_client.get(url)
expected = {
"libraries": 0,
"channels": 0,
"uploads": 0,
"listenings": 0,
"playlists": 0,
......@@ -314,6 +317,17 @@ def test_library_list(factories, superuser_api_client, settings):
assert response.data["results"][0]["id"] == library.id
def test_library_list_exclude_channel_libraries(
factories, superuser_api_client, settings
):
factories["audio.Channel"]()
url = reverse("api:v1:manage:library:libraries-list")
response = superuser_api_client.get(url)
assert response.status_code == 200
assert response.data["count"] == 0
def test_library_detail(factories, superuser_api_client):
library = factories["music.Library"]()
url = reverse(
......
......@@ -640,6 +640,16 @@ def test_user_can_list_their_library(factories, logged_in_api_client):
assert response.data["results"][0]["uuid"] == str(library.uuid)
def test_library_list_excludes_channel_library(factories, logged_in_api_client):
actor = logged_in_api_client.user.create_actor()
factories["audio.Channel"](attributed_to=actor)
url = reverse("api:v1:libraries-list")
response = logged_in_api_client.get(url)
assert response.status_code == 200
assert response.data["count"] == 0
def test_user_cannot_delete_other_actors_library(factories, logged_in_api_client):
logged_in_api_client.user.create_actor()
library = factories["music.Library"](privacy_level="everyone")
......@@ -859,6 +869,11 @@ def test_can_get_libraries_for_music_entities(
"album": upload.track.album,
"track": upload.track,
}
# libraries in channel should be missing excluded
channel = factories["audio.Channel"](artist=upload.track.artist)
factories["music.Upload"](
library=channel.library, playable=True, track=upload.track
)
url = reverse("api:v1:{}s-libraries".format(entity), kwargs={"pk": data[entity].pk})
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment