- {% if purchased %}
+ {% if can_download %}
Download
{% else %}
diff --git a/src/utils/__init__.py b/src/utils/__init__.py
index de5a089..3b5967b 100644
--- a/src/utils/__init__.py
+++ b/src/utils/__init__.py
@@ -4,4 +4,5 @@ from .config import Config
from .storage import storage
from .md5stuffs import calculate_md5_sum_for_file, write_file_from_stream_to_file_like_while_calculating_md5
from .exceptions import FileIntegrityError
-from .caff_previewer import create_caff_preview
\ No newline at end of file
+from .caff_previewer import create_caff_preview
+from .common_queries import user_can_access_caff
\ No newline at end of file
diff --git a/src/utils/common_queries.py b/src/utils/common_queries.py
new file mode 100644
index 0000000..8c2d551
--- /dev/null
+++ b/src/utils/common_queries.py
@@ -0,0 +1,15 @@
+from flask_security import current_user
+from models import db, Purchase, Item
+
+
+def user_can_access_caff(item: Item) -> bool:
+ if not current_user.is_authenticated:
+ return False
+ else:
+
+ if item.uploader == current_user:
+ return True
+ else:
+ p = Purchase.query.filter(
+ db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == item.id)).first()
+ return bool(p)
diff --git a/src/views/contentview.py b/src/views/contentview.py
index 602d544..503f9da 100644
--- a/src/views/contentview.py
+++ b/src/views/contentview.py
@@ -7,7 +7,9 @@ from flask_security import login_required, current_user
from utils import storage
from minio.error import NoSuchKey
-from models import db, Item, Purchase
+from utils import user_can_access_caff
+
+from models import db, Item
class ContentView(FlaskView):
@@ -29,22 +31,21 @@ class ContentView(FlaskView):
def preview(self, id_: int):
i = Item.query.get_or_404(id_)
-
return self._stream_from_minio(current_app.config['MINIO_PREVIEW_BUCKET_NAME'], i.id)
@login_required
def caff(self, id_: int):
- p = Purchase.query.filter(db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == id_)).first()
+ item = Item.query.get_or_404(id_)
- if not p:
+ if not user_can_access_caff(item):
abort(403)
allowed_chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
- filename = ''.join(filter(lambda x: x in allowed_chars, p.item.name)).lower()
+ filename = ''.join(filter(lambda x: x in allowed_chars, item.name)).lower()
if not filename:
- filename = str(p.item.id)
+ filename = str(item.id)
- filename += f'_{p.id}.caff'
+ filename += '.caff'
- return self._stream_from_minio(current_app.config['MINIO_CAFF_BUCKET_NAME'], p.item.id, filename)
+ return self._stream_from_minio(current_app.config['MINIO_CAFF_BUCKET_NAME'], item.id, filename)
diff --git a/src/views/itemview.py b/src/views/itemview.py
index 4e8eb5c..1d8f636 100644
--- a/src/views/itemview.py
+++ b/src/views/itemview.py
@@ -3,7 +3,9 @@ from flask import render_template, request, flash, redirect, url_for, current_ap
from flask_classful import FlaskView
from flask_security import current_user, login_required
-from models import db, Comment, Item, Purchase
+from utils import user_can_access_caff
+
+from models import db, Comment, Item
import bleach
"""
@@ -20,15 +22,9 @@ class ItemView(FlaskView):
def get(self, id_: int):
item = Item.query.get_or_404(id_)
+ can_download = user_can_access_caff(item)
- if not current_user.is_authenticated:
- purchased = False
- else:
- p = Purchase.query.filter(
- db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == id_)).first()
- purchased = bool(p)
-
- return render_template('item.html', item=item, purchased=purchased)
+ return render_template('item.html', item=item, can_download=can_download)
@login_required
def post(self, id_: int):