Python script, ASCII text executable
1
import json
2
import os
3
import mimetypes
4
import flask
5
import ruamel.yaml as yaml
6
import sqlalchemy.dialects.postgresql
7
import config
8
import markdown
9
from datetime import datetime
11
from os import path
12
from flask_sqlalchemy import SQLAlchemy
13
from flask_bcrypt import Bcrypt
14
from flask_migrate import Migrate, current
15
from urllib.parse import urlencode
16
from PIL import Image
17
from sqlalchemy.sql.functions import current_user
18
app = flask.Flask(__name__)
20
bcrypt = Bcrypt(app)
21
app.config["SQLALCHEMY_DATABASE_URI"] = config.DB_URI
23
app.config["SECRET_KEY"] = config.DB_PASSWORD
24
db = SQLAlchemy(app)
26
migrate = Migrate(app, db)
27
@app.template_filter("split")
30
def split(value, separator=None, maxsplit=-1):
31
return value.split(separator, maxsplit)
32
@app.template_filter("median")
35
def median(value):
36
value = list(value) # prevent generators
37
return sorted(value)[len(value) // 2]
38
@app.template_filter("set")
41
def set_filter(value):
42
return set(value)
43
@app.template_global()
46
def modify_query(**new_values):
47
args = flask.request.args.copy()
48
for key, value in new_values.items():
49
args[key] = value
50
return f"{flask.request.path}?{urlencode(args)}"
52
@app.context_processor
55
def default_variables():
56
return {
57
"current_user": db.session.get(User, flask.session.get("username")),
58
}
59
with app.app_context():
62
class User(db.Model):
63
username = db.Column(db.String(32), unique=True, nullable=False, primary_key=True)
64
password_hashed = db.Column(db.String(60), nullable=False)
65
admin = db.Column(db.Boolean, nullable=False, default=False, server_default="false")
66
pictures = db.relationship("PictureResource", back_populates="author")
67
joined_timestamp = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)
68
galleries = db.relationship("Gallery", back_populates="owner")
69
galleries_joined = db.relationship("UserInGallery", back_populates="user")
70
ratings = db.relationship("PictureRating", back_populates="user")
71
def __init__(self, username, password):
73
self.username = username
74
self.password_hashed = bcrypt.generate_password_hash(password).decode("utf-8")
75
@property
77
def formatted_name(self):
78
if self.admin:
79
return self.username + "*"
80
return self.username
81
class Licence(db.Model):
84
id = db.Column(db.String(64), primary_key=True) # SPDX identifier
85
title = db.Column(db.UnicodeText, nullable=False) # the official name of the licence
86
description = db.Column(db.UnicodeText,
87
nullable=False) # brief description of its permissions and restrictions
88
info_url = db.Column(db.String(1024),
89
nullable=False) # the URL to a page with general information about the licence
90
url = db.Column(db.String(1024),
91
nullable=True) # the URL to a page with the full text of the licence and more information
92
pictures = db.relationship("PictureLicence", back_populates="licence")
93
free = db.Column(db.Boolean, nullable=False,
94
default=False) # whether the licence is free or not
95
logo_url = db.Column(db.String(1024), nullable=True) # URL to the logo of the licence
96
pinned = db.Column(db.Boolean, nullable=False,
97
default=False) # whether the licence should be shown at the top of the list
98
def __init__(self, id, title, description, info_url, url, free, logo_url=None,
100
pinned=False):
101
self.id = id
102
self.title = title
103
self.description = description
104
self.info_url = info_url
105
self.url = url
106
self.free = free
107
self.logo_url = logo_url
108
self.pinned = pinned
109
class PictureLicence(db.Model):
112
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
113
resource_id = db.Column(db.Integer, db.ForeignKey("picture_resource.id"))
115
licence_id = db.Column(db.String(64), db.ForeignKey("licence.id"))
116
resource = db.relationship("PictureResource", back_populates="licences")
118
licence = db.relationship("Licence", back_populates="pictures")
119
def __init__(self, resource, licence):
121
self.resource = resource
122
self.licence = licence
123
class Resource(db.Model):
126
__abstract__ = True
127
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
129
title = db.Column(db.UnicodeText, nullable=False)
130
description = db.Column(db.UnicodeText, nullable=False)
131
timestamp = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)
132
origin_url = db.Column(db.String(2048),
133
nullable=True) # should be left empty if it's original or the source is unknown but public domain
134
class PictureNature(db.Model):
137
# Examples:
138
# "photo", "paper-scan", "2d-art-photo", "sculpture-photo", "computer-3d", "computer-painting",
139
# "computer-line-art", "diagram", "infographic", "text", "map", "chart-graph", "screen-capture",
140
# "screen-photo", "pattern", "collage", "ai", and so on
141
id = db.Column(db.String(64), primary_key=True)
142
description = db.Column(db.UnicodeText, nullable=False)
143
resources = db.relationship("PictureResource", back_populates="nature")
144
def __init__(self, id, description):
146
self.id = id
147
self.description = description
148
class PictureObjectInheritance(db.Model):
151
parent_id = db.Column(db.String(64), db.ForeignKey("picture_object.id"),
152
primary_key=True)
153
child_id = db.Column(db.String(64), db.ForeignKey("picture_object.id"),
154
primary_key=True)
155
parent = db.relationship("PictureObject", foreign_keys=[parent_id],
157
back_populates="child_links")
158
child = db.relationship("PictureObject", foreign_keys=[child_id],
159
back_populates="parent_links")
160
def __init__(self, parent, child):
162
self.parent = parent
163
self.child = child
164
class PictureObject(db.Model):
167
id = db.Column(db.String(64), primary_key=True)
168
description = db.Column(db.UnicodeText, nullable=False)
169
child_links = db.relationship("PictureObjectInheritance",
171
foreign_keys=[PictureObjectInheritance.parent_id],
172
back_populates="parent")
173
parent_links = db.relationship("PictureObjectInheritance",
174
foreign_keys=[PictureObjectInheritance.child_id],
175
back_populates="child")
176
def __init__(self, id, description):
178
self.id = id
179
self.description = description
180
class PictureRegion(db.Model):
183
# This is for picture region annotations
184
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
185
json = db.Column(sqlalchemy.dialects.postgresql.JSONB, nullable=False)
186
resource_id = db.Column(db.Integer, db.ForeignKey("picture_resource.id"),
188
nullable=False)
189
object_id = db.Column(db.String(64), db.ForeignKey("picture_object.id"), nullable=True)
190
resource = db.relationship("PictureResource", backref="regions")
192
object = db.relationship("PictureObject", backref="regions")
193
def __init__(self, json, resource, object):
195
self.json = json
196
self.resource = resource
197
self.object = object
198
class PictureResource(Resource):
201
# This is only for bitmap pictures. Vectors will be stored under a different model
202
# File name is the ID in the picture directory under data, without an extension
203
file_format = db.Column(db.String(64), nullable=False) # MIME type
204
width = db.Column(db.Integer, nullable=False)
205
height = db.Column(db.Integer, nullable=False)
206
nature_id = db.Column(db.String(32), db.ForeignKey("picture_nature.id"), nullable=True)
207
author_name = db.Column(db.String(32), db.ForeignKey("user.username"), nullable=False)
208
author = db.relationship("User", back_populates="pictures")
209
nature = db.relationship("PictureNature", back_populates="resources")
211
replaces_id = db.Column(db.Integer, db.ForeignKey("picture_resource.id"), nullable=True)
213
replaced_by_id = db.Column(db.Integer, db.ForeignKey("picture_resource.id"),
214
nullable=True)
215
replaces = db.relationship("PictureResource", remote_side="PictureResource.id",
217
foreign_keys=[replaces_id], back_populates="replaced_by",
218
post_update=True)
219
replaced_by = db.relationship("PictureResource", remote_side="PictureResource.id",
220
foreign_keys=[replaced_by_id], post_update=True)
221
copied_from_id = db.Column(db.Integer, db.ForeignKey("picture_resource.id"),
223
nullable=True)
224
copied_from = db.relationship("PictureResource", remote_side="PictureResource.id",
225
backref="copies", foreign_keys=[copied_from_id])
226
licences = db.relationship("PictureLicence", back_populates="resource")
228
galleries = db.relationship("PictureInGallery", back_populates="resource")
229
ratings = db.relationship("PictureRating", back_populates="resource")
230
def __init__(self, title, author, description, origin_url, licence_ids, mime,
232
nature=None):
233
self.title = title
234
self.author = author
235
self.description = description
236
self.origin_url = origin_url
237
self.file_format = mime
238
self.width = self.height = 0
239
self.nature = nature
240
db.session.add(self)
241
db.session.commit()
242
for licence_id in licence_ids:
243
joiner = PictureLicence(self, db.session.get(Licence, licence_id))
244
db.session.add(joiner)
245
def put_annotations(self, json):
247
# Delete all previous annotations
248
db.session.query(PictureRegion).filter_by(resource_id=self.id).delete()
249
for region in json:
251
object_id = region["object"]
252
picture_object = db.session.get(PictureObject, object_id)
253
region_data = {
255
"type": region["type"],
256
"shape": region["shape"],
257
}
258
region_row = PictureRegion(region_data, self, picture_object)
260
db.session.add(region_row)
261
@property
263
def average_rating(self):
264
if not self.ratings:
265
return None
266
return db.session.query(db.func.avg(PictureRating.rating)).filter_by(resource=self).scalar()
267
@property
269
def rating_totals(self):
270
all_ratings = db.session.query(PictureRating.rating).filter_by(resource=self)
271
return {rating: all_ratings.filter_by(rating=rating).count() for rating in range(1, 6)}
272
@property
274
def stars(self):
275
if not self.ratings:
276
return 0
277
average = self.average_rating
278
whole_stars = int(average)
279
partial_star = average - whole_stars
280
return [100] * whole_stars + [int(partial_star * 100)] + [0] * (4 - whole_stars)
282
class PictureInGallery(db.Model):
285
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
286
resource_id = db.Column(db.Integer, db.ForeignKey("picture_resource.id"),
287
nullable=False)
288
gallery_id = db.Column(db.Integer, db.ForeignKey("gallery.id"), nullable=False)
289
resource = db.relationship("PictureResource")
291
gallery = db.relationship("Gallery")
292
def __init__(self, resource, gallery):
294
self.resource = resource
295
self.gallery = gallery
296
class UserInGallery(db.Model):
299
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
300
username = db.Column(db.String(32), db.ForeignKey("user.username"), nullable=False)
301
gallery_id = db.Column(db.Integer, db.ForeignKey("gallery.id"), nullable=False)
302
user = db.relationship("User")
304
gallery = db.relationship("Gallery")
305
def __init__(self, user, gallery):
307
self.user = user
308
self.gallery = gallery
309
class Gallery(db.Model):
312
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
313
title = db.Column(db.UnicodeText, nullable=False)
314
description = db.Column(db.UnicodeText, nullable=False)
315
pictures = db.relationship("PictureInGallery", back_populates="gallery")
316
owner_name = db.Column(db.String(32), db.ForeignKey("user.username"), nullable=False)
317
owner = db.relationship("User", back_populates="galleries")
318
users = db.relationship("UserInGallery", back_populates="gallery")
319
def __init__(self, title, description, owner):
321
self.title = title
322
self.description = description
323
self.owner = owner
324
class PictureRating(db.Model):
327
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
328
resource_id = db.Column(db.Integer, db.ForeignKey("picture_resource.id"), nullable=False)
329
username = db.Column(db.String(32), db.ForeignKey("user.username"), nullable=False)
330
rating = db.Column(db.Integer, db.CheckConstraint("rating >= 1 AND rating <= 5"),
331
nullable=False)
332
resource = db.relationship("PictureResource", back_populates="ratings")
334
user = db.relationship("User", back_populates="ratings")
335
def __init__(self, resource, user, rating):
337
self.resource = resource
338
self.user = user
339
self.rating = rating
340
@app.route("/")
343
def index():
344
return flask.render_template("home.html", resources=PictureResource.query.order_by(
345
db.func.random()).limit(10).all())
346
@app.route("/accounts/")
349
def accounts():
350
return flask.render_template("login.html")
351
@app.route("/login", methods=["POST"])
354
def login():
355
username = flask.request.form["username"]
356
password = flask.request.form["password"]
357
user = db.session.get(User, username)
359
if user is None:
361
flask.flash("This username is not registered.")
362
return flask.redirect("/accounts")
363
if not bcrypt.check_password_hash(user.password_hashed, password):
365
flask.flash("Incorrect password.")
366
return flask.redirect("/accounts")
367
flask.flash("You have been logged in.")
369
flask.session["username"] = username
371
return flask.redirect("/")
372
@app.route("/logout")
375
def logout():
376
flask.session.pop("username", None)
377
flask.flash("You have been logged out.")
378
return flask.redirect("/")
379
@app.route("/signup", methods=["POST"])
382
def signup():
383
username = flask.request.form["username"]
384
password = flask.request.form["password"]
385
if db.session.get(User, username) is not None:
387
flask.flash("This username is already taken.")
388
return flask.redirect("/accounts")
389
if set(username) > set("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"):
391
flask.flash(
392
"Usernames can only contain the Latin alphabet, digits, hyphens, and underscores.")
393
return flask.redirect("/accounts")
394
if len(username) < 3 or len(username) > 32:
396
flask.flash("Usernames must be between 3 and 32 characters long.")
397
return flask.redirect("/accounts")
398
if len(password) < 6:
400
flask.flash("Passwords must be at least 6 characters long.")
401
return flask.redirect("/accounts")
402
user = User(username, password)
404
db.session.add(user)
405
db.session.commit()
406
flask.session["username"] = username
408
flask.flash("You have been registered and logged in.")
410
return flask.redirect("/")
412
@app.route("/profile", defaults={"username": None})
415
@app.route("/profile/<username>")
416
def profile(username):
417
if username is None:
418
if "username" in flask.session:
419
return flask.redirect("/profile/" + flask.session["username"])
420
else:
421
flask.flash("Please log in to perform this action.")
422
return flask.redirect("/accounts")
423
user = db.session.get(User, username)
425
if user is None:
426
flask.abort(404)
427
return flask.render_template("profile.html", user=user)
429
@app.route("/object/<id>")
432
def has_object(id):
433
object_ = db.session.get(PictureObject, id)
434
if object_ is None:
435
flask.abort(404)
436
query = db.session.query(PictureResource).join(PictureRegion).filter(
438
PictureRegion.object_id == id)
439
page = int(flask.request.args.get("page", 1))
441
per_page = int(flask.request.args.get("per_page", 16))
442
resources = query.paginate(page=page, per_page=per_page)
444
return flask.render_template("object.html", object=object_, resources=resources,
446
page_number=page,
447
page_length=per_page, num_pages=resources.pages,
448
prev_page=resources.prev_num,
449
next_page=resources.next_num, PictureRegion=PictureRegion)
450
@app.route("/upload")
453
def upload():
454
if "username" not in flask.session:
455
flask.flash("Log in to upload pictures.")
456
return flask.redirect("/accounts")
457
licences = Licence.query.order_by(Licence.free.desc(), Licence.pinned.desc(),
459
Licence.title).all()
460
types = PictureNature.query.all()
462
return flask.render_template("upload.html", licences=licences, types=types)
464
@app.route("/upload", methods=["POST"])
467
def upload_post():
468
title = flask.request.form["title"]
469
description = flask.request.form["description"]
470
origin_url = flask.request.form["origin_url"]
471
author = db.session.get(User, flask.session.get("username"))
472
licence_ids = flask.request.form.getlist("licence")
473
nature_id = flask.request.form["nature"]
474
if author is None:
476
flask.abort(401)
477
file = flask.request.files["file"]
479
if not file or not file.filename:
481
flask.flash("Select a file")
482
return flask.redirect(flask.request.url)
483
if not file.mimetype.startswith("image/") or file.mimetype == "image/svg+xml":
485
flask.flash("Only images are supported")
486
return flask.redirect(flask.request.url)
487
if not title:
489
flask.flash("Enter a title")
490
return flask.redirect(flask.request.url)
491
if not description:
493
description = ""
494
if not nature_id:
496
flask.flash("Select a picture type")
497
return flask.redirect(flask.request.url)
498
if not licence_ids:
500
flask.flash("Select licences")
501
return flask.redirect(flask.request.url)
502
licences = [db.session.get(Licence, licence_id) for licence_id in licence_ids]
504
if not any(licence.free for licence in licences):
505
flask.flash("Select at least one free licence")
506
return flask.redirect(flask.request.url)
507
resource = PictureResource(title, author, description, origin_url, licence_ids,
509
file.mimetype,
510
db.session.get(PictureNature, nature_id))
511
db.session.add(resource)
512
db.session.commit()
513
file.save(path.join(config.DATA_PATH, "pictures", str(resource.id)))
514
pil_image = Image.open(path.join(config.DATA_PATH, "pictures", str(resource.id)))
515
resource.width, resource.height = pil_image.size
516
db.session.commit()
517
if flask.request.form.get("annotations"):
519
try:
520
resource.put_annotations(json.loads(flask.request.form.get("annotations")))
521
db.session.commit()
522
except json.JSONDecodeError:
523
flask.flash("Invalid annotations")
524
flask.flash("Picture uploaded successfully")
526
return flask.redirect("/picture/" + str(resource.id))
528
@app.route("/picture/<int:id>/")
531
def picture(id):
532
resource = db.session.get(PictureResource, id)
533
if resource is None:
534
flask.abort(404)
535
image = Image.open(path.join(config.DATA_PATH, "pictures", str(resource.id)))
537
current_user = db.session.get(User, flask.session.get("username"))
539
have_permission = current_user and (current_user == resource.author or current_user.admin)
540
own_rating = None
542
if current_user:
543
own_rating = PictureRating.query.filter_by(resource=resource, user=current_user).first()
544
return flask.render_template("picture.html", resource=resource,
546
file_extension=mimetypes.guess_extension(resource.file_format),
547
size=image.size, copies=resource.copies,
548
have_permission=have_permission, own_rating=own_rating)
549
@app.route("/picture/<int:id>/annotate")
552
def annotate_picture(id):
553
resource = db.session.get(PictureResource, id)
554
if resource is None:
555
flask.abort(404)
556
current_user = db.session.get(User, flask.session.get("username"))
558
if current_user is None:
559
flask.abort(401)
560
if resource.author != current_user and not current_user.admin:
562
flask.abort(403)
563
return flask.render_template("picture-annotation.html", resource=resource,
565
file_extension=mimetypes.guess_extension(resource.file_format))
566
@app.route("/picture/<int:id>/put-annotations-form")
569
def put_annotations_form(id):
570
resource = db.session.get(PictureResource, id)
571
if resource is None:
572
flask.abort(404)
573
current_user = db.session.get(User, flask.session.get("username"))
575
if current_user is None:
576
flask.abort(401)
577
if resource.author != current_user and not current_user.admin:
579
flask.abort(403)
580
return flask.render_template("put-annotations-form.html", resource=resource)
582
@app.route("/picture/<int:id>/put-annotations-form", methods=["POST"])
585
def put_annotations_form_post(id):
586
resource = db.session.get(PictureResource, id)
587
if resource is None:
588
flask.abort(404)
589
current_user = db.session.get(User, flask.session.get("username"))
591
if current_user is None:
592
flask.abort(401)
593
if resource.author != current_user and not current_user.admin:
595
flask.abort(403)
596
resource.put_annotations(json.loads(flask.request.form["annotations"]))
598
db.session.commit()
600
return flask.redirect("/picture/" + str(resource.id))
602
@app.route("/picture/<int:id>/save-annotations", methods=["POST"])
605
@app.route("/api/picture/<int:id>/put-annotations", methods=["POST"])
606
def save_annotations(id):
607
resource = db.session.get(PictureResource, id)
608
if resource is None:
609
flask.abort(404)
610
current_user = db.session.get(User, flask.session.get("username"))
612
if resource.author != current_user and not current_user.admin:
613
flask.abort(403)
614
resource.put_annotations(flask.request.json)
616
db.session.commit()
618
response = flask.make_response()
620
response.status_code = 204
621
return response
622
@app.route("/picture/<int:id>/get-annotations")
625
@app.route("/api/picture/<int:id>/api/get-annotations")
626
def get_annotations(id):
627
resource = db.session.get(PictureResource, id)
628
if resource is None:
629
flask.abort(404)
630
regions = db.session.query(PictureRegion).filter_by(resource_id=id).all()
632
regions_json = []
634
for region in regions:
636
regions_json.append({
637
"object": region.object_id,
638
"type": region.json["type"],
639
"shape": region.json["shape"],
640
})
641
return flask.jsonify(regions_json)
643
@app.route("/picture/<int:id>/delete")
646
def delete_picture(id):
647
resource = db.session.get(PictureResource, id)
648
if resource is None:
649
flask.abort(404)
650
current_user = db.session.get(User, flask.session.get("username"))
652
if current_user is None:
653
flask.abort(401)
654
if resource.author != current_user and not current_user.admin:
656
flask.abort(403)
657
PictureLicence.query.filter_by(resource=resource).delete()
659
PictureRegion.query.filter_by(resource=resource).delete()
660
PictureInGallery.query.filter_by(resource=resource).delete()
661
if resource.replaces:
662
resource.replaces.replaced_by = None
663
if resource.replaced_by:
664
resource.replaced_by.replaces = None
665
resource.copied_from = None
666
for copy in resource.copies:
667
copy.copied_from = None
668
db.session.delete(resource)
669
db.session.commit()
670
return flask.redirect("/")
672
@app.route("/picture/<int:id>/mark-replacement", methods=["POST"])
675
def mark_picture_replacement(id):
676
resource = db.session.get(PictureResource, id)
677
if resource is None:
678
flask.abort(404)
679
current_user = db.session.get(User, flask.session.get("username"))
681
if current_user is None:
682
flask.abort(401)
683
if resource.copied_from.author != current_user and not current_user.admin:
685
flask.abort(403)
686
resource.copied_from.replaced_by = resource
688
resource.replaces = resource.copied_from
689
db.session.commit()
691
return flask.redirect("/picture/" + str(resource.copied_from.id))
693
@app.route("/picture/<int:id>/remove-replacement", methods=["POST"])
696
def remove_picture_replacement(id):
697
resource = db.session.get(PictureResource, id)
698
if resource is None:
699
flask.abort(404)
700
current_user = db.session.get(User, flask.session.get("username"))
702
if current_user is None:
703
flask.abort(401)
704
if resource.author != current_user and not current_user.admin:
706
flask.abort(403)
707
resource.replaced_by.replaces = None
709
resource.replaced_by = None
710
db.session.commit()
712
return flask.redirect("/picture/" + str(resource.id))
714
@app.route("/picture/<int:id>/edit-metadata")
717
def edit_picture(id):
718
resource = db.session.get(PictureResource, id)
719
if resource is None:
720
flask.abort(404)
721
current_user = db.session.get(User, flask.session.get("username"))
723
if current_user is None:
724
flask.abort(401)
725
if resource.author != current_user and not current_user.admin:
727
flask.abort(403)
728
licences = Licence.query.order_by(Licence.free.desc(), Licence.pinned.desc(),
730
Licence.title).all()
731
types = PictureNature.query.all()
733
return flask.render_template("edit-picture.html", resource=resource, licences=licences,
735
types=types,
736
PictureLicence=PictureLicence)
737
@app.route("/picture/<int:id>/rate", methods=["POST"])
740
def rate_picture(id):
741
resource = db.session.get(PictureResource, id)
742
if resource is None:
743
flask.abort(404)
744
current_user = db.session.get(User, flask.session.get("username"))
746
if current_user is None:
747
flask.abort(401)
748
rating = int(flask.request.form.get("rating"))
750
if not rating:
752
# Delete the existing rating
753
if PictureRating.query.filter_by(resource=resource, user=current_user).first():
754
db.session.delete(PictureRating.query.filter_by(resource=resource,
755
user=current_user).first())
756
db.session.commit()
757
return flask.redirect("/picture/" + str(resource.id))
759
if not 1 <= rating <= 5:
761
flask.flash("Invalid rating")
762
return flask.redirect("/picture/" + str(resource.id))
763
if PictureRating.query.filter_by(resource=resource, user=current_user).first():
765
PictureRating.query.filter_by(resource=resource, user=current_user).first().rating = rating
766
else:
767
# Create a new rating
768
db.session.add(PictureRating(resource, current_user, rating))
769
db.session.commit()
771
return flask.redirect("/picture/" + str(resource.id))
773
@app.route("/picture/<int:id>/edit-metadata", methods=["POST"])
776
def edit_picture_post(id):
777
resource = db.session.get(PictureResource, id)
778
if resource is None:
779
flask.abort(404)
780
current_user = db.session.get(User, flask.session.get("username"))
782
if current_user is None:
783
flask.abort(401)
784
if resource.author != current_user and not current_user.admin:
786
flask.abort(403)
787
title = flask.request.form["title"]
789
description = flask.request.form["description"]
790
origin_url = flask.request.form["origin_url"]
791
licence_ids = flask.request.form.getlist("licence")
792
nature_id = flask.request.form["nature"]
793
if not title:
795
flask.flash("Enter a title")
796
return flask.redirect(flask.request.url)
797
if not description:
799
description = ""
800
if not nature_id:
802
flask.flash("Select a picture type")
803
return flask.redirect(flask.request.url)
804
if not licence_ids:
806
flask.flash("Select licences")
807
return flask.redirect(flask.request.url)
808
licences = [db.session.get(Licence, licence_id) for licence_id in licence_ids]
810
if not any(licence.free for licence in licences):
811
flask.flash("Select at least one free licence")
812
return flask.redirect(flask.request.url)
813
resource.title = title
815
resource.description = description
816
resource.origin_url = origin_url
817
for licence_id in licence_ids:
818
joiner = PictureLicence(resource, db.session.get(Licence, licence_id))
819
db.session.add(joiner)
820
resource.nature = db.session.get(PictureNature, nature_id)
821
db.session.commit()
823
return flask.redirect("/picture/" + str(resource.id))
825
@app.route("/picture/<int:id>/copy")
828
def copy_picture(id):
829
resource = db.session.get(PictureResource, id)
830
if resource is None:
831
flask.abort(404)
832
current_user = db.session.get(User, flask.session.get("username"))
834
if current_user is None:
835
flask.abort(401)
836
new_resource = PictureResource(resource.title, current_user, resource.description,
838
resource.origin_url,
839
[licence.licence_id for licence in resource.licences],
840
resource.file_format,
841
resource.nature)
842
for region in resource.regions:
844
db.session.add(PictureRegion(region.json, new_resource, region.object))
845
db.session.commit()
847
# Create a hard link for the new picture
849
old_path = path.join(config.DATA_PATH, "pictures", str(resource.id))
850
new_path = path.join(config.DATA_PATH, "pictures", str(new_resource.id))
851
os.link(old_path, new_path)
852
new_resource.width = resource.width
854
new_resource.height = resource.height
855
new_resource.copied_from = resource
856
db.session.commit()
858
return flask.redirect("/picture/" + str(new_resource.id))
860
@app.route("/gallery/<int:id>/")
863
def gallery(id):
864
gallery = db.session.get(Gallery, id)
865
if gallery is None:
866
flask.abort(404)
867
current_user = db.session.get(User, flask.session.get("username"))
869
have_permission = current_user and (current_user == gallery.owner or current_user.admin or UserInGallery.query.filter_by(user=current_user, gallery=gallery).first())
871
return flask.render_template("gallery.html", gallery=gallery,
873
have_permission=have_permission)
874
@app.route("/create-gallery")
877
def create_gallery():
878
if "username" not in flask.session:
879
flask.flash("Log in to create galleries.")
880
return flask.redirect("/accounts")
881
return flask.render_template("create-gallery.html")
883
@app.route("/create-gallery", methods=["POST"])
886
def create_gallery_post():
887
if not flask.session.get("username"):
888
flask.abort(401)
889
if not flask.request.form.get("title"):
891
flask.flash("Enter a title")
892
return flask.redirect(flask.request.url)
893
description = flask.request.form.get("description", "")
895
gallery = Gallery(flask.request.form["title"], description,
897
db.session.get(User, flask.session["username"]))
898
db.session.add(gallery)
899
db.session.commit()
900
return flask.redirect("/gallery/" + str(gallery.id))
902
@app.route("/gallery/<int:id>/add-picture", methods=["POST"])
905
def gallery_add_picture(id):
906
gallery = db.session.get(Gallery, id)
907
if gallery is None:
908
flask.abort(404)
909
if "username" not in flask.session:
911
flask.abort(401)
912
if flask.session["username"] != gallery.owner_name and not current_user.admin and not UserInGallery.query.filter_by(user=current_user, gallery=gallery).first():
914
flask.abort(403)
915
picture_id = flask.request.form.get("picture_id")
917
if "/" in picture_id: # also allow full URLs
918
picture_id = picture_id.rstrip("/").rpartition("/")[1]
919
if not picture_id:
920
flask.flash("Select a picture")
921
return flask.redirect("/gallery/" + str(gallery.id))
922
picture_id = int(picture_id)
923
picture = db.session.get(PictureResource, picture_id)
925
if picture is None:
926
flask.flash("Invalid picture")
927
return flask.redirect("/gallery/" + str(gallery.id))
928
if PictureInGallery.query.filter_by(resource=picture, gallery=gallery).first():
930
flask.flash("This picture is already in the gallery")
931
return flask.redirect("/gallery/" + str(gallery.id))
932
db.session.add(PictureInGallery(picture, gallery))
934
db.session.commit()
936
return flask.redirect("/gallery/" + str(gallery.id))
938
@app.route("/gallery/<int:id>/remove-picture", methods=["POST"])
941
def gallery_remove_picture(id):
942
gallery = db.session.get(Gallery, id)
943
if gallery is None:
944
flask.abort(404)
945
if "username" not in flask.session:
947
flask.abort(401)
948
current_user = db.session.get(User, flask.session.get("username"))
950
if flask.session["username"] != gallery.owner_name and not current_user.admin and not UserInGallery.query.filter_by(user=current_user, gallery=gallery).first():
952
flask.abort(403)
953
picture_id = int(flask.request.form.get("picture_id"))
955
picture = db.session.get(PictureResource, picture_id)
957
if picture is None:
958
flask.flash("Invalid picture")
959
return flask.redirect("/gallery/" + str(gallery.id))
960
picture_in_gallery = PictureInGallery.query.filter_by(resource=picture,
962
gallery=gallery).first()
963
if picture_in_gallery is None:
964
flask.flash("This picture isn't in the gallery")
965
return flask.redirect("/gallery/" + str(gallery.id))
966
db.session.delete(picture_in_gallery)
968
db.session.commit()
970
return flask.redirect("/gallery/" + str(gallery.id))
972
@app.route("/gallery/<int:id>/add-pictures-from-query", methods=["POST"])
975
def gallery_add_from_query(id):
976
gallery = db.session.get(Gallery, id)
977
if gallery is None:
978
flask.abort(404)
979
if "username" not in flask.session:
981
flask.abort(401)
982
if flask.session["username"] != gallery.owner_name and not current_user.admin and not UserInGallery.query.filter_by(user=current_user, gallery=gallery).first():
984
flask.abort(403)
985
query_yaml = flask.request.form.get("query", "")
987
yaml_parser = yaml.YAML()
989
query_data = yaml_parser.load(query_yaml) or {}
990
query = get_picture_query(query_data)
991
pictures = query.all()
993
count = 0
995
for picture in pictures:
997
if not PictureInGallery.query.filter_by(resource=picture, gallery=gallery).first():
998
db.session.add(PictureInGallery(picture, gallery))
999
count += 1
1000
db.session.commit()
1002
flask.flash(f"Added {count} pictures to the gallery")
1004
return flask.redirect("/gallery/" + str(gallery.id))
1006
@app.route("/gallery/<int:id>/users")
1009
def gallery_users(id):
1010
gallery = db.session.get(Gallery, id)
1011
if gallery is None:
1012
flask.abort(404)
1013
current_user = db.session.get(User, flask.session.get("username"))
1015
have_permission = current_user and (current_user == gallery.owner or current_user.admin)
1016
return flask.render_template("gallery-users.html", gallery=gallery,
1018
have_permission=have_permission)
1019
@app.route("/gallery/<int:id>/edit")
1022
def edit_gallery(id):
1023
gallery = db.session.get(Gallery, id)
1024
if gallery is None:
1025
flask.abort(404)
1026
current_user = db.session.get(User, flask.session.get("username"))
1028
if current_user is None:
1029
flask.abort(401)
1030
if current_user != gallery.owner and not current_user.admin:
1032
flask.abort(403)
1033
return flask.render_template("edit-gallery.html", gallery=gallery)
1035
@app.route("/gallery/<int:id>/edit", methods=["POST"])
1038
def edit_gallery_post(id):
1039
gallery = db.session.get(Gallery, id)
1040
if gallery is None:
1041
flask.abort(404)
1042
current_user = db.session.get(User, flask.session.get("username"))
1044
if current_user is None:
1045
flask.abort(401)
1046
if current_user != gallery.owner and not current_user.admin:
1048
flask.abort(403)
1049
title = flask.request.form["title"]
1051
description = flask.request.form.get("description")
1052
if not title:
1054
flask.flash("Enter a title")
1055
return flask.redirect(flask.request.url)
1056
if not description:
1058
description = ""
1059
gallery.title = title
1061
gallery.description = description
1062
db.session.commit()
1064
return flask.redirect("/gallery/" + str(gallery.id))
1066
@app.route("/gallery/<int:id>/users/add", methods=["POST"])
1069
def gallery_add_user(id):
1070
gallery = db.session.get(Gallery, id)
1071
if gallery is None:
1072
flask.abort(404)
1073
current_user = db.session.get(User, flask.session.get("username"))
1075
if current_user is None:
1076
flask.abort(401)
1077
if current_user != gallery.owner and not current_user.admin:
1079
flask.abort(403)
1080
username = flask.request.form.get("username")
1082
if username == gallery.owner_name:
1083
flask.flash("The owner is already in the gallery")
1084
return flask.redirect("/gallery/" + str(gallery.id) + "/users")
1085
user = db.session.get(User, username)
1087
if user is None:
1088
flask.flash("User not found")
1089
return flask.redirect("/gallery/" + str(gallery.id) + "/users")
1090
if UserInGallery.query.filter_by(user=user, gallery=gallery).first():
1092
flask.flash("User is already in the gallery")
1093
return flask.redirect("/gallery/" + str(gallery.id) + "/users")
1094
db.session.add(UserInGallery(user, gallery))
1096
db.session.commit()
1098
return flask.redirect("/gallery/" + str(gallery.id) + "/users")
1100
@app.route("/gallery/<int:id>/users/remove", methods=["POST"])
1103
def gallery_remove_user(id):
1104
gallery = db.session.get(Gallery, id)
1105
if gallery is None:
1106
flask.abort(404)
1107
current_user = db.session.get(User, flask.session.get("username"))
1109
if current_user is None:
1110
flask.abort(401)
1111
if current_user != gallery.owner and not current_user.admin:
1113
flask.abort(403)
1114
username = flask.request.form.get("username")
1116
user = db.session.get(User, username)
1117
if user is None:
1118
flask.flash("User not found")
1119
return flask.redirect("/gallery/" + str(gallery.id) + "/users")
1120
user_in_gallery = UserInGallery.query.filter_by(user=user, gallery=gallery).first()
1122
if user_in_gallery is None:
1123
flask.flash("User is not in the gallery")
1124
return flask.redirect("/gallery/" + str(gallery.id) + "/users")
1125
db.session.delete(user_in_gallery)
1127
db.session.commit()
1129
return flask.redirect("/gallery/" + str(gallery.id) + "/users")
1131
class APIError(Exception):
1134
def __init__(self, status_code, message):
1135
self.status_code = status_code
1136
self.message = message
1137
def get_picture_query(query_data):
1140
query = db.session.query(PictureResource)
1141
requirement_conditions = {
1143
"has_object": lambda value: PictureResource.regions.any(
1144
PictureRegion.object_id.in_(value)),
1145
"nature": lambda value: PictureResource.nature_id.in_(value),
1146
"licence": lambda value: PictureResource.licences.any(
1147
PictureLicence.licence_id.in_(value)),
1148
"author": lambda value: PictureResource.author_name.in_(value),
1149
"title": lambda value: PictureResource.title.ilike(value),
1150
"description": lambda value: PictureResource.description.ilike(value),
1151
"origin_url": lambda value: db.func.lower(db.func.substr(
1152
PictureResource.origin_url,
1153
db.func.length(db.func.split_part(PictureResource.origin_url, "://", 1)) + 4
1154
)).in_(value),
1155
"above_width": lambda value: PictureResource.width >= value,
1156
"below_width": lambda value: PictureResource.width <= value,
1157
"above_height": lambda value: PictureResource.height >= value,
1158
"below_height": lambda value: PictureResource.height <= value,
1159
"before_date": lambda value: PictureResource.timestamp <= datetime.utcfromtimestamp(
1160
value),
1161
"after_date": lambda value: PictureResource.timestamp >= datetime.utcfromtimestamp(
1162
value),
1163
"in_gallery": lambda value: PictureResource.galleries.any(PictureInGallery.gallery_id.in_(value)),
1164
"above_rating": lambda value: db.select(db.func.coalesce(db.func.avg(PictureRating.rating), 5)).where(PictureRating.resource_id == PictureResource.id).scalar_subquery() >= value,
1165
"below_rating": lambda value: db.select(db.func.coalesce(db.func.avg(PictureRating.rating), 0)).where(PictureRating.resource_id == PictureResource.id).scalar_subquery() <= value,
1166
"above_rating_count": lambda value: db.select(db.func.count(PictureRating.id)).where(PictureRating.resource_id == PictureResource.id).correlate(PictureResource).scalar_subquery() >= value,
1167
"below_rating_count": lambda value: db.select(db.func.count(PictureRating.id)).where(PictureRating.resource_id == PictureResource.id).correlate(PictureResource).scalar_subquery() <= value,
1168
"above_region_count": lambda value: db.select(db.func.count(PictureRegion.id)).where(PictureRegion.resource_id == PictureResource.id).correlate(PictureResource).scalar_subquery() >= value,
1169
"below_region_count": lambda value: db.select(db.func.count(PictureRegion.id)).where(PictureRegion.resource_id == PictureResource.id).correlate(PictureResource).scalar_subquery() <= value,
1170
"copied_from": lambda value: PictureResource.copied_from_id.in_(value),
1171
}
1172
if "want" in query_data:
1174
for i in query_data["want"]:
1175
if len(i) != 1:
1176
raise APIError(400, "Each requirement must have exactly one key")
1177
requirement, value = list(i.items())[0]
1178
if requirement not in requirement_conditions:
1179
raise APIError(400, f"Unknown requirement type: {requirement}")
1180
condition = requirement_conditions[requirement]
1182
query = query.filter(condition(value))
1183
if "exclude" in query_data:
1184
for i in query_data["exclude"]:
1185
if len(i) != 1:
1186
raise APIError(400, "Each exclusion must have exactly one key")
1187
requirement, value = list(i.items())[0]
1188
if requirement not in requirement_conditions:
1189
raise APIError(400, f"Unknown requirement type: {requirement}")
1190
condition = requirement_conditions[requirement]
1192
query = query.filter(~condition(value))
1193
if not query_data.get("include_obsolete", False):
1194
query = query.filter(PictureResource.replaced_by_id.is_(None))
1195
return query
1197
@app.route("/query-pictures")
1200
def graphical_query_pictures():
1201
return flask.render_template("graphical-query-pictures.html")
1202
@app.route("/query-pictures-results")
1205
def graphical_query_pictures_results():
1206
query_yaml = flask.request.args.get("query", "")
1207
yaml_parser = yaml.YAML()
1208
query_data = yaml_parser.load(query_yaml) or {}
1209
try:
1210
query = get_picture_query(query_data)
1211
except APIError as e:
1212
flask.abort(e.status_code)
1213
page = int(flask.request.args.get("page", 1))
1215
per_page = int(flask.request.args.get("per_page", 16))
1216
resources = query.paginate(page=page, per_page=per_page)
1218
return flask.render_template("graphical-query-pictures-results.html", resources=resources,
1220
query=query_yaml,
1221
page_number=page, page_length=per_page,
1222
num_pages=resources.pages,
1223
prev_page=resources.prev_num, next_page=resources.next_num)
1224
@app.route("/raw/picture/<int:id>")
1227
def raw_picture(id):
1228
resource = db.session.get(PictureResource, id)
1229
if resource is None:
1230
flask.abort(404)
1231
response = flask.send_from_directory(path.join(config.DATA_PATH, "pictures"),
1233
str(resource.id))
1234
response.mimetype = resource.file_format
1235
return response
1237
@app.route("/object/")
1240
def graphical_object_types():
1241
return flask.render_template("object-types.html", objects=PictureObject.query.all())
1242
@app.route("/api/object-types")
1245
def object_types():
1246
objects = db.session.query(PictureObject).all()
1247
return flask.jsonify({object.id: object.description for object in objects})
1248
@app.route("/api/query-pictures", methods=["POST"]) # sadly GET can't have a body
1251
def query_pictures():
1252
offset = int(flask.request.args.get("offset", 0))
1253
limit = int(flask.request.args.get("limit", 16))
1254
ordering = flask.request.args.get("ordering", "date-desc")
1255
yaml_parser = yaml.YAML()
1257
query_data = yaml_parser.load(flask.request.data) or {}
1258
try:
1259
query = get_picture_query(query_data)
1260
except APIError as e:
1261
return flask.jsonify({"error": e.message}), e.status_code
1262
rating_count_subquery = db.select(db.func.count(PictureRating.id)).where(
1264
PictureRating.resource_id == PictureResource.id).scalar_subquery()
1265
region_count_subquery = db.select(db.func.count(PictureRegion.id)).where(
1266
PictureRegion.resource_id == PictureResource.id).scalar_subquery()
1267
rating_subquery = db.select(db.func.coalesce(db.func.avg(PictureRating.rating), 0)).where(
1268
PictureRating.resource_id == PictureResource.id).scalar_subquery()
1269
match ordering:
1271
case "date-desc":
1272
query = query.order_by(PictureResource.timestamp.desc())
1273
case "date-asc":
1274
query = query.order_by(PictureResource.timestamp.asc())
1275
case "title-asc":
1276
query = query.order_by(PictureResource.title.asc())
1277
case "title-desc":
1278
query = query.order_by(PictureResource.title.desc())
1279
case "random":
1280
query = query.order_by(db.func.random())
1281
case "number-regions-desc":
1282
query = query.order_by(region_count_subquery.desc())
1283
case "number-regions-asc":
1284
query = query.order_by(region_count_subquery.asc())
1285
case "rating-desc":
1286
query = query.order_by(rating_subquery.desc())
1287
case "rating-asc":
1288
query = query.order_by(rating_subquery.asc())
1289
case "number-ratings-desc":
1290
query = query.order_by(rating_count_subquery.desc())
1291
case "number-ratings-asc":
1292
query = query.order_by(rating_count_subquery.asc())
1293
query = query.offset(offset).limit(limit)
1295
resources = query.all()
1296
json_response = {
1298
"date_generated": datetime.utcnow().timestamp(),
1299
"resources": [],
1300
"offset": offset,
1301
"limit": limit,
1302
}
1303
json_resources = json_response["resources"]
1305
for resource in resources:
1307
json_resource = {
1308
"id": resource.id,
1309
"title": resource.title,
1310
"description": resource.description,
1311
"timestamp": resource.timestamp.timestamp(),
1312
"origin_url": resource.origin_url,
1313
"author": resource.author_name,
1314
"file_format": resource.file_format,
1315
"width": resource.width,
1316
"height": resource.height,
1317
"nature": resource.nature_id,
1318
"licences": [licence.licence_id for licence in resource.licences],
1319
"replaces": resource.replaces_id,
1320
"replaced_by": resource.replaced_by_id,
1321
"regions": [],
1322
"download": config.ROOT_URL + flask.url_for("raw_picture", id=resource.id),
1323
}
1324
for region in resource.regions:
1325
json_resource["regions"].append({
1326
"object": region.object_id,
1327
"type": region.json["type"],
1328
"shape": region.json["shape"],
1329
})
1330
json_resources.append(json_resource)
1332
return flask.jsonify(json_response)
1334
@app.route("/api/picture/<int:id>/")
1337
def api_picture(id):
1338
resource = db.session.get(PictureResource, id)
1339
if resource is None:
1340
flask.abort(404)
1341
json_resource = {
1343
"id": resource.id,
1344
"title": resource.title,
1345
"description": resource.description,
1346
"timestamp": resource.timestamp.timestamp(),
1347
"origin_url": resource.origin_url,
1348
"author": resource.author_name,
1349
"file_format": resource.file_format,
1350
"width": resource.width,
1351
"height": resource.height,
1352
"nature": resource.nature_id,
1353
"licences": [licence.licence_id for licence in resource.licences],
1354
"replaces": resource.replaces_id,
1355
"replaced_by": resource.replaced_by_id,
1356
"regions": [],
1357
"download": config.ROOT_URL + flask.url_for("raw_picture", id=resource.id),
1358
"rating_average": resource.average_rating,
1359
"rating_count": resource.rating_totals,
1360
}
1361
for region in resource.regions:
1362
json_resource["regions"].append({
1363
"object": region.object_id,
1364
"type": region.json["type"],
1365
"shape": region.json["shape"],
1366
})
1367
return flask.jsonify(json_resource)
1369
@app.route("/api/licence/")
1372
def api_licences():
1373
licences = db.session.query(Licence).all()
1374
json_licences = {
1375
licence.id: {
1376
"title": licence.title,
1377
"free": licence.free,
1378
"pinned": licence.pinned,
1379
} for licence in licences
1380
}
1381
return flask.jsonify(json_licences)
1383
@app.route("/api/licence/<id>/")
1386
def api_licence(id):
1387
licence = db.session.get(Licence, id)
1388
if licence is None:
1389
flask.abort(404)
1390
json_licence = {
1392
"id": licence.id,
1393
"title": licence.title,
1394
"description": licence.description,
1395
"info_url": licence.info_url,
1396
"legalese_url": licence.url,
1397
"free": licence.free,
1398
"logo_url": licence.logo_url,
1399
"pinned": licence.pinned,
1400
}
1401
return flask.jsonify(json_licence)
1403
@app.route("/api/nature/")
1406
def api_natures():
1407
natures = db.session.query(PictureNature).all()
1408
json_natures = {
1409
nature.id: nature.description for nature in natures
1410
}
1411
return flask.jsonify(json_natures)
1413
@app.route("/api/user/")
1416
def api_users():
1417
offset = int(flask.request.args.get("offset", 0))
1418
limit = int(flask.request.args.get("limit", 16))
1419
users = db.session.query(User).offset(offset).limit(limit).all()
1421
json_users = {
1423
user.username: {
1424
"admin": user.admin,
1425
} for user in users
1426
}
1427
return flask.jsonify(json_users)
1429
@app.route("/api/user/<username>/")
1432
def api_user(username):
1433
user = db.session.get(User, username)
1434
if user is None:
1435
flask.abort(404)
1436
json_user = {
1438
"username": user.username,
1439
"admin": user.admin,
1440
"joined": user.joined_timestamp.timestamp(),
1441
}
1442
return flask.jsonify(json_user)
1444
@app.route("/api/login", methods=["POST"])
1447
def api_login():
1448
username = flask.request.json["username"]
1449
password = flask.request.json["password"]
1450
user = db.session.get(User, username)
1452
if user is None:
1454
return flask.jsonify({"error": "This username is not registered. To prevent spam, you must use the HTML interface to register."}), 401
1455
if not bcrypt.check_password_hash(user.password_hashed, password):
1457
return flask.jsonify({"error": "Incorrect password"}), 401
1458
flask.session["username"] = username
1460
return flask.jsonify({"message": "You have been logged in. Your HTTP client must support cookies to use features of this API that require authentication."})
1462
@app.route("/api/logout", methods=["POST"])
1465
def api_logout():
1466
flask.session.pop("username", None)
1467
return flask.jsonify({"message": "You have been logged out."})
1468
@app.route("/api/upload", methods=["POST"])
1471
def api_upload():
1472
if "username" not in flask.session:
1473
return flask.jsonify({"error": "You must be logged in to upload pictures"}), 401
1474
json_ = json.loads(flask.request.form["json"])
1476
title = json_["title"]
1477
description = json_.get("description", "")
1478
origin_url = json_.get("origin_url", "")
1479
author = db.session.get(User, flask.session["username"])
1480
licence_ids = json_["licence"]
1481
nature_id = json_["nature"]
1482
file = flask.request.files["file"]
1483
if not file or not file.filename:
1485
return flask.jsonify({"error": "An image file must be uploaded"}), 400
1486
if not file.mimetype.startswith("image/") or file.mimetype == "image/svg+xml":
1488
return flask.jsonify({"error": "Only bitmap images are supported"}), 400
1489
if not title:
1491
return flask.jsonify({"error": "Give a title"}), 400
1492
if not description:
1494
description = ""
1495
if not nature_id:
1497
return flask.jsonify({"error": "Give a picture type"}), 400
1498
if not licence_ids:
1500
return flask.jsonify({"error": "Give licences"}), 400
1501
licences = [db.session.get(Licence, licence_id) for licence_id in licence_ids]
1503
if not any(licence.free for licence in licences):
1504
return flask.jsonify({"error": "Use at least one free licence"}), 400
1505
resource = PictureResource(title, author, description, origin_url, licence_ids,
1507
file.mimetype,
1508
db.session.get(PictureNature, nature_id))
1509
db.session.add(resource)
1510
db.session.commit()
1511
file.save(path.join(config.DATA_PATH, "pictures", str(resource.id)))
1512
pil_image = Image.open(path.join(config.DATA_PATH, "pictures", str(resource.id)))
1513
resource.width, resource.height = pil_image.size
1514
db.session.commit()
1515
if json_.get("annotations"):
1517
try:
1518
resource.put_annotations(json_["annotations"])
1519
db.session.commit()
1520
except json.JSONDecodeError:
1521
return flask.jsonify({"error": "Invalid annotations"}), 400
1522
return flask.jsonify({"message": "Picture uploaded successfully"})
1524
@app.route("/api/picture/<int:id>/update", methods=["POST"])
1527
def api_update_picture(id):
1528
resource = db.session.get(PictureResource, id)
1529
if resource is None:
1530
return flask.jsonify({"error": "Picture not found"}), 404
1531
current_user = db.session.get(User, flask.session.get("username"))
1532
if current_user is None:
1533
return flask.jsonify({"error": "You must be logged in to edit pictures"}), 401
1534
if resource.author != current_user and not current_user.admin:
1535
return flask.jsonify({"error": "You are not the author of this picture"}), 403
1536
title = flask.request.json.get("title", resource.title)
1538
description = flask.request.json.get("description", resource.description)
1539
origin_url = flask.request.json.get("origin_url", resource.origin_url)
1540
licence_ids = flask.request.json.get("licence", [licence.licence_id for licence in resource.licences])
1541
nature_id = flask.request.json.get("nature", resource.nature_id)
1542
if not title:
1544
return flask.jsonify({"error": "Give a title"}), 400
1545
if not description:
1547
description = ""
1548
if not nature_id:
1550
return flask.jsonify({"error": "Give a picture type"}), 400
1551
if not licence_ids:
1553
return flask.jsonify({"error": "Give licences"}), 400
1554
licences = [db.session.get(Licence, licence_id) for licence_id in licence_ids]
1556
if not any(licence.free for licence in licences):
1558
return flask.jsonify({"error": "Use at least one free licence"}), 400
1559
resource.title = title
1561
resource.description = description
1562
resource.origin_url = origin_url
1563
resource.licences = licences
1564
resource.nature = db.session.get(PictureNature, nature_id)
1565
db.session.commit()
1567
return flask.jsonify({"message": "Picture updated successfully"})
1569
@app.route("/api/picture/<int:id>/rate", methods=["POST"])
1572
def api_rate_picture(id):
1573
resource = db.session.get(PictureResource, id)
1574
if resource is None:
1575
flask.abort(404)
1576
current_user = db.session.get(User, flask.session.get("username"))
1578
if current_user is None:
1579
flask.abort(401)
1580
rating = int(flask.request.json.get("rating"))
1582
if not rating:
1584
# Delete the existing rating
1585
if PictureRating.query.filter_by(resource=resource, user=current_user).first():
1586
db.session.delete(PictureRating.query.filter_by(resource=resource,
1587
user=current_user).first())
1588
db.session.commit()
1589
return flask.jsonify({"message": "Existing rating removed"})
1591
if not 1 <= rating <= 5:
1593
flask.flash("Invalid rating")
1594
return flask.jsonify({"error": "Invalid rating"}), 400
1595
if PictureRating.query.filter_by(resource=resource, user=current_user).first():
1597
PictureRating.query.filter_by(resource=resource, user=current_user).first().rating = rating
1598
else:
1599
# Create a new rating
1600
db.session.add(PictureRating(resource, current_user, rating))
1601
db.session.commit()
1603
return flask.jsonify({"message": "Rating saved"})
1605
@app.route("/api/gallery/<int:id>/")
1608
def api_gallery(id):
1609
gallery = db.session.get(Gallery, id)
1610
if gallery is None:
1611
flask.abort(404)
1612
json_gallery = {
1614
"id": gallery.id,
1615
"title": gallery.title,
1616
"description": gallery.description,
1617
"owner": gallery.owner_name,
1618
"users": [user.username for user in gallery.users],
1619
}
1620
return flask.jsonify(json_gallery)
1622
@app.route("/api/gallery/<int:id>/edit", methods=["POST"])
1625
def api_edit_gallery(id):
1626
gallery = db.session.get(Gallery, id)
1627
if gallery is None:
1628
flask.abort(404)
1629
current_user = db.session.get(User, flask.session.get("username"))
1631
if current_user is None:
1632
flask.abort(401)
1633
if current_user != gallery.owner and not current_user.admin:
1635
flask.abort(403)
1636
title = flask.request.json.get("title", gallery.title)
1638
description = flask.request.json.get("description", gallery.description)
1639
if not title:
1641
return flask.jsonify({"error": "Give a title"}), 400
1642
if not description:
1644
description = ""
1645
gallery.title = title
1647
gallery.description = description
1648
db.session.commit()
1650
return flask.jsonify({"message": "Gallery updated successfully"})
1652
@app.route("/api/new-gallery", methods=["POST"])
1655
def api_new_gallery():
1656
if "username" not in flask.session:
1657
return flask.jsonify({"error": "You must be logged in to create galleries"}), 401
1658
title = flask.request.json.get("title")
1660
description = flask.request.json.get("description", "")
1661
if not title:
1663
return flask.jsonify({"error": "Give a title"}), 400
1664
gallery = Gallery(title, description, db.session.get(User, flask.session["username"]))
1666
db.session.add(gallery)
1667
db.session.commit()
1668
return flask.jsonify({"message": "Gallery created successfully"})
1670
@app.route("/api/gallery/<int:id>/add-picture", methods=["POST"])
1673
def api_gallery_add_picture(id):
1674
gallery = db.session.get(Gallery, id)
1675
if gallery is None:
1676
flask.abort(404)
1677
if "username" not in flask.session:
1679
return flask.jsonify({"error": "You must be logged in to add pictures to galleries"}), 401
1680
current_user = db.session.get(User, flask.session.get("username"))
1682
if flask.session["username"] != gallery.owner_name and not current_user.admin and not UserInGallery.query.filter_by(user=current_user, gallery=gallery).first():
1684
return flask.jsonify({"error": "You do not have permission to add pictures to this gallery"}), 403
1685
picture_id = flask.request.json.get("picture_id")
1687
try:
1689
picture_id = int(picture_id)
1690
except ValueError:
1691
return flask.jsonify({"error": "Invalid picture ID"}), 400
1692
picture = db.session.get(PictureResource, picture_id)
1694
if picture is None:
1695
return flask.jsonify({"error": "The picture doesn't exist"}), 404
1696
if PictureInGallery.query.filter_by(resource=picture, gallery=gallery).first():
1698
return flask.jsonify({"error": "This picture is already in the gallery"}), 400
1699
db.session.add(PictureInGallery(picture, gallery))
1701
db.session.commit()
1703
return flask.jsonify({"message": "Picture added to gallery"})
1705
@app.route("/api/gallery/<int:id>/remove-picture", methods=["POST"])
1708
def api_gallery_remove_picture(id):
1709
gallery = db.session.get(Gallery, id)
1710
if gallery is None:
1711
flask.abort(404)
1712
if "username" not in flask.session:
1714
return flask.jsonify({"error": "You must be logged in to remove pictures from galleries"}), 401
1715
current_user = db.session.get(User, flask.session.get("username"))
1717
if flask.session["username"] != gallery.owner_name and not current_user.admin and not UserInGallery.query.filter_by(user=current_user, gallery=gallery).first():
1719
return flask.jsonify({"error": "You do not have permission to remove pictures from this gallery"}), 403
1720
picture_id = flask.request.json.get("picture_id")
1722
try:
1724
picture_id = int(picture_id)
1725
except ValueError:
1726
return flask.jsonify({"error": "Invalid picture ID"}), 400
1727
picture = db.session.get(PictureResource, picture_id)
1729
if picture is None:
1730
return flask.jsonify({"error": "The picture doesn't exist"}), 404
1731
picture_in_gallery = PictureInGallery.query.filter_by(resource=picture, gallery=gallery).first()
1733
if picture_in_gallery is None:
1734
return flask.jsonify({"error": "This picture isn't in the gallery"}), 400
1735
db.session.delete(picture_in_gallery)
1737
db.session.commit()
1739
return flask.jsonify({"message": "Picture removed from gallery"})
1741
@app.route("/api/gallery/<int:id>/users/add", methods=["POST"])
1744
def api_gallery_add_user(id):
1745
gallery = db.session.get(Gallery, id)
1746
if gallery is None:
1747
flask.abort(404)
1748
current_user = db.session.get(User, flask.session.get("username"))
1750
if current_user is None:
1751
flask.abort(401)
1752
if current_user != gallery.owner and not current_user.admin:
1754
flask.abort(403)
1755
username = flask.request.json.get("username")
1757
if username == gallery.owner_name:
1758
return flask.jsonify({"error": "The owner cannot be added to trusted users"}), 400
1759
user = db.session.get(User, username)
1761
if user is None:
1762
return flask.jsonify({"error": "User not found"}), 404
1763
if UserInGallery.query.filter_by(user=user, gallery=gallery).first():
1765
return flask.jsonify({"error": "User is already in the gallery"}), 400
1766
db.session.add(UserInGallery(user, gallery))
1768
db.session.commit()
1770
return flask.jsonify({"message": "User added to gallery"})
1772
@app.route("/api/gallery/<int:id>/users/remove", methods=["POST"])
1775
def api_gallery_remove_user(id):
1776
gallery = db.session.get(Gallery, id)
1777
if gallery is None:
1778
flask.abort(404)
1779
current_user = db.session.get(User, flask.session.get("username"))
1781
if current_user is None:
1782
flask.abort(401)
1783
if current_user != gallery.owner and not current_user.admin:
1785
flask.abort(403)
1786
username = flask.request.json.get("username")
1788
user = db.session.get(User, username)
1789
if user is None:
1790
return flask.jsonify({"error": "User not found"}), 404
1791
user_in_gallery = UserInGallery.query.filter_by(user=user, gallery=gallery).first()
1793
if user_in_gallery is None:
1794
return flask.jsonify({"error": "User is not in the gallery"}), 400
1795
db.session.delete(user_in_gallery)
1797
db.session.commit()
1799
return flask.jsonify({"message": "User removed from gallery"})
1801