Add unlisted visibility level

2025-01-20 22:46:35 +02:00
parent 225ee04ca7
commit 464abb8732
5 changed files with 25 additions and 17 deletions
--- a/inventory-app/inventory.py
+++ b/inventory-app/inventory.py
@@ -42,7 +42,7 @@ def view_inventory_view(item_id):
        return abort(404)
    item_user = item.get("inventory", {}).get("user", {}).get("username", None)
    if not user:
-        if not item["inventory"].get("public"):
+        if item["inventory"].get("visibility") not in ["public"]:
            return do_login()
        template = "inventory_view_public.html"
        redirect_url = urllib.parse.quote_plus(request.full_path)
@@ -127,7 +127,7 @@ class InventoryForm(Form):
    owner = FormField(MemberForm, label="Owner")
    user = FormField(MemberForm, label="Current User")
    usable = BooleanField("Usable")
-    public = BooleanField("Public")
+    visibility = SelectField("Visibility", choices=['public', 'private', 'unlisted'])

 class HardwareForm(Form):
    serial = StringField("Serial Number")
@@ -151,8 +151,6 @@ class InventoryItemForm(CustomForm):
    location = StringField('Location')
    def setup_defaults_add(self):
        setup_default_owner(self.inventory.form.owner.form.username)
-        self.inventory.form.public.render_kw = {"checked": "checked"}
-        self.inventory.form.public.data = "y"


 def check_edit_permission(item_id):
@@ -436,14 +434,26 @@ def view_inventory(slug=None):
    template = "inventory.html"
    public_view = False
    login_user = read_user()
+
    if not login_user:
-        q.update({"inventory.public": True})
+        q.update({"inventory.visibility": {"$eq": "public"}})
        template = "inventory_public.html"
        public_view = True
    else:
        fields.append(("inventory.owner.username", "Owner", str))
        fields.append(("inventory.user.username", "User", str))
        can_audit = "k-space:inventory:audit" in login_user.get("groups", [])
+        can_edit_all = "k-space:inventory:edit" in login_user.get("groups", [])
+        v = ["public", "unlisted"]
+        if can_edit_all:
+            v.append("private")
+        q.update({
+            "$or": [
+                {"inventory.visibility": {"$in": v}},
+                {"inventory.owner.username": login_user.get('username', False)}
+            ]
+        })
+
    if slug and not public_view:
        template = "inventory_pick.html"
        if request.path.startswith("/m/inventory/clone-with-slug"):