website/pkg/controller/photo/user_gallery.go

223 lines
7.0 KiB
Go
Raw Normal View History

package photo
import (
"net/http"
"regexp"
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/config"
"code.nonshy.com/nonshy/website/pkg/log"
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/models"
"code.nonshy.com/nonshy/website/pkg/session"
"code.nonshy.com/nonshy/website/pkg/templates"
)
var UserPhotosRegexp = regexp.MustCompile(`^/photo/u/([^@]+?)$`)
// UserPhotos controller (/photo/u/:username) to view a user's gallery or manage if it's yourself.
func UserPhotos() http.HandlerFunc {
tmpl := templates.Must("photo/gallery.html")
2023-10-22 23:03:17 +00:00
// Whitelist for ordering options.
var sortWhitelist = []string{
"created_at desc",
"created_at asc",
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Query params.
var (
viewStyle = r.FormValue("view") // cards (default), full
2023-10-22 23:03:17 +00:00
// Search filters.
filterExplicit = r.FormValue("explicit")
filterVisibility = r.FormValue("visibility")
sort = r.FormValue("sort")
sortOK bool
)
2023-10-22 23:03:17 +00:00
// Sort options.
for _, v := range sortWhitelist {
if sort == v {
sortOK = true
break
}
}
if !sortOK {
sort = sortWhitelist[0]
}
// Defaults.
if viewStyle != "full" {
viewStyle = "cards"
}
// Parse the username out of the URL parameters.
var username string
m := UserPhotosRegexp.FindStringSubmatch(r.URL.Path)
if m != nil {
username = m[1]
}
// Find this user.
user, err := models.FindUser(username)
if err != nil {
templates.NotFoundPage(w, r)
return
}
// Load the current user in case they are viewing their own page.
currentUser, err := session.CurrentUser(r)
if err != nil {
session.FlashError(w, r, "Unexpected error: couldn't get CurrentUser")
}
var (
2023-10-22 23:03:17 +00:00
areFriends = models.AreFriends(user.ID, currentUser.ID)
isPrivate = user.Visibility == models.UserVisibilityPrivate && !areFriends
isOwnPhotos = currentUser.ID == user.ID
isShy = currentUser.IsShy()
2023-10-22 23:03:17 +00:00
isShyFrom = !isOwnPhotos && (currentUser.IsShyFrom(user) || (isShy && !areFriends))
)
// Bail early if we are shy from this user.
if isShy && isShyFrom {
var vars = map[string]interface{}{
"IsOwnPhotos": currentUser.ID == user.ID,
"IsShyUser": isShy,
"IsShyFrom": isShyFrom,
// "IsMyPrivateUnlockedFor": isGranted, // have WE granted THIS USER to see our private pics?
// "AreWeGrantedPrivate": isGrantee, // have THEY granted US private photo access.
"User": user,
"Photos": []*models.Photo{},
"PhotoCount": models.CountPhotos(user.ID),
"Pager": &models.Pagination{},
}
if err := tmpl.Execute(w, r, vars); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return
}
// Is either one blocking?
if models.IsBlocking(currentUser.ID, user.ID) && !currentUser.IsAdmin {
templates.NotFoundPage(w, r)
return
}
// Is this user private and we're not friends?
if isPrivate && !currentUser.IsAdmin && !isOwnPhotos {
session.FlashError(w, r, "This user's profile page and photo gallery are private.")
templates.Redirect(w, "/u/"+user.Username)
return
}
// Has this user granted access to see their privates?
var (
isGrantee = models.IsPrivateUnlocked(user.ID, currentUser.ID) // THEY have granted US access
isGranted = models.IsPrivateUnlocked(currentUser.ID, user.ID) // WE have granted THEM access
)
// What set of visibilities to query?
visibility := []models.PhotoVisibility{models.PhotoPublic}
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
if isOwnPhotos || isGrantee || currentUser.HasAdminScope(config.ScopePhotoModerator) {
visibility = append(visibility, models.PhotoPrivate)
}
2023-10-22 23:03:17 +00:00
if isOwnPhotos || areFriends || currentUser.HasAdminScope(config.ScopePhotoModerator) {
2022-08-14 05:44:57 +00:00
visibility = append(visibility, models.PhotoFriends)
}
2023-05-24 03:04:17 +00:00
// Inner circle photos.
if currentUser.IsInnerCircle() {
visibility = append(visibility, models.PhotoInnerCircle)
}
2023-10-22 23:03:17 +00:00
// If we are Filtering by Visibility, ensure the target visibility is accessible to us.
if filterVisibility != "" {
var isOK bool
for _, allowed := range visibility {
if allowed == models.PhotoVisibility(filterVisibility) {
isOK = true
break
}
}
// If the filter is within the set we are allowed to see, update the set.
if isOK {
visibility = []models.PhotoVisibility{models.PhotoVisibility(filterVisibility)}
} else {
session.FlashError(w, r, "Could not filter pictures by that visibility setting: it is not available for you.")
visibility = []models.PhotoVisibility{models.PhotoNotAvailable}
}
}
// Explicit photo filter? The default ("") will defer to the user's Explicit opt-in.
if filterExplicit == "" {
// If the viewer does not opt-in to explicit AND is not looking at their own gallery,
// then default the explicit filter to "do not show explicit"
if !currentUser.Explicit && !isOwnPhotos {
filterExplicit = "false"
}
}
// Get the page of photos.
pager := &models.Pagination{
Page: 1,
2022-08-14 05:44:57 +00:00
PerPage: config.PageSizeUserGallery,
2023-10-22 23:03:17 +00:00
Sort: sort,
}
pager.ParsePage(r)
2023-10-22 23:03:17 +00:00
photos, err := models.PaginateUserPhotos(user.ID, models.UserGallery{
Explicit: filterExplicit,
Visibility: visibility,
}, pager)
if err != nil {
log.Error("PaginateUserPhotos(%s): %s", user.Username, err)
}
// Get the count of explicit photos if we are not viewing explicit photos.
var explicitCount int64
2023-10-22 23:03:17 +00:00
if filterExplicit == "false" {
explicitCount, _ = models.CountExplicitPhotos(user.ID, visibility)
}
// Get Likes information about these photos.
var photoIDs = []uint64{}
for _, p := range photos {
photoIDs = append(photoIDs, p.ID)
}
likeMap := models.MapLikes(currentUser, "photos", photoIDs)
commentMap := models.MapCommentCounts("photos", photoIDs)
var vars = map[string]interface{}{
"IsOwnPhotos": currentUser.ID == user.ID,
"IsShyUser": isShy,
"IsShyFrom": isShyFrom,
"IsMyPrivateUnlockedFor": isGranted, // have WE granted THIS USER to see our private pics?
"AreWeGrantedPrivate": isGrantee, // have THEY granted US private photo access.
2023-10-22 23:03:17 +00:00
"AreFriends": areFriends,
"User": user,
"Photos": photos,
"PhotoCount": models.CountPhotosICanSee(user, currentUser),
"NoteCount": models.CountNotesAboutUser(currentUser, user),
"FriendCount": models.CountFriends(user.ID),
"PublicPhotoCount": models.CountPublicPhotos(user.ID),
"InnerCircleMinimumPublicPhotos": config.InnerCircleMinimumPublicPhotos,
"Pager": pager,
"LikeMap": likeMap,
"CommentMap": commentMap,
"ViewStyle": viewStyle,
"ExplicitCount": explicitCount,
2023-10-22 23:03:17 +00:00
// Search filters
"Sort": sort,
"FilterExplicit": filterExplicit,
"FilterVisibility": filterVisibility,
}
if err := tmpl.Execute(w, r, vars); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
})
}