mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-12-18 06:06:34 +00:00
Add EmbedList view with an X-Frame-Options exemption
This commit is contained in:
parent
3bd28afe93
commit
d22167e105
1 changed files with 68 additions and 1 deletions
|
@ -7,13 +7,14 @@ from django.core.paginator import Paginator
|
||||||
from django.db import IntegrityError, transaction
|
from django.db import IntegrityError, transaction
|
||||||
from django.db.models import Avg, Count, DecimalField, Q, Max
|
from django.db.models import Avg, Count, DecimalField, Q, Max
|
||||||
from django.db.models.functions import Coalesce
|
from django.db.models.functions import Coalesce
|
||||||
from django.http import HttpResponseBadRequest, HttpResponse
|
from django.http import HttpResponseBadRequest, HttpResponse, Http404
|
||||||
from django.shortcuts import get_object_or_404, redirect
|
from django.shortcuts import get_object_or_404, redirect
|
||||||
from django.template.response import TemplateResponse
|
from django.template.response import TemplateResponse
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from django.views.decorators.http import require_POST
|
from django.views.decorators.http import require_POST
|
||||||
|
from django.views.decorators.clickjacking import xframe_options_exempt
|
||||||
|
|
||||||
from bookwyrm import book_search, forms, models
|
from bookwyrm import book_search, forms, models
|
||||||
from bookwyrm.activitypub import ActivitypubResponse
|
from bookwyrm.activitypub import ActivitypubResponse
|
||||||
|
@ -200,6 +201,64 @@ class List(View):
|
||||||
return redirect(book_list.local_path)
|
return redirect(book_list.local_path)
|
||||||
|
|
||||||
|
|
||||||
|
class EmbedList(View):
|
||||||
|
"""embeded book list page"""
|
||||||
|
|
||||||
|
def get(self, request, list_id, list_key):
|
||||||
|
"""display a book list"""
|
||||||
|
book_list = get_object_or_404(models.List, id=list_id)
|
||||||
|
|
||||||
|
embed_key = str(book_list.embed_key.hex)
|
||||||
|
|
||||||
|
if list_key != embed_key:
|
||||||
|
raise Http404()
|
||||||
|
|
||||||
|
query = request.GET.get("q")
|
||||||
|
suggestions = None
|
||||||
|
|
||||||
|
# sort_by shall be "order" unless a valid alternative is given
|
||||||
|
sort_by = request.GET.get("sort_by", "order")
|
||||||
|
if sort_by not in ("order", "title", "rating"):
|
||||||
|
sort_by = "order"
|
||||||
|
|
||||||
|
# direction shall be "ascending" unless a valid alternative is given
|
||||||
|
direction = request.GET.get("direction", "ascending")
|
||||||
|
if direction not in ("ascending", "descending"):
|
||||||
|
direction = "ascending"
|
||||||
|
|
||||||
|
directional_sort_by = {
|
||||||
|
"order": "order",
|
||||||
|
"title": "book__title",
|
||||||
|
"rating": "average_rating",
|
||||||
|
}[sort_by]
|
||||||
|
if direction == "descending":
|
||||||
|
directional_sort_by = "-" + directional_sort_by
|
||||||
|
|
||||||
|
items = book_list.listitem_set.prefetch_related("user", "book", "book__authors")
|
||||||
|
if sort_by == "rating":
|
||||||
|
items = items.annotate(
|
||||||
|
average_rating=Avg(
|
||||||
|
Coalesce("book__review__rating", 0.0),
|
||||||
|
output_field=DecimalField(),
|
||||||
|
)
|
||||||
|
)
|
||||||
|
items = items.filter(approved=True).order_by(directional_sort_by)
|
||||||
|
|
||||||
|
paginated = Paginator(items, PAGE_LENGTH)
|
||||||
|
|
||||||
|
page = paginated.get_page(request.GET.get("page"))
|
||||||
|
|
||||||
|
data = {
|
||||||
|
"list": book_list,
|
||||||
|
"items": page,
|
||||||
|
"page_range": paginated.get_elided_page_range(
|
||||||
|
page.number, on_each_side=2, on_ends=1
|
||||||
|
),
|
||||||
|
"query": query or "",
|
||||||
|
}
|
||||||
|
return TemplateResponse(request, "lists/embed-list.html", data)
|
||||||
|
|
||||||
|
|
||||||
class Curate(View):
|
class Curate(View):
|
||||||
"""approve or discard list suggestsions"""
|
"""approve or discard list suggestsions"""
|
||||||
|
|
||||||
|
@ -447,3 +506,11 @@ def normalize_book_list_ordering(book_list_id, start=0, add_offset=0):
|
||||||
if item.order != effective_order:
|
if item.order != effective_order:
|
||||||
item.order = effective_order
|
item.order = effective_order
|
||||||
item.save()
|
item.save()
|
||||||
|
|
||||||
|
|
||||||
|
@xframe_options_exempt
|
||||||
|
def unsafe_embed_list(request, *args, **kwargs):
|
||||||
|
"""allows the EmbedList view to be loaded through unsafe iframe origins"""
|
||||||
|
|
||||||
|
embed_list_view = EmbedList.as_view()
|
||||||
|
return embed_list_view(request, *args, **kwargs)
|
||||||
|
|
Loading…
Reference in a new issue