mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-27 20:11:14 +00:00
Add EmbedList view with an X-Frame-Options exemption
This commit is contained in:
parent
3bd28afe93
commit
d22167e105
1 changed files with 68 additions and 1 deletions
|
@ -7,13 +7,14 @@ from django.core.paginator import Paginator
|
|||
from django.db import IntegrityError, transaction
|
||||
from django.db.models import Avg, Count, DecimalField, Q, Max
|
||||
from django.db.models.functions import Coalesce
|
||||
from django.http import HttpResponseBadRequest, HttpResponse
|
||||
from django.http import HttpResponseBadRequest, HttpResponse, Http404
|
||||
from django.shortcuts import get_object_or_404, redirect
|
||||
from django.template.response import TemplateResponse
|
||||
from django.urls import reverse
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.views import View
|
||||
from django.views.decorators.http import require_POST
|
||||
from django.views.decorators.clickjacking import xframe_options_exempt
|
||||
|
||||
from bookwyrm import book_search, forms, models
|
||||
from bookwyrm.activitypub import ActivitypubResponse
|
||||
|
@ -200,6 +201,64 @@ class List(View):
|
|||
return redirect(book_list.local_path)
|
||||
|
||||
|
||||
class EmbedList(View):
|
||||
"""embeded book list page"""
|
||||
|
||||
def get(self, request, list_id, list_key):
|
||||
"""display a book list"""
|
||||
book_list = get_object_or_404(models.List, id=list_id)
|
||||
|
||||
embed_key = str(book_list.embed_key.hex)
|
||||
|
||||
if list_key != embed_key:
|
||||
raise Http404()
|
||||
|
||||
query = request.GET.get("q")
|
||||
suggestions = None
|
||||
|
||||
# sort_by shall be "order" unless a valid alternative is given
|
||||
sort_by = request.GET.get("sort_by", "order")
|
||||
if sort_by not in ("order", "title", "rating"):
|
||||
sort_by = "order"
|
||||
|
||||
# direction shall be "ascending" unless a valid alternative is given
|
||||
direction = request.GET.get("direction", "ascending")
|
||||
if direction not in ("ascending", "descending"):
|
||||
direction = "ascending"
|
||||
|
||||
directional_sort_by = {
|
||||
"order": "order",
|
||||
"title": "book__title",
|
||||
"rating": "average_rating",
|
||||
}[sort_by]
|
||||
if direction == "descending":
|
||||
directional_sort_by = "-" + directional_sort_by
|
||||
|
||||
items = book_list.listitem_set.prefetch_related("user", "book", "book__authors")
|
||||
if sort_by == "rating":
|
||||
items = items.annotate(
|
||||
average_rating=Avg(
|
||||
Coalesce("book__review__rating", 0.0),
|
||||
output_field=DecimalField(),
|
||||
)
|
||||
)
|
||||
items = items.filter(approved=True).order_by(directional_sort_by)
|
||||
|
||||
paginated = Paginator(items, PAGE_LENGTH)
|
||||
|
||||
page = paginated.get_page(request.GET.get("page"))
|
||||
|
||||
data = {
|
||||
"list": book_list,
|
||||
"items": page,
|
||||
"page_range": paginated.get_elided_page_range(
|
||||
page.number, on_each_side=2, on_ends=1
|
||||
),
|
||||
"query": query or "",
|
||||
}
|
||||
return TemplateResponse(request, "lists/embed-list.html", data)
|
||||
|
||||
|
||||
class Curate(View):
|
||||
"""approve or discard list suggestsions"""
|
||||
|
||||
|
@ -447,3 +506,11 @@ def normalize_book_list_ordering(book_list_id, start=0, add_offset=0):
|
|||
if item.order != effective_order:
|
||||
item.order = effective_order
|
||||
item.save()
|
||||
|
||||
|
||||
@xframe_options_exempt
|
||||
def unsafe_embed_list(request, *args, **kwargs):
|
||||
"""allows the EmbedList view to be loaded through unsafe iframe origins"""
|
||||
|
||||
embed_list_view = EmbedList.as_view()
|
||||
return embed_list_view(request, *args, **kwargs)
|
||||
|
|
Loading…
Reference in a new issue