diff --git a/mcserver/locale/en/LC_MESSAGES/django.po b/mcserver/locale/en/LC_MESSAGES/django.po index 6f80184..a2a1149 100644 --- a/mcserver/locale/en/LC_MESSAGES/django.po +++ b/mcserver/locale/en/LC_MESSAGES/django.po @@ -3,10 +3,9 @@ # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # -#, fuzzy msgid "" msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" +"Project-Id-Version: \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2023-12-05 11:10-0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" @@ -17,6 +16,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 3.4\n" #: .\mcserver\serializers.py:23 msgid "email-already_exists" @@ -136,7 +136,7 @@ msgstr "Undefined UUID." #: .\mcserver\views.py:1890 .\mcserver\views.py:1904 .\mcserver\views.py:1908 #: .\mcserver\views.py:1931 .\mcserver\views.py:1936 msgid "error" -msgstr "Error: %(error_message)" +msgstr "Error: %(error_message)s" #: .\mcserver\views.py:189 .\mcserver\views.py:243 .\mcserver\views.py:277 #: .\mcserver\views.py:313 .\mcserver\views.py:389 .\mcserver\views.py:424 @@ -145,7 +145,7 @@ msgstr "Error: %(error_message)" #: .\mcserver\views.py:994 .\mcserver\views.py:1016 .\mcserver\views.py:1108 #: .\mcserver\views.py:1144 .\mcserver\views.py:1211 .\mcserver\views.py:1286 msgid "session_uuid_not_found" -msgstr "Sorry, we couldn't find a session with UUID: %(uuid)" +msgstr "Sorry, we couldn't find a session with UUID: %(uuid)s" #: .\mcserver\views.py:193 .\mcserver\views.py:247 .\mcserver\views.py:289 #: .\mcserver\views.py:325 .\mcserver\views.py:401 .\mcserver\views.py:428 @@ -154,7 +154,7 @@ msgstr "Sorry, we couldn't find a session with UUID: %(uuid)" #: .\mcserver\views.py:1020 .\mcserver\views.py:1112 .\mcserver\views.py:1148 #: .\mcserver\views.py:1223 .\mcserver\views.py:1298 msgid "session_uuid_not_valid" -msgstr "Sorry, the session UUID: %(uuid) is not valid" +msgstr "Sorry, the session UUID: %(uuid)s is not valid" #: .\mcserver\views.py:197 .\mcserver\views.py:251 msgid "calibration_error" @@ -178,7 +178,7 @@ msgstr "There was an error while retrieving the session. Please try again." #: .\mcserver\views.py:1629 .\mcserver\views.py:1658 .\mcserver\views.py:1686 #: .\mcserver\views.py:1710 msgid "subject_uuid_not_found" -msgstr "Sorry, we couldn't find a subject with UUID: %(uuid)" +msgstr "Sorry, we couldn't find a subject with UUID: %(uuid)s" #: .\mcserver\views.py:373 msgid "session_not_valid" @@ -249,12 +249,12 @@ msgstr "There was an error while dequeuing the trials. Please try again." #: .\mcserver\views.py:1431 .\mcserver\views.py:1458 .\mcserver\views.py:1486 #: .\mcserver\views.py:1514 msgid "trial_uuid_not_found" -msgstr "Sorry, we couldn't find a trial with UUID: %(uuid)." +msgstr "Sorry, we couldn't find a trial with UUID: %(uuid)s." #: .\mcserver\views.py:1435 .\mcserver\views.py:1462 .\mcserver\views.py:1490 #: .\mcserver\views.py:1518 msgid "trial_uuid_not_valid" -msgstr "Sorry, the trial UUID: %(uuid) is not valid." +msgstr "Sorry, the trial UUID: %(uuid)s is not valid." #: .\mcserver\views.py:1439 msgid "trial_rename_error" @@ -275,7 +275,7 @@ msgstr "There was an error while removing the trial. Please try again." #: .\mcserver\views.py:1606 .\mcserver\views.py:1633 .\mcserver\views.py:1662 #: .\mcserver\views.py:1690 .\mcserver\views.py:1714 msgid "subject_uuid_not_valid" -msgstr "Sorry, the subject UUID: %(uuid) is not valid" +msgstr "Sorry, the subject UUID: %(uuid)s is not valid" #: .\mcserver\views.py:1610 msgid "subject_remove_error" diff --git a/mcserver/views.py b/mcserver/views.py index 507e914..13bf9df 100644 --- a/mcserver/views.py +++ b/mcserver/views.py @@ -312,9 +312,10 @@ def retrieve(self, request, pk=None): raise Exception(_("error") % {"error_message": str(traceback.format_exc())}) raise NotFound(_("session_uuid_not_found") % {"uuid": str(pk)}) except NotAuthenticated: - if settings.DEBUG: - raise Exception(_("error") % {"error_message": str(traceback.format_exc())}) - raise NotFound(_('login_needed')) + # if settings.DEBUG: + # raise Exception(_("error") % {"error_message": str(traceback.format_exc())}) + return Response(_('login_needed'), status=status.HTTP_401_UNAUTHORIZED) + # raise NotFound(_('login_needed')) except PermissionDenied: if settings.DEBUG: raise Exception(_("error") % {"error_message": str(traceback.format_exc())}) @@ -330,6 +331,8 @@ def retrieve(self, request, pk=None): return Response(serializer.data) + + @action( detail=False, methods=["get", "post"], @@ -616,8 +619,10 @@ def get_permissions(self): return super(SessionViewSet, self).get_permissions() def get_status(self, request, pk): + if pk == 'undefined': + raise NotFound(_("session_uuid_not_valid") % {"uuid": str(pk)}) - session = Session.objects.get(pk=pk) + session = get_object_or_404(Session, pk=pk) self.check_object_permissions(self.request, session) serializer = SessionSerializer(session) @@ -814,7 +819,7 @@ def download(self, request, pk): raise APIException(_('session_download_error')) return FileResponse(open(session_zip, "rb")) - + @action( detail=True, url_path="async-download", @@ -822,11 +827,17 @@ def download(self, request, pk): ) def async_download(self, request, pk): try: + if pk == 'undefined': + raise ValueError(_("undefined_uuid")) + + # Check if the session is public or belongs to the logged-in user + session = get_object_or_404(Session, pk=pk) + if not session.public and session.user != request.user: + raise PermissionDenied(_('permission_denied')) + if request.user.is_authenticated: - session = get_object_or_404(Session, pk=pk, user=request.user) task = download_session_archive.delay(session.id, request.user.id) else: - session = get_object_or_404(Session, pk=pk, public=True) task = download_session_archive.delay(session.id) except Exception: if settings.DEBUG: @@ -1184,27 +1195,21 @@ def calibration_img(self, request, pk): "n_cameras_connected": status_session["n_cameras_connected"], "n_videos_uploaded": status_session["n_videos_uploaded"] } - else: - imgs = [] - for result in trials[0].result_set.all(): - if result.tag == "calibration-img": - imgs.append(result.media.url) - print(imgs) - if len(imgs) > 0: - data = { - "status": "done", - "img": list(sorted(imgs, key=lambda x: x.split("-")[-1])), - "n_cameras_connected": status_session["n_cameras_connected"], - "n_videos_uploaded": status_session["n_videos_uploaded"] + elif trials[0].status == 'done': + data = { + "status": "done", + "img": "None", + "n_cameras_connected": status_session["n_cameras_connected"], + "n_videos_uploaded": status_session["n_videos_uploaded"] } - else: - data = { - "status": "error", - "img": [], - "n_cameras_connected": status_session["n_cameras_connected"], - "n_videos_uploaded": status_session["n_videos_uploaded"] - } + else: + data = { + "status": "error", + "img": [], + "n_cameras_connected": status_session["n_cameras_connected"], + "n_videos_uploaded": status_session["n_videos_uploaded"] + } except Http404: if settings.DEBUG: raise Exception(_("error") % {"error_message": str(traceback.format_exc())}) @@ -1552,6 +1557,13 @@ class ResultViewSet(viewsets.ModelViewSet): def create(self, request): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) + + # We use [0] here because all our permissions is the single list element + has_perms = self.permission_classes[0]().has_object_permission( + request, self, serializer.validated_data["trial"]) + if not has_perms: + raise PermissionDenied(_('permission_denied')) + if request.data.get('media_url'): serializer.validated_data["media"] = serializer.validated_data["media_url"] del serializer.validated_data["media_url"]