From b48a99f21b9bcf0e9f19467682318e5fe2f07271 Mon Sep 17 00:00:00 2001
From: Erik Steenman <eriksteenman@gmail.com>
Date: Sat, 14 May 2016 14:49:24 +0200
Subject: [PATCH] Add a 'private' flag to mediafiles.

Only users with the 'mediafiles.can_see_private' permission can create
and view these private mediafiles.
---
 openslides/mediafiles/access_permissions.py   | 11 ++++++++
 .../migrations/0002_mediafile_private.py      | 20 ++++++++++++++
 .../migrations/0003_auto_20160514_1347.py     | 26 +++++++++++++++++++
 openslides/mediafiles/models.py               |  4 +++
 openslides/mediafiles/serializers.py          |  1 +
 .../mediafiles/static/js/mediafiles/site.js   | 17 +++++++++++-
 .../templates/mediafiles/mediafile-form.html  |  7 +++++
 .../templates/mediafiles/mediafile-list.html  |  5 ++--
 openslides/mediafiles/views.py                |  7 +++++
 openslides/users/signals.py                   |  4 ++-
 openslides/users/static/js/users/site.js      |  1 +
 11 files changed, 99 insertions(+), 4 deletions(-)
 create mode 100644 openslides/mediafiles/migrations/0002_mediafile_private.py
 create mode 100644 openslides/mediafiles/migrations/0003_auto_20160514_1347.py

diff --git a/openslides/mediafiles/access_permissions.py b/openslides/mediafiles/access_permissions.py
index 7a87aa2fc..948b807c3 100644
--- a/openslides/mediafiles/access_permissions.py
+++ b/openslides/mediafiles/access_permissions.py
@@ -18,3 +18,14 @@ class MediafileAccessPermissions(BaseAccessPermissions):
         from .serializers import MediafileSerializer
 
         return MediafileSerializer
+
+    def get_restricted_data(self, full_data, user):
+        """
+        Returns the restricted serialized data for the instance prepared
+        for the user.
+        """
+        if (not full_data['private'] or user.has_perm('mediafiles.can_see_private')):
+            data = full_data
+        else:
+            data = None
+        return data
diff --git a/openslides/mediafiles/migrations/0002_mediafile_private.py b/openslides/mediafiles/migrations/0002_mediafile_private.py
new file mode 100644
index 000000000..213aa8d4e
--- /dev/null
+++ b/openslides/mediafiles/migrations/0002_mediafile_private.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.9.6 on 2016-05-14 12:47
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mediafiles', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='mediafile',
+            name='private',
+            field=models.BooleanField(default=False),
+        ),
+    ]
diff --git a/openslides/mediafiles/migrations/0003_auto_20160514_1347.py b/openslides/mediafiles/migrations/0003_auto_20160514_1347.py
new file mode 100644
index 000000000..82d4a0d9a
--- /dev/null
+++ b/openslides/mediafiles/migrations/0003_auto_20160514_1347.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.9.6 on 2016-05-14 13:47
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mediafiles', '0002_mediafile_private'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='mediafile',
+            options={
+                    'default_permissions': (),
+                    'ordering': ['title'],
+                    'permissions': (
+                                    ('can_see', 'Can see the list of files'),
+                                    ('can_see_private', 'Can see private files'),
+                                    ('can_upload', 'Can upload files'),
+                                    ('can_manage', 'Can manage files'))},
+        ),
+    ]
diff --git a/openslides/mediafiles/models.py b/openslides/mediafiles/models.py
index 037c717b3..5a664288e 100644
--- a/openslides/mediafiles/models.py
+++ b/openslides/mediafiles/models.py
@@ -30,6 +30,9 @@ class Mediafile(RESTModelMixin, models.Model):
         blank=True)
     """A user – the uploader of a file."""
 
+    private = models.BooleanField(default=False)
+    """Whether or not this mediafile should be listed as private"""
+
     timestamp = models.DateTimeField(auto_now_add=True)
     """A DateTimeField to save the upload date and time."""
 
@@ -41,6 +44,7 @@ class Mediafile(RESTModelMixin, models.Model):
         default_permissions = ()
         permissions = (
             ('can_see', 'Can see the list of files'),
+            ('can_see_private', 'Can see private files'),
             ('can_upload', 'Can upload files'),
             ('can_manage', 'Can manage files'))
 
diff --git a/openslides/mediafiles/serializers.py b/openslides/mediafiles/serializers.py
index 320e66acb..368404485 100644
--- a/openslides/mediafiles/serializers.py
+++ b/openslides/mediafiles/serializers.py
@@ -58,6 +58,7 @@ class MediafileSerializer(ModelSerializer):
             'media_url_prefix',
             'uploader',
             'filesize',
+            'private',
             'timestamp',)
 
     def get_filesize(self, mediafile):
diff --git a/openslides/mediafiles/static/js/mediafiles/site.js b/openslides/mediafiles/static/js/mediafiles/site.js
index 4254028ec..f115dacbf 100644
--- a/openslides/mediafiles/static/js/mediafiles/site.js
+++ b/openslides/mediafiles/static/js/mediafiles/site.js
@@ -331,12 +331,27 @@ angular.module('OpenSlidesApp.mediafiles.site', ['ngFileUpload', 'OpenSlidesApp.
                 return Upload.upload({
                     url: '/rest/mediafiles/mediafile/',
                     method: 'POST',
-                    data: {mediafile: mediafile.newFile, title: mediafile.title, uploader_id: mediafile.uploader_id}
+                    data: {mediafile: mediafile.newFile, title: mediafile.title, uploader_id: mediafile.uploader_id, private: mediafile.private}
                 });
 
             }
         };
     }
+])
+
+.filter('privateFilter', [
+    '$filter',
+    'operator',
+    function ($filter, operator) {
+        return function (array) {
+            if (operator.hasPerms('mediafiles.can_see_private')) {
+                return array;
+            }
+            return Array.prototype.filter.call(array, function (item) {
+                return !item.private;
+            });
+        };
+    }
 ]);
 
 }());
diff --git a/openslides/mediafiles/static/templates/mediafiles/mediafile-form.html b/openslides/mediafiles/static/templates/mediafiles/mediafile-form.html
index 2c4e9404a..5dabbdb24 100644
--- a/openslides/mediafiles/static/templates/mediafiles/mediafile-form.html
+++ b/openslides/mediafiles/static/templates/mediafiles/mediafile-form.html
@@ -21,6 +21,13 @@
     <input type="text" ng-model="mediafile.title" class="form-control" name="inputTitle">
   </div>
 
+  <!-- private -->
+  <div class="checkbox" os-perms="mediafiles.can_see_private">
+      <label for="inputPrivate" translate>
+          <input type="checkbox" ng-model="mediafile.private" name="inputPrivate">Private
+      </label>
+  </div>
+
   <!-- uploader -->
   <div os-perms="mediafiles.can_manage" class="form-group">
     <label for="inputTitle" translate>Uploaded by</label>
diff --git a/openslides/mediafiles/static/templates/mediafiles/mediafile-list.html b/openslides/mediafiles/static/templates/mediafiles/mediafile-list.html
index 7ac7a156b..8b45e19c1 100644
--- a/openslides/mediafiles/static/templates/mediafiles/mediafile-list.html
+++ b/openslides/mediafiles/static/templates/mediafiles/mediafile-list.html
@@ -155,8 +155,8 @@
           </i>
       </tr>
     <tbody>
-      <tr ng-repeat="mediafile in mediafilesFiltered = (mediafiles | osFilter: filter.search : getFilterString |
-          filter: {filetype: filter.showPDFs} | orderBy: sortColumn:reverse)"
+      <tr ng-repeat="mediafile in mediafilesFiltered = (mediafiles | privateFilter | osFilter: filter.search : getFilterString |
+	  filter: {filetype: filter.showPDFs} | orderBy: sortColumn:reverse )"
           class="animate-item"
           ng-class="{ 'activeline': mediafile.isProjected(), 'selected': mediafile.selected }">
         <!-- projector column -->
@@ -177,6 +177,7 @@
           <strong><a ng-href="{{ mediafile.mediafileUrl }}" target="_blank">{{ mediafile.title_or_filename }}</a></strong>
           <br><small><i class="fa fa-file"></i> {{ mediafile.filetype }}</small>
           <br><small><i class="fa fa-database"></i> {{ mediafile.filesize }}</small>
+          <span ng-if="mediafile.private"><br><small><i class="fa fa-lock"></i> <translate>Private</translate></small></span>
           <div os-perms="mediafiles.can_manage" class="hoverActions" ng-class="{'hiddenDiv': !mediafile.hover}">
             <a href="" ng-click="openDialog(mediafile)" translate>Edit</a> |
             <a href="" class="text-danger"
diff --git a/openslides/mediafiles/views.py b/openslides/mediafiles/views.py
index 92170899f..91ff41ace 100644
--- a/openslides/mediafiles/views.py
+++ b/openslides/mediafiles/views.py
@@ -15,6 +15,13 @@ class MediafileViewSet(ModelViewSet):
     access_permissions = MediafileAccessPermissions()
     queryset = Mediafile.objects.all()
 
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        user = self.request.user
+        if not user.has_perm('mediafiles.can_see_private'):
+            queryset = queryset.filter(private=False)
+        return queryset
+
     def check_view_permissions(self):
         """
         Returns True if the user has required permissions.
diff --git a/openslides/users/signals.py b/openslides/users/signals.py
index 8d6437764..d2d4eb58c 100644
--- a/openslides/users/signals.py
+++ b/openslides/users/signals.py
@@ -32,6 +32,7 @@ def create_builtin_groups_and_admin(**kwargs):
         'core.can_use_chat',
         'mediafiles.can_manage',
         'mediafiles.can_see',
+        'mediafiles.can_see_private',
         'mediafiles.can_upload',
         'motions.can_create',
         'motions.can_manage',
@@ -110,7 +111,8 @@ def create_builtin_groups_and_admin(**kwargs):
         permission_dict['motions.can_see_and_manage_comments'],
         permission_dict['users.can_see_name'],
         permission_dict['users.can_manage'],
-        permission_dict['users.can_see_extra_data'],)
+        permission_dict['users.can_see_extra_data'],
+        permission_dict['mediafiles.can_see_private'],)
     group_staff = Group.objects.create(name='Staff', pk=3)
     group_staff.permissions.add(*staff_permissions)
 
diff --git a/openslides/users/static/js/users/site.js b/openslides/users/static/js/users/site.js
index fe2eaf8c3..ffae2f582 100644
--- a/openslides/users/static/js/users/site.js
+++ b/openslides/users/static/js/users/site.js
@@ -1324,6 +1324,7 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users'])
         gettext('Can see the list of files');
         gettext('Can upload files');
         gettext('Can manage files');
+        gettext('Can see private files');
         // motions
         gettext('Can see motions');
         gettext('Can create motions');