giles
22802bd36b
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 5m35s
- Server sends sexp source text, client (sexp.js) renders everything - SexpExpr marker class for nested sexp composition in serialize() - sexp_page() HTML shell with data-mount="body" for full page loads - sexp_response() returns text/sexp for OOB/partial responses - ~app-body layout component replaces ~app-layout (no raw!) - ~rich-text is the only component using raw! (for CMS HTML content) - Fragment endpoints return text/sexp, auto-wrapped in SexpExpr - All _*_html() helpers converted to _*_sexp() returning sexp source - Head auto-hoist: sexp.js moves meta/title/link/script[ld+json] from rendered body to document.head automatically - Unknown components render warning box instead of crashing page - Component kwargs preserve AST for lazy rendering (fixes <> in kwargs) - Fix unterminated paren in events/sexp/tickets.sexpr Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
99 lines
3.0 KiB
Python
99 lines
3.0 KiB
Python
from __future__ import annotations
|
|
|
|
from quart import Blueprint, make_response, request, g, abort
|
|
from sqlalchemy import select, or_
|
|
from sqlalchemy.orm import selectinload
|
|
|
|
from shared.browser.app.authz import require_login
|
|
from shared.browser.app.utils.htmx import is_htmx_request
|
|
from shared.sexp.helpers import sexp_response
|
|
from models import Snippet
|
|
|
|
|
|
VALID_VISIBILITY = frozenset({"private", "shared", "admin"})
|
|
|
|
|
|
async def _visible_snippets(session):
|
|
"""Return snippets visible to the current user (own + shared + admin-if-admin)."""
|
|
uid = g.user.id
|
|
is_admin = g.rights.get("admin")
|
|
|
|
filters = [Snippet.user_id == uid, Snippet.visibility == "shared"]
|
|
if is_admin:
|
|
filters.append(Snippet.visibility == "admin")
|
|
|
|
rows = (await session.execute(
|
|
select(Snippet).where(or_(*filters)).order_by(Snippet.name)
|
|
)).scalars().all()
|
|
|
|
return rows
|
|
|
|
|
|
def register():
|
|
bp = Blueprint("snippets", __name__, url_prefix="/settings/snippets")
|
|
|
|
@bp.get("/")
|
|
@require_login
|
|
async def list_snippets():
|
|
"""List snippets visible to the current user."""
|
|
snippets = await _visible_snippets(g.s)
|
|
is_admin = g.rights.get("admin")
|
|
|
|
from shared.sexp.page import get_template_context
|
|
from sexp.sexp_components import render_snippets_page, render_snippets_oob
|
|
|
|
tctx = await get_template_context()
|
|
tctx["snippets"] = snippets
|
|
tctx["is_admin"] = is_admin
|
|
if not is_htmx_request():
|
|
html = await render_snippets_page(tctx)
|
|
return await make_response(html)
|
|
else:
|
|
sexp_src = await render_snippets_oob(tctx)
|
|
return sexp_response(sexp_src)
|
|
|
|
@bp.delete("/<int:snippet_id>/")
|
|
@require_login
|
|
async def delete_snippet(snippet_id: int):
|
|
"""Delete a snippet. Owners delete their own; admins can delete any."""
|
|
snippet = await g.s.get(Snippet, snippet_id)
|
|
if not snippet:
|
|
abort(404)
|
|
|
|
is_admin = g.rights.get("admin")
|
|
if snippet.user_id != g.user.id and not is_admin:
|
|
abort(403)
|
|
|
|
await g.s.delete(snippet)
|
|
await g.s.flush()
|
|
|
|
snippets = await _visible_snippets(g.s)
|
|
from sexp.sexp_components import render_snippets_list
|
|
return sexp_response(render_snippets_list(snippets, is_admin))
|
|
|
|
@bp.patch("/<int:snippet_id>/visibility/")
|
|
@require_login
|
|
async def patch_visibility(snippet_id: int):
|
|
"""Change snippet visibility. Admin only."""
|
|
if not g.rights.get("admin"):
|
|
abort(403)
|
|
|
|
snippet = await g.s.get(Snippet, snippet_id)
|
|
if not snippet:
|
|
abort(404)
|
|
|
|
form = await request.form
|
|
visibility = form.get("visibility", "").strip()
|
|
|
|
if visibility not in VALID_VISIBILITY:
|
|
abort(400)
|
|
|
|
snippet.visibility = visibility
|
|
await g.s.flush()
|
|
|
|
snippets = await _visible_snippets(g.s)
|
|
from sexp.sexp_components import render_snippets_list
|
|
return sexp_response(render_snippets_list(snippets, True))
|
|
|
|
return bp
|