lahmacunradio · tuz666 · Oct 10, 2022 · Jun 8, 2022 · Jun 8, 2022 · Jul 27, 2022
diff --git a/arcsi/api/item.py b/arcsi/api/item.py
@@ -1,28 +1,13 @@
 from datetime import datetime, timedelta
-import json
-import os
-import requests
-import io
 
-from mutagen.id3 import APIC, ID3
-from mutagen.mp3 import MP3
-
-from flask import flash, jsonify, make_response, request, send_file, url_for, redirect
-from flask import current_app as app
-from marshmallow import fields, post_load, Schema, ValidationError
+from flask import jsonify, make_response, request, redirect
+from flask_security import login_required, auth_token_required, roles_required
+from marshmallow import fields, post_load, Schema
 from sqlalchemy import func
 
 from uuid import uuid4
 
-from .utils import (
-    archive,
-    broadcast_audio,
-    dict_to_obj,
-    media_path,
-    normalise,
-    save_file,
-    item_duplications_number
-)
+from .utils import archive, broadcast_audio, normalise, save_file, item_duplications_number
 from . import arcsi
 from arcsi.handler.upload import DoArchive
 from arcsi.model import db
@@ -80,6 +65,7 @@ def make_item(self, data, **kwargs):
 
 @arcsi.route("/item", methods=["GET"])
 @arcsi.route("/item/all", methods=["GET"])
+@auth_token_required
 def list_items():
     do = DoArchive()
     items = Item.query.all()
@@ -93,6 +79,7 @@ def list_items():
 
 
 @arcsi.route("/item/latest", methods=["GET"])
+@auth_token_required
 def list_items_latest():
     do = DoArchive()
     page = request.args.get('page', 1, type=int)
@@ -111,6 +98,7 @@ def list_items_latest():
 
 
 @arcsi.route("/item/<id>", methods=["GET"])
+@auth_token_required
 def view_item(id):
     item_query = Item.query.filter_by(id=id)
     item = item_query.first_or_404()
@@ -126,8 +114,89 @@ def view_item(id):
         return make_response("Item not found", 404, headers)
 
 
-@arcsi.route("/item", methods=["POST"])
+@arcsi.route("/item/add", methods=["POST"])
+@login_required
+@roles_required("admin")
 def add_item():
+    return _add_item()
+
+
+@arcsi.route("/item/add_api", methods=["POST"])
+@auth_token_required
+@roles_required("admin")
+def add_item_api():
+    return _add_item()
+
+
+@arcsi.route("item/<id>/listen", methods=["GET"])
+@auth_token_required
+def listen_play_file(id):
+    do = DoArchive()
+    item_query = Item.query.filter_by(id=id)
+    item = item_query.first()
+    presigned = do.download(
+        item.shows[0].archive_lahmastore_base_url, item.archive_lahmastore_canonical_url
+    )
+    return presigned
+
+
+@arcsi.route("/item/<id>/download", methods=["GET"])
+@auth_token_required
+def download_play_file(id):
+    do = DoArchive()
+    item_query = Item.query.filter_by(id=id)
+    item = item_query.first_or_404()
+    presigned = do.download(
+        item.shows[0].archive_lahmastore_base_url, item.archive_lahmastore_canonical_url
+    )
+    return redirect(presigned, code=302)
+
+
+@arcsi.route("/item/<id>", methods=["DELETE"])
+@auth_token_required
+def delete_item(id):
+    item_query = Item.query.filter_by(id=id)
+    item = item_query.first_or_404()
+    item_query.delete()
+    db.session.commit()
+    return make_response("Deleted item successfully", 200, headers)
+
+
+@arcsi.route("/item/<id>/edit", methods=["POST"])
+@login_required
+@roles_required("admin")
+def edit_item(id):
+    return _edit_item(id)
+
+
+@arcsi.route("/item/<id>/edit_api", methods=["POST"])
+@auth_token_required
+@roles_required("admin")
+def edit_item_api(id):
+    return _edit_item(id)
+
+
+@arcsi.route("/item/search", methods=["GET"])
+@auth_token_required
+def search_item():
+    do = DoArchive()
+    page = request.args.get('page', 1, type=int)
+    size = request.args.get('size', 12, type=int)
+    param = request.args.get('param', "", type=str)
+    items = Item.query.filter(func.lower(Item.name).contains(func.lower(param)) | 
+                func.lower(Item.description).contains(func.lower(param))
+                ).filter(Item.play_date < datetime.today() - timedelta(days=1)
+                ).order_by(Item.play_date.desc()).paginate(page, size, False)
+    for item in items.items:
+        if item.image_url:
+            item.image_url = do.download(
+                item.shows[0].archive_lahmastore_base_url, item.image_url
+            )
+        item.name_slug=normalise(item.name)
+    return items_schema.dumps(items.items)
+
+
+def _add_item():
     no_error = True
     if request.is_json:
         return make_response(
@@ -291,39 +360,7 @@ def add_item():
             return "Some error happened, check server logs for details. Note that your media may have been uploaded (to DO and/or Azurcast)."
 
 
-@arcsi.route("item/<id>/listen", methods=["GET"])
-def listen_play_file(id):
-    do = DoArchive()
-    item_query = Item.query.filter_by(id=id)
-    item = item_query.first()
-    presigned = do.download(
-        item.shows[0].archive_lahmastore_base_url, item.archive_lahmastore_canonical_url
-    )
-    return presigned
-
-
-@arcsi.route("/item/<id>/download", methods=["GET"])
-def download_play_file(id):
-    do = DoArchive()
-    item_query = Item.query.filter_by(id=id)
-    item = item_query.first_or_404()
-    presigned = do.download(
-        item.shows[0].archive_lahmastore_base_url, item.archive_lahmastore_canonical_url
-    )
-    return redirect(presigned, code=302)
-
-
-@arcsi.route("/item/<id>", methods=["DELETE"])
-def delete_item(id):
-    item_query = Item.query.filter_by(id=id)
-    item = item_query.first_or_404()
-    item_query.delete()
-    db.session.commit()
-    return make_response("Deleted item successfully", 200, headers)
-
-
-@arcsi.route("/item/<id>", methods=["POST"])
-def edit_item(id):
+def _edit_item(id):
     no_error = True
     image_file = None
     image_file_name = None
@@ -465,22 +502,3 @@ def edit_item(id):
                 jsonify(item_partial_schema.dump(item)), 200, headers
             )
         return "Some error happened, check server logs for details. Note that your media may have been uploaded (to DO and/or Azurcast)."
-
-
-@arcsi.route("/item/search", methods=["GET"])
-def search_item():
-    do = DoArchive()
-    page = request.args.get('page', 1, type=int)
-    size = request.args.get('size', 12, type=int)
-    param = request.args.get('param', "", type=str)
-    items = Item.query.filter(func.lower(Item.name).contains(func.lower(param)) | 
-                func.lower(Item.description).contains(func.lower(param))
-                ).filter(Item.play_date < datetime.today() - timedelta(days=1)
-                ).order_by(Item.play_date.desc()).paginate(page, size, False)
-    for item in items.items:
-        if item.image_url:
-            item.image_url = do.download(
-                item.shows[0].archive_lahmastore_base_url, item.image_url
-            )
-        item.name_slug=normalise(item.name)
-    return items_schema.dumps(items.items)