feat: Enhance Adventure and Collection Management

- Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections.
- Implemented validation to ensure collections belong to the current user during adventure creation and updates.
- Introduced a signal to update adventure publicity based on the public status of linked collections.
- Updated file permission checks to consider multiple collections when determining access rights.
- Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection.
- Enhanced AdventureViewSet to support filtering and sorting adventures based on collections.
- Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections.
- Adjusted API endpoints and data structures to accommodate the new collections feature.
- Improved user experience with appropriate notifications for collection actions.

backend/server/adventures/views/adventure_image_view.py

@@ -51,10 +51,16 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
             return Response({"error": "Adventure not found"}, status=status.HTTP_404_NOT_FOUND)
         
         if adventure.user_id != request.user:
-            # Check if the adventure has a collection
-            if adventure.collection:
-                # Check if the user is in the collection's shared_with list
-                if not adventure.collection.shared_with.filter(id=request.user.id).exists():
+            # Check if the adventure has any collections
+            if adventure.collections.exists():
+                # Check if the user is in the shared_with list of any of the adventure's collections
+                user_has_access = False
+                for collection in adventure.collections.all():
+                    if collection.shared_with.filter(id=request.user.id).exists():
+                        user_has_access = True
+                        break
+                
+                if not user_has_access:
                     return Response({"error": "User does not have permission to access this adventure"}, status=status.HTTP_403_FORBIDDEN)
             else:
                 return Response({"error": "User does not own this adventure"}, status=status.HTTP_403_FORBIDDEN)
@@ -189,7 +195,7 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
         queryset = AdventureImage.objects.filter(
             Q(adventure__id=adventure_uuid) & (
                 Q(adventure__user_id=request.user) |  # User owns the adventure
-                Q(adventure__collection__shared_with=request.user)  # User has shared access via collection
+                Q(adventure__collections__shared_with=request.user)  # User has shared access via collection
             )
         ).distinct()
         
@@ -200,7 +206,7 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
         # Updated to include images from adventures the user owns OR has shared access to
         return AdventureImage.objects.filter(
             Q(adventure__user_id=self.request.user) |  # User owns the adventure
-            Q(adventure__collection__shared_with=self.request.user)  # User has shared access via collection
+            Q(adventure__collections__shared_with=self.request.user)  # User has shared access via collection
         ).distinct()
 
     def perform_create(self, serializer):