feat: Enhance Adventure and Collection Management

- Added support for multiple collections in AdventureSerializer, allowing adventures to be linked to multiple collections. - Implemented validation to ensure collections belong to the current user during adventure creation and updates. - Introduced a signal to update adventure publicity based on the public status of linked collections. - Updated file permission checks to consider multiple collections when determining access rights. - Modified AdventureImageViewSet and AttachmentViewSet to check access against collections instead of a single collection. - Enhanced AdventureViewSet to support filtering and sorting adventures based on collections. - Updated frontend components to manage collections more effectively, including linking and unlinking adventures from collections. - Adjusted API endpoints and data structures to accommodate the new collections feature. - Improved user experience with appropriate notifications for collection actions.
2025-06-12 15:54:01 -04:00
parent d9070e68bb
commit 3f9a6767bd
22 changed files with 686 additions and 289 deletions
--- a/backend/server/adventures/views/attachment_view.py
+++ b/backend/server/adventures/views/attachment_view.py
@@ -26,10 +26,16 @@ class AttachmentViewSet(viewsets.ModelViewSet):
            return Response({"error": "Adventure not found"}, status=status.HTTP_404_NOT_FOUND)
        
        if adventure.user_id != request.user:
-            # Check if the adventure has a collection
-            if adventure.collection:
-                # Check if the user is in the collection's shared_with list
-                if not adventure.collection.shared_with.filter(id=request.user.id).exists():
+            # Check if the adventure has any collections
+            if adventure.collections.exists():
+                # Check if the user is in the shared_with list of any of the adventure's collections
+                user_has_access = False
+                for collection in adventure.collections.all():
+                    if collection.shared_with.filter(id=request.user.id).exists():
+                        user_has_access = True
+                        break
+                
+                if not user_has_access:
                    return Response({"error": "User does not have permission to access this adventure"}, status=status.HTTP_403_FORBIDDEN)
            else:
                return Response({"error": "User does not own this adventure"}, status=status.HTTP_403_FORBIDDEN)
@@ -37,4 +43,14 @@ class AttachmentViewSet(viewsets.ModelViewSet):
        return super().create(request, *args, **kwargs)
    
    def perform_create(self, serializer):
-        serializer.save(user_id=self.request.user)
+        adventure_id = self.request.data.get('adventure')
+        adventure = Adventure.objects.get(id=adventure_id)
+        
+        # If the adventure belongs to collections, set the owner to the collection owner
+        if adventure.collections.exists():
+            # Get the first collection's owner (assuming all collections have the same owner)
+            collection = adventure.collections.first()
+            serializer.save(user_id=collection.user_id)
+        else:
+            # Otherwise, set the owner to the request user
+            serializer.save(user_id=self.request.user)