From 1b7bc0ebee28b97a72114edacb3b860ce0c4bba1 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Wed, 11 Dec 2024 03:17:44 +0100
Subject: [PATCH] Add config option to (dis-)allow file data editing.

---
 src/templates/file_data.tmpl | 19 +++++++++++++++++--
 src/ytplom/http.py           |  4 ++++
 src/ytplom/misc.py           |  4 +++-
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/templates/file_data.tmpl b/src/templates/file_data.tmpl
index 7e54370..82dc50d 100644
--- a/src/templates/file_data.tmpl
+++ b/src/templates/file_data.tmpl
@@ -9,31 +9,38 @@ td.tag_checkboxes { width: 1em; }
 
 
 {% block body %}
+{% if allow_edit %}
 <form action="/{{page_names.file}}/{{file.digest.b64}}" method="POST" />
 <input type="hidden" name="redir_target" value="{{redir_target}}" />
+{% endif %}
 <table>
+
 <tr>
 <th>path:</th>
 <td class="top_field">{{file.rel_path}}</td>
 </tr>
+
 <tr>
 <th>present:</th>
 <td>{% if file.present %}<a href="/{{page_names.download}}/{{file.yt_id}}">yes</a>{% else %}no{% endif %}</td>
 </tr>
+
 <tr>
 <th>YouTube&nbsp;ID:</th>
 <td><a href="/{{page_names.yt_result}}/{{file.yt_id}}">{{file.yt_id}}</a>
 </tr>
+
 <tr>
 <th>tags</th>
 <td>
 <table>
 {% for tag in file.tags %}
 <tr>
-<td class="tag_checkboxes"><input type="checkbox" name="tags" value="{{tag}}" checked /></td>
+<td class="tag_checkboxes"><input type="checkbox" name="tags" value="{{tag}}" checked{% if not allow_edit %} disabled{% endif %}/></td>
 <td>{{tag}}</td>
 </tr>
 {% endfor %}
+{% if allow_edit %}
 <tr>
 <td class="tag_checkboxes">add:</td>
 <td>
@@ -45,15 +52,23 @@ td.tag_checkboxes { width: 1em; }
 </datalist>
 </td>
 </tr>
+{% endif %}
+</table>
+</td>
+</tr>
+
 <tr>
 <th>flags:</th>
 <td class="flags">
 {% for flag_name in flag_names %}
-{{ flag_name }}: <input type="checkbox" name="flags" value="{{flag_name}}" {% if file.is_flag_set(flag_name) %}checked {% endif %} /><br />
+{{ flag_name }}: <input type="checkbox" name="flags" value="{{flag_name}}" {% if file.is_flag_set(flag_name) %}checked{% endif %}{% if not allow_edit %} disabled{% endif %}/><br />
 {% endfor %}
 </td>
 </tr>
+
 </table>
+{% if allow_edit %}
 <input type="submit" />
 </form>
+{% endif %}
 {% endblock %}
diff --git a/src/ytplom/http.py b/src/ytplom/http.py
index b845c76..97f4ada 100644
--- a/src/ytplom/http.py
+++ b/src/ytplom/http.py
@@ -174,6 +174,9 @@ class _TaskHandler(BaseHTTPRequestHandler):
         self._redirect(Path(postvars.first_for('redir_target')))
 
     def _receive_file_data(self, digest: Hash, postvars: _ReqMap) -> None:
+        if not self.server.config.allow_file_edit:
+            self._send_http('no way', code=403)
+            return
         with DbConn() as conn:
             file = VideoFile.get_one(conn, digest)
             file.set_flags({FILE_FLAGS[FlagName(name)]
@@ -314,6 +317,7 @@ class _TaskHandler(BaseHTTPRequestHandler):
         self._send_rendered_template(
                 _NAME_TEMPLATE_FILE_DATA,
                 {'file': file,
+                 'allow_edit': self.server.config.allow_file_edit,
                  'flag_names': list(FILE_FLAGS),
                  'unused_tags': unused_tags})
 
diff --git a/src/ytplom/misc.py b/src/ytplom/misc.py
index e052e49..f07986a 100644
--- a/src/ytplom/misc.py
+++ b/src/ytplom/misc.py
@@ -29,7 +29,8 @@ DEFAULTS = {
     'port_remote': 8090,
     'background_color': '#ffffff',
     'queries_cutoff': '',
-    'tags_prefilter_str': ''
+    'tags_prefilter_str': '',
+    'allow_file_edit': True
 }
 
 # type definitions for mypy
@@ -92,6 +93,7 @@ class Config:
     background_color: str
     queries_cutoff: str
     tags_prefilter_str: str
+    allow_file_edit: bool
 
     def __init__(self):
         def set_attrs_from_dict(d):
-- 
2.30.2