From bb45bd17dd5a7155a82bf8467bc384cc00744dc4 Mon Sep 17 00:00:00 2001
From: Yoan Le Clanche <yoanl@pilotsystems.net>
Date: Wed, 15 Jul 2020 15:09:22 +0200
Subject: [PATCH] add login_required decorator and fix issue when
 annotation_ids are not unique
 https://trackers.pilotsystems.net/probarreau/0850

---
 models.py |  6 +++++-
 views.py  | 13 +++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/models.py b/models.py
index 53be2b3..ab93059 100644
--- a/models.py
+++ b/models.py
@@ -1,4 +1,5 @@
 from django.db import models
+from django.core.exceptions import MultipleObjectsReturned
 
 
 class Annotation(models.Model):
@@ -30,4 +31,7 @@ class AnnotationComment(models.Model):
 
 	@property
 	def annotation(self):
-		return Annotation.objects.get(uuid=self.uuid, annotation_id=self.annotation_id)
\ No newline at end of file
+		try:
+			return Annotation.objects.get(uuid=self.uuid, annotation_id=self.annotation_id)
+		except MultipleObjectsReturned:
+			return Annotation.objects.filter(uuid=self.uuid, annotation_id=self.annotation_id)[0]
\ No newline at end of file
diff --git a/views.py b/views.py
index fd0f11c..491492f 100644
--- a/views.py
+++ b/views.py
@@ -5,6 +5,7 @@ from django.http import HttpResponse
 from pdfannotator.models import Annotation, AnnotationComment
 from itertools import groupby
 import json
+from django.contrib.auth.decorators import login_required
 from django.core.exceptions import PermissionDenied
 
 
@@ -35,6 +36,7 @@ def is_readonly(request):
 	return readonly
 
 
+@login_required
 def update_annotation(request):
 	"""
 	"""
@@ -53,7 +55,7 @@ def update_annotation(request):
 	annot.save()
 	return HttpResponse(json.dumps({'status':'ok'}), content_type="application/json")
 
-
+@login_required
 def get_annotations(request):
 
 	uuid = request.GET.get('fileUuid')
@@ -68,13 +70,14 @@ def get_annotations(request):
 			result[key].append(annot)
 	return HttpResponse(json.dumps(result), content_type="application/json")
 
+@login_required
 def get_annotation(request):
 	uuid = request.GET.get('fileUuid')
 	annotation_id = request.GET.get('annotationId')
 	annotation = Annotation.objects.get(annotation_id=annotation_id, uuid=uuid)
 	return HttpResponse(json.dumps(json.loads(annotation.content)), content_type="application/json")
 
-
+@login_required
 def add_annotation(request):
 	"""
 	"""
@@ -94,7 +97,7 @@ def add_annotation(request):
 		content=json.dumps(annotation)).save()
 	return HttpResponse(json.dumps({'status': 'ok'}), content_type="application/json")
 
-
+@login_required
 def delete_annotation(request):
 	if is_readonly(request):
 		raise PermissionDenied
@@ -107,7 +110,7 @@ def delete_annotation(request):
 	comments.delete()
 	return HttpResponse(json.dumps({'status': 'ok'}), content_type="application/json")
 
-
+@login_required
 def add_comment(request):
 	if is_readonly(request):
 		raise PermissionDenied
@@ -126,6 +129,7 @@ def add_comment(request):
 	}
 	return HttpResponse(json.dumps(commentData), content_type="application/json")
 
+@login_required
 def delete_comment(request):
 	if is_readonly(request):
 		raise PermissionDenied
@@ -137,6 +141,7 @@ def delete_comment(request):
 	annot.delete()
 	return HttpResponse(json.dumps({'status': 'ok'}), content_type="application/json")
 
+@login_required
 def get_comments(request):
 	uuid = request.GET.get('fileUuid')
 	# import pdb;pdb.set_trace()
-- 
2.47.3