Fix #563: unplayable radios for anonymous users

2025-10-05 03:59:24 +02:00 · 2019-05-02 10:01:02 +02:00 · 2019-05-02 10:01:02 +02:00 · 0be93ec05b
commit 0be93ec05b
parent 1a639a8fde
8 changed files with 42 additions and 16 deletions
--- a/api/funkwhale_api/radios/views.py
+++ b/api/funkwhale_api/radios/views.py
@ -1,5 +1,5 @@
 from django.db.models import Q
-from rest_framework import mixins, permissions, status, viewsets
+from rest_framework import mixins, status, viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response

@ -28,6 +28,7 @@ class RadioViewSet(
    required_scope = "radios"
    owner_field = "user"
    owner_checks = ["write"]
+    anonymous_policy = "setting"

    def get_queryset(self):
        queryset = models.Radio.objects.all()
@ -82,11 +83,30 @@ class RadioSessionViewSet(

    serializer_class = serializers.RadioSessionSerializer
    queryset = models.RadioSession.objects.all()
-    permission_classes = [permissions.IsAuthenticated]
+    permission_classes = []

    def get_queryset(self):
        queryset = super().get_queryset()
-        return queryset.filter(user=self.request.user)
+        if self.request.user.is_authenticated:
+            return queryset.filter(
+                Q(user=self.request.user)
+                | Q(session_key=self.request.session.session_key)
+            )
+
+        return queryset.filter(session_key=self.request.session.session_key).exclude(
+            session_key=None
+        )
+
+    def perform_create(self, serializer):
+        if (
+            not self.request.user.is_authenticated
+            and not self.request.session.session_key
+        ):
+            self.request.session.create()
+        return serializer.save(
+            user=self.request.user if self.request.user.is_authenticated else None,
+            session_key=self.request.session.session_key,
+        )

    def get_serializer_context(self):
        context = super().get_serializer_context()
@ -97,14 +117,19 @@ class RadioSessionViewSet(
 class RadioSessionTrackViewSet(mixins.CreateModelMixin, viewsets.GenericViewSet):
    serializer_class = serializers.RadioSessionTrackSerializer
    queryset = models.RadioSessionTrack.objects.all()
-    permission_classes = [permissions.IsAuthenticated]
+    permission_classes = []

    def create(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        session = serializer.validated_data["session"]
+        if not request.user.is_authenticated and not request.session.session_key:
+            self.request.session.create()
        try:
-            assert request.user == session.user
+            assert (request.user == session.user) or (
+                request.session.session_key == session.session_key
+                and session.session_key
+            )
        except AssertionError:
            return Response(status=status.HTTP_403_FORBIDDEN)
        session.radio.pick()