From 508e401fefbcb2526309a3d246c58f1a81233921 Mon Sep 17 00:00:00 2001 From: Dev Aggarwal Date: Fri, 30 Aug 2024 15:58:00 +0530 Subject: [PATCH] fix: anonymous users can save any published run --- daras_ai_v2/base.py | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/daras_ai_v2/base.py b/daras_ai_v2/base.py index d3a52175d..2e57ae564 100644 --- a/daras_ai_v2/base.py +++ b/daras_ai_v2/base.py @@ -348,7 +348,7 @@ def _render_header(self): tbreadcrumbs = get_title_breadcrumbs( self, current_run, published_run, tab=self.tab ) - can_edit = self.can_user_edit_run(current_run, published_run) + can_save = self.can_user_save_run(current_run, published_run) request_changed = self._has_request_changed() with gui.div(className="d-flex justify-content-between mt-4"): @@ -373,7 +373,7 @@ def _render_header(self): self.render_author(author) with gui.div(className="d-flex align-items-center"): - if request_changed or (can_edit and not is_example): + if request_changed or (can_save and not is_example): self._render_unpublished_changes_indicator() with gui.div(className="d-flex align-items-start right-action-icons"): @@ -387,7 +387,7 @@ def _render_header(self): """ ) - show_save_buttons = request_changed or can_edit + show_save_buttons = request_changed or can_save if show_save_buttons: self._render_published_run_save_buttons( current_run=current_run, @@ -406,7 +406,7 @@ def _render_header(self): elif is_root_example and self.tab != RecipeTabs.integrations: gui.write(self.preview_description(current_run.to_dict()), line_clamp=2) - def can_user_edit_run( + def can_user_save_run( self, current_run: SavedRun, published_run: PublishedRun | None, @@ -433,7 +433,8 @@ def can_user_edit_published_run( published_run and self.request and self.request.user - and published_run.created_by == self.request.user + and published_run.created_by_id + and published_run.created_by_id == self.request.user.id ) def _render_title(self, title: str): @@ -465,10 +466,7 @@ def _render_published_run_save_buttons( current_run: SavedRun, published_run: PublishedRun, ): - is_update_mode = ( - self.is_current_user_admin() - or published_run.created_by == self.request.user - ) + can_edit = self.can_user_edit_published_run(published_run) with gui.div(className="d-flex justify-content-end"): gui.html( @@ -485,11 +483,12 @@ def _render_published_run_save_buttons( """ ) - pressed_options = is_update_mode and gui.button( - '', - className="mb-0 ms-lg-2", - type="tertiary", - ) + if can_edit: + pressed_options = gui.button( + '', + className="mb-0 ms-lg-2", + type="tertiary", + ) options_modal = gui.Modal("Options", key="published-run-options-modal") if pressed_options: options_modal.open() @@ -502,7 +501,7 @@ def _render_published_run_save_buttons( ) save_icon = '' - if is_update_mode: + if can_edit: save_text = "Update" else: save_text = "Save" @@ -520,7 +519,7 @@ def _render_published_run_save_buttons( current_run=current_run, published_run=published_run, modal=publish_modal, - is_update_mode=is_update_mode, + is_update_mode=can_edit, ) def _render_publish_modal(