From 67769be2b6f458615793f4a22cf6b6081fc81120 Mon Sep 17 00:00:00 2001
From: marwoodandrew <amarwood@aap.com.au>
Date: Thu, 14 Dec 2023 16:05:13 +1100
Subject: [PATCH] SDAN-724 Restrict download of feature media

---
 newsroom/wire/formatters/downloadninjs.py |  4 +++-
 newsroom/wire/formatters/htmlpackage.py   |  4 +++-
 newsroom/wire/formatters/htmlwithmedia.py |  4 +++-
 newsroom/wire/formatters/utils.py         | 25 +++++++++++++++++++++++
 4 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/newsroom/wire/formatters/downloadninjs.py b/newsroom/wire/formatters/downloadninjs.py
index 6d3b54fd..af10da54 100644
--- a/newsroom/wire/formatters/downloadninjs.py
+++ b/newsroom/wire/formatters/downloadninjs.py
@@ -1,6 +1,7 @@
 from superdesk.logging import logger
 from .ninjs import NINJSFormatter
-from .utils import remove_internal_renditions, rewire_featuremedia, log_media_downloads, remove_unpermissioned_embeds
+from .utils import remove_internal_renditions, rewire_featuremedia, log_media_downloads, remove_unpermissioned_embeds,\
+    remove_unpermissioned_featuremedia
 from newsroom.utils import update_embeds_in_body
 
 
@@ -71,6 +72,7 @@ def update_video_or_audio(item, elem, group):
         update_embeds_in_body(item, update_image, update_video_or_audio, update_video_or_audio)
 
     def _transform_to_ninjs(self, item):
+        remove_unpermissioned_featuremedia(item)
         remove_unpermissioned_embeds(item)
         # Remove the renditions we should not be showing the world
         remove_internal_renditions(item, remove_media=False)
diff --git a/newsroom/wire/formatters/htmlpackage.py b/newsroom/wire/formatters/htmlpackage.py
index 0fae7066..7c491198 100644
--- a/newsroom/wire/formatters/htmlpackage.py
+++ b/newsroom/wire/formatters/htmlpackage.py
@@ -1,6 +1,7 @@
 import flask
 from .base import BaseFormatter
-from .utils import remove_internal_renditions, rewire_featuremedia, log_media_downloads, remove_unpermissioned_embeds
+from .utils import remove_internal_renditions, rewire_featuremedia, log_media_downloads, remove_unpermissioned_embeds,\
+    remove_unpermissioned_featuremedia
 from newsroom.utils import update_embeds_in_body
 from superdesk.logging import logger
 
@@ -67,6 +68,7 @@ def update_video_or_audio(item, elem, group):
         update_embeds_in_body(item, update_image, update_video_or_audio, update_video_or_audio)
 
     def format_item(self, item, item_type='items'):
+        remove_unpermissioned_featuremedia(item)
         remove_unpermissioned_embeds(item)
         remove_internal_renditions(item, remove_media=False)
         self.rewire_embeded_images(item)
diff --git a/newsroom/wire/formatters/htmlwithmedia.py b/newsroom/wire/formatters/htmlwithmedia.py
index 4d5be1d7..1bdebd8d 100644
--- a/newsroom/wire/formatters/htmlwithmedia.py
+++ b/newsroom/wire/formatters/htmlwithmedia.py
@@ -1,6 +1,7 @@
 import flask
 from .base import BaseFormatter
-from .utils import remove_internal_renditions, log_media_downloads, remove_unpermissioned_embeds
+from .utils import remove_internal_renditions, log_media_downloads, remove_unpermissioned_embeds,\
+    remove_unpermissioned_featuremedia
 from newsroom.utils import update_embeds_in_body
 from ...upload import ASSETS_RESOURCE
 import base64
@@ -72,6 +73,7 @@ def rewire_featuremedia(self, item):
                 mimetype) + base64.b64encode(file.read()).decode()
 
     def format_item(self, item, item_type='items'):
+        remove_unpermissioned_featuremedia(item)
         remove_unpermissioned_embeds(item)
         remove_internal_renditions(item)
         self.rewire_embedded_images(item)
diff --git a/newsroom/wire/formatters/utils.py b/newsroom/wire/formatters/utils.py
index 2b526720..155d6043 100644
--- a/newsroom/wire/formatters/utils.py
+++ b/newsroom/wire/formatters/utils.py
@@ -142,3 +142,28 @@ def remove_unpermissioned_embeds(item, company_id=None, section='wire'):
         item.get("associations", {}).pop(key, None)
         if "refs" in item:
             item["refs"] = [r for r in item.get("refs", []) if r["key"] != key]
+
+
+def remove_unpermissioned_featuremedia(item):
+    """
+    Remove the feature media if it's not permitted, used by the interactive download formatters
+    :param item:
+    :return:
+    """
+    if not app.config.get("EMBED_PRODUCT_FILTERING"):
+        return
+
+    user = get_user(required=True)
+    company_id = user.get('company')
+
+    permitted_products = {p.get('sd_product_id') for p in get_products_by_company(company_id, None, 'wire') if
+                          p.get('sd_product_id')}
+    feature_media_products = {p.get('code') for p in
+                              ((item.get('associations') or {}).get('featuremedia') or {}).get('products', {})}
+
+    permitted = any(feature_media_products & permitted_products) if feature_media_products else True
+
+    if not permitted:
+        item.get('associations', {}).pop('featuremedia', None)
+        if not item.get('associations'):
+            item.pop('associations', None)