Fixed query in models to limit display of private coordinates to only members of the same team. Made minor edits to visual components on index and greater layout to clarify this functionality.

Author: TechnoConserve

Diff for: models.py

@@ -85,7 +85,7 @@ class Coordinate(Model):
 	notes = TextField()
 	recommended_visit = DateField(null=True)
 	slug = CharField(unique=True)
-	published = BooleanField(index=True) # Coordinates/points can be made public
+	published = BooleanField(index=True) # Published is being used as an alias for public
 	timestamp = DateTimeField(default=datetime.datetime.now, index=True)
 	user = ForeignKeyField(
 		rel_model=User,
@@ -125,8 +125,15 @@ def update_search_index(self):
 		base_coord.save(force_insert=force_insert)
 
 	@classmethod
-	def private(cls):
-		return Coordinate.select().where(Coordinate.published == False)
+	def private(cls, user):
+		team = user.team
+		return (Coordinate
+			.select(Coordinate, User)
+			.join(User)
+			.where(
+				(User.team == team) &
+				(Coordinate.published == False))
+			.order_by(Coordinate.timestamp.desc()))
 
 	@classmethod
 	def public(cls):

Diff for: sos_tracker.py

@@ -116,7 +116,7 @@ def logout():
 def parse_file(filename, publish):
 	file = os.path.join(app.config['UPLOAD_FOLDER'], filename)
 	parsed = []
-	user = models.User.select().where(models.User.username == g.user._get_current_object().username)
+	user = models.User.get(models.User.username == g.user._get_current_object().username)
 	if filename[-3:] == 'txt':
 		with open(file, 'r') as f:
 			csv_input = csv.reader(f)
@@ -228,7 +228,7 @@ def index():
 def create():
 	form = forms.CreateCoordForm()
 	if form.validate_on_submit():
-		user = models.User.select().where(models.User.username == g.user._get_current_object().username)
+		user = models.User.get(models.User.username == g.user._get_current_object().username)
 		point = models.Coordinate.create(
 			user = user,
 			latitude = form.latitude.data,
@@ -275,7 +275,8 @@ def download():
 @app.route('/private')
 @login_required
 def private():
-	query = models.Coordinate.private().order_by(models.Coordinate.timestamp.desc())
+	user = models.User.get(models.User.username == g.user._get_current_object().username)
+	query = models.Coordinate.private(user)
 	return object_list('index.html', query, check_bounds=False)
 
 

Diff for: templates/index.html

@@ -4,6 +4,10 @@
 
 {% block content_title %}{% if search %}Search "{{ search }}"{% else %}Coordinates{% endif %}{% endblock %}
 
+{% block content_subtitle %}
+	Public coordinates are visible to all registered users. Private coordinates are visible only to you and other members of your team.
+{% endblock content_subtitle %}
+
 {% block content %}
 	{% for point in object_list %}
 		{% if search %}

Diff for: templates/layout.html

@@ -68,7 +68,7 @@
 			{% block page_header %}
 				<div class="page-header">
 					<h1>{% block content_title %}{% endblock %}</h1>
-					<h3>{% block content_subtitle %}{% endblock %}</h3>
+					<h5>{% block content_subtitle %}{% endblock %}</h5>
 				</div>
 			{% endblock %}