From 00f17bb697f069f8adb266d9b6a37eeec1d8fe8a Mon Sep 17 00:00:00 2001
From: Ozzieisaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Thu, 25 Jul 2019 21:42:46 +0200
Subject: [PATCH] Mature contents no longer displayed in/allowed to (#975): -
 typeahead tags - advanced search tags buttons - read - download

---
 cps/helper.py | 18 +++++++++++++-----
 cps/web.py    | 11 ++++++-----
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/cps/helper.py b/cps/helper.py
index b85a6de7..4e7f3efb 100644
--- a/cps/helper.py
+++ b/cps/helper.py
@@ -658,6 +658,11 @@ def common_filters():
         db.Books.tags.any(db.Tags.name.in_(config.mature_content_tags()))
     return and_(lang_filter, ~content_rating_filter)
 
+def tags_filters():
+    return ~(false() if current_user.mature_content else \
+        db.Tags.name.in_(config.mature_content_tags()))
+    # return db.session.query(db.Tags).filter(~content_rating_filter).order_by(db.Tags.name).all()
+
 
 # Creates for all stored languages a translated speaking name in the array for the UI
 def speaking_language(languages=None):
@@ -715,9 +720,9 @@ def fill_indexpage(page, database, db_filter, order, *join):
     return entries, randm, pagination
 
 
-def get_typeahead(database, query, replace=('','')):
+def get_typeahead(database, query, replace=('',''), tag_filter=true()):
     db.session.connection().connection.connection.create_function("lower", 1, lcase)
-    entries = db.session.query(database).filter(func.lower(database.name).ilike("%" + query + "%")).all()
+    entries = db.session.query(database).filter(tag_filter).filter(func.lower(database.name).ilike("%" + query + "%")).all()
     json_dumps = json.dumps([dict(name=r.name.replace(*replace)) for r in entries])
     return json_dumps
 
@@ -753,9 +758,12 @@ def get_cc_columns():
 
 def get_download_link(book_id, book_format):
     book_format = book_format.split(".")[0]
-    book = db.session.query(db.Books).filter(db.Books.id == book_id).first()
-    data = db.session.query(db.Data).filter(db.Data.book == book.id)\
-        .filter(db.Data.format == book_format.upper()).first()
+    book = db.session.query(db.Books).filter(db.Books.id == book_id).filter(common_filters()).first()
+    if book:
+        data = db.session.query(db.Data).filter(db.Data.book == book.id)\
+            .filter(db.Data.format == book_format.upper()).first()
+    else:
+        abort(404)
     if data:
         # collect downloaded books only for registered user and not for anonymous user
         if current_user.is_authenticated:
diff --git a/cps/web.py b/cps/web.py
index 4529286f..b5bff2b3 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -49,7 +49,7 @@ from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download
 from .helper import common_filters, get_search_results, fill_indexpage, speaking_language, check_valid_domain, \
         order_authors, get_typeahead, render_task_status, json_serial, get_cc_columns, \
         get_book_cover, get_download_link, send_mail, generate_random_password, send_registration_mail, \
-        check_send_to_kindle, check_read_formats, lcase
+        check_send_to_kindle, check_read_formats, lcase, tags_filters
 from .pagination import Pagination
 from .redirect import redirect_back
 
@@ -396,7 +396,7 @@ def get_publishers_json():
 @login_required_if_no_ano
 def get_tags_json():
     if request.method == "GET":
-        return get_typeahead(db.Tags, request.args.get('q'))
+        return get_typeahead(db.Tags, request.args.get('q'),tag_filter=tags_filters())
 
 
 @web.route("/get_series_json")
@@ -805,7 +805,7 @@ def advanced_search():
     # Build custom columns names
     cc = get_cc_columns()
     db.session.connection().connection.connection.create_function("lower", 1, lcase)
-    q = db.session.query(db.Books)
+    q = db.session.query(db.Books).filter(common_filters())
 
     include_tag_inputs = request.args.getlist('include_tag')
     exclude_tag_inputs = request.args.getlist('exclude_tag')
@@ -928,7 +928,8 @@ def advanced_search():
         return render_title_template('search.html', searchterm=searchterm,
                                      entries=q, title=_(u"search"), page="search")
     # prepare data for search-form
-    tags = db.session.query(db.Tags).order_by(db.Tags.name).all()
+    # tags = db.session.query(db.Tags).order_by(db.Tags.name).all()
+    tags = db.session.query(db.Tags).filter(tags_filters()).order_by(db.Tags.name).all()
     series = db.session.query(db.Series).order_by(db.Series.name).all()
     if current_user.filter_language() == u"all":
         languages = speaking_language()
@@ -1294,7 +1295,7 @@ def profile():
 @login_required_if_no_ano
 @viewer_required
 def read_book(book_id, book_format):
-    book = db.session.query(db.Books).filter(db.Books.id == book_id).first()
+    book = db.session.query(db.Books).filter(db.Books.id == book_id).filter(common_filters()).first()
     if not book:
         flash(_(u"Error opening eBook. File does not exist or file is not accessible:"), category="error")
         return redirect(url_for("web.index"))