geovisio 2.10.0__py3-none-any.whl → 2.11.0__py3-none-any.whl

geovisio/web/map.py

@@ -4,7 +4,8 @@
 import io
 from typing import Optional, Dict, Any, Tuple, List, Union
 from uuid import UUID
-from flask import Blueprint, current_app, send_file, request, jsonify, url_for
+from functools import lru_cache
+from flask import Blueprint, current_app, send_file, request, jsonify, url_for, g
 from flask_babel import gettext as _, get_locale
 from geovisio.utils import auth, db
 from geovisio.utils.auth import Account
@@ -13,6 +14,7 @@ from geovisio.web.utils import user_dependant_response
 from geovisio.web.configuration import _get_translated
 from geovisio import errors
 from psycopg import sql
+import psycopg
 
 bp = Blueprint("map", __name__, url_prefix="/api")
 
@@ -139,6 +141,14 @@ def get_style_json(forUser: Optional[Union[UUID, str]] = None):
             "coef_360_pictures",
             "coef_flat_pictures",
         ]
+        if _has_non_public_fields():
+            style["metadata"]["panoramax:fields"]["grid"].extend(
+                [
+                    "logged_coef",
+                    "logged_coef_360_pictures",
+                    "logged_coef_flat_pictures",
+                ]
+            )
 
     return jsonify(style)
 
@@ -211,7 +221,6 @@ def getStyle():
 
 
 @bp.route("/map/<int:z>/<int:x>/<int:y>.<format>")
-@user_dependant_response(False)
 def getTile(z: int, x: int, y: int, format: str):
     """Get pictures and sequences as vector tiles
 
@@ -227,6 +236,9 @@ def getTile(z: int, x: int, y: int, format: str):
         - coef (value from 0 to 1, relative quantity of available pictures)
         - coef_360_pictures (value from 0 to 1, relative quantity of available 360° pictures)
         - coef_flat_pictures (value from 0 to 1, relative quantity of available flat pictures)
+        - logged_coef (value from 0 to 1, relative quantity of available pictures for logged users)
+        - logged_coef_360_pictures (value from 0 to 1, relative quantity of available 360° pictures for logged users)
+        - logged_coef_flat_pictures (value from 0 to 1, relative quantity of available flat pictures for logged users)
 
     Layer "sequences":
       - Available on zoom levels >= 7 (and simplified version on zoom >= 6 and < 7)
@@ -296,6 +308,26 @@ def getTile(z: int, x: int, y: int, format: str):
     return _getTile(z, x, y, format, onlyForUser=None)
 
 
+def _has_non_public_fields():
+    """Check if the database has the `nb_non_public_pictures` field."""
+    if current_app.config["API_REGISTRATION_IS_OPEN"] is True:
+        return False
+
+    @lru_cache(maxsize=100)
+    def check_db():
+        """This function can be dropped in the next version (and only use the `API_REGISTRATION_IS_OPEN` config).
+        We do it because the pictures_grid materialized view is expensive to compute and we want the API to work during the schema migration.
+        We also cache it to not slow down every query, and eventually (after the limit is reached or the API is restarted), the API will start returning the non-public fields.
+        """
+        try:
+            db.fetchone(current_app, "SELECT nb_non_public_pictures FROM pictures_grid LIMIT 1")
+        except psycopg.errors.UndefinedColumn:
+            return False
+        return True
+
+    return check_db()
+
+
 def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_filter: Optional[sql.SQL]) -> Tuple[sql.Composed, Dict]:
     """Returns appropriate SQL query according to given zoom"""
 
@@ -320,10 +352,10 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     if additional_filter:
         sequences_filter.append(additional_filter)
         filter_str = additional_filter.as_string(None)
-        if "status" in filter_str:
+        if "visibility" in filter_str:
             # hack to have a coherent filter between the APIs
-            # if asked for status='hidden', we want both hidden pics and hidden sequences
-            pic_additional_filter_str = filter_str.replace("s.status", "p.status")
+            # if asked for visibility <> 'anyone' (status='hidden' in API), we want both hidden pics and hidden sequences
+            pic_additional_filter_str = filter_str.replace("s.visibility", "p.visibility")
             pic_additional_filter = sql.SQL(pic_additional_filter_str)  # type: ignore
             pictures_filter.append(sql.SQL("(") + sql.SQL(" OR ").join([pic_additional_filter, additional_filter]) + sql.SQL(")"))
 
@@ -334,56 +366,65 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
         params["account"] = onlyForUser
 
     # Not logged-in requests -> only show "ready" pics/sequences
-    account = auth.get_current_account()
-    accountId = account.id if account is not None else None
-    if not onlyForUser or accountId != str(onlyForUser):
-        sequences_filter.append(sql.SQL("s.status = 'ready'"))
-        pictures_filter.append(sql.SQL("p.status = 'ready'"))
-        pictures_filter.append(sql.SQL("s.status = 'ready'"))
-
+    if current_app.config["API_REGISTRATION_IS_OPEN"] is False or onlyForUser:
+        # for instances that supports logged-only data, we cannot add the tiles in a public cache (since non authenticated users could access this cache)
+        g.user_dependant_response = True
+        params["account_to_query"] = auth.get_current_account_id()
+        sequences_filter.append(sql.SQL("is_sequence_visible_by_user(s, %(account_to_query)s)"))
+        pictures_filter.append(sql.SQL("is_picture_visible_by_user(p, %(account_to_query)s)"))
+        pictures_filter.append(sql.SQL("is_sequence_visible_by_user(s, %(account_to_query)s)"))
+    else:
+        # for public instances, we can add the tiles in a public cache, and we only show the 'anyone' visibility
+        g.user_dependant_response = False
+        sequences_filter.append(sql.SQL("s.visibility = 'anyone'"))
+        pictures_filter.append(sql.SQL("s.visibility = 'anyone'"))
+        pictures_filter.append(sql.SQL("p.visibility = 'anyone'"))
+
+    sequences_filter.append(sql.SQL("s.status = 'ready'"))
+    pictures_filter.append(sql.SQL("p.preparing_status = 'prepared'"))
+    pictures_filter.append(sql.SQL("s.status = 'ready'"))
     #############################################################
     # SQL Result columns/fields
     #
 
+    grid_coef_field = """((CASE WHEN {count_field} = 0 
+        THEN 0 
+    WHEN {count_field} <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY {count_field}) FILTER (WHERE {count_field} > 0) FROM pictures_grid)
+    THEN 
+        {count_field}::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY {count_field}) FILTER (WHERE {count_field} > 0) FROM pictures_grid) * 0.5
+    ELSE 
+        0.5 + {count_field}::float / (SELECT MAX({count_field}) FROM pictures_grid) * 0.5
+END) * 10)::int / 10::float AS {coef_field}"""
+
     grid_fields = [
         sql.SQL("ST_AsMVTGeom(ST_Transform(ST_Centroid(geom), 3857), ST_TileEnvelope(%(z)s, %(x)s, %(y)s)) AS geom"),
         sql.SQL("id"),
         sql.SQL("nb_pictures"),
         sql.SQL("nb_360_pictures"),
         sql.SQL("nb_pictures - nb_360_pictures AS nb_flat_pictures"),
-        sql.SQL(
-            """((CASE WHEN nb_pictures = 0 
-                    THEN 0 
-                WHEN nb_pictures <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_pictures) FILTER (WHERE nb_pictures > 0) FROM pictures_grid)
-                THEN 
-                    nb_pictures::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_pictures) FILTER (WHERE nb_pictures > 0) FROM pictures_grid) * 0.5
-                ELSE 
-                    0.5 + nb_pictures::float / (SELECT MAX(nb_pictures) FROM pictures_grid) * 0.5
-            END) * 10)::int / 10::float AS coef"""
-        ),
-        sql.SQL(
-            """((CASE WHEN nb_360_pictures = 0 
-                    THEN 0
-                WHEN (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_360_pictures) FILTER (WHERE nb_360_pictures > 0) FROM pictures_grid) = 0 
-                    THEN 0
-                WHEN nb_360_pictures <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_360_pictures) FILTER (WHERE nb_360_pictures > 0) FROM pictures_grid)
-                    THEN nb_360_pictures::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY nb_360_pictures) FILTER (WHERE nb_360_pictures > 0) FROM pictures_grid) * 0.5
-                ELSE 
-                    0.5 + nb_360_pictures::float / (SELECT MAX(nb_360_pictures) FROM pictures_grid) * 0.5
-            END) * 10)::int / 10::float AS coef_360_pictures"""
-        ),
-        sql.SQL(
-            """((CASE WHEN (nb_pictures - nb_360_pictures) = 0 
-                    THEN 0 
-                WHEN (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY (nb_pictures - nb_360_pictures)) FILTER (WHERE (nb_pictures - nb_360_pictures) > 0) FROM pictures_grid) = 0 
-                    THEN 0
-                WHEN (nb_pictures - nb_360_pictures) <= (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY (nb_pictures - nb_360_pictures)) FILTER (WHERE (nb_pictures - nb_360_pictures) > 0) FROM pictures_grid)
-                    THEN (nb_pictures - nb_360_pictures)::float / (SELECT PERCENTILE_CONT(0.5) WITHIN GROUP(ORDER BY (nb_pictures - nb_360_pictures)) FILTER (WHERE (nb_pictures - nb_360_pictures) > 0) FROM pictures_grid) * 0.5
-                ELSE 
-                    0.5 + (nb_pictures - nb_360_pictures)::float / (SELECT MAX((nb_pictures - nb_360_pictures)) FROM pictures_grid) * 0.5
-            END) * 10)::int / 10::float AS coef_flat_pictures"""
-        ),
+        sql.SQL(grid_coef_field.format(count_field="nb_pictures", coef_field="coef")),
+        sql.SQL(grid_coef_field.format(count_field="nb_360_pictures", coef_field="coef_360_pictures")),
+        sql.SQL(grid_coef_field.format(count_field="(nb_pictures - nb_360_pictures)", coef_field="coef_flat_pictures")),
     ]
+    if _has_non_public_fields():
+        # we also add non-public pictures
+        grid_fields.extend(
+            [
+                sql.SQL(grid_coef_field.format(count_field="(nb_non_public_pictures + nb_pictures)", coef_field="logged_coef")),
+                sql.SQL(
+                    grid_coef_field.format(
+                        count_field="(nb_non_public_360_pictures + nb_360_pictures)", coef_field="logged_coef_360_pictures"
+                    )
+                ),
+                sql.SQL(
+                    grid_coef_field.format(
+                        count_field="((nb_non_public_360_pictures + nb_360_pictures) - (nb_non_public_360_pictures + nb_360_pictures))",
+                        coef_field="logged_coef_flat_pictures",
+                    )
+                ),
+            ]
+        )
+
     sequences_fields = [
         sql.SQL("ST_AsMVTGeom(ST_Transform(geom, 3857), ST_TileEnvelope(%(z)s, %(x)s, %(y)s)) AS geom"),
         sql.SQL("id"),
@@ -396,7 +437,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
         sequences_fields.extend(
             [
                 sql.SQL("account_id"),
-                sql.SQL("NULLIF(status != 'ready', FALSE) AS hidden"),
+                sql.SQL("NULLIF(visibility != 'anyone', FALSE) AS hidden"),
                 sql.SQL("computed_model AS model"),
                 sql.SQL("computed_type AS type"),
                 sql.SQL("computed_capture_date AS date"),
@@ -412,8 +453,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Full pictures + sequences (z15+)
     if z >= ZOOM_PICTURES:
         query = sql.SQL(
-            """
-            SELECT mvtsequences.mvt || mvtpictures.mvt
+            """SELECT mvtsequences.mvt || mvtpictures.mvt
             FROM (
                 SELECT ST_AsMVT(mvtgeomseqs.*, 'sequences') AS mvt
                 FROM (
@@ -430,7 +470,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
                 SELECT
                     ST_AsMVTGeom(ST_Transform(p.geom, 3857), ST_TileEnvelope(%(z)s, %(x)s, %(y)s)) AS geom,
                     p.id, p.ts, p.heading, p.account_id,
-                    NULLIF(p.status != 'ready' OR s.status != 'ready', FALSE) AS hidden,
+                    NULLIF(p.visibility = 'owner-only' OR s.visibility = 'owner-only', FALSE) AS hidden,
                     p.metadata->>'type' AS type,
                     TRIM(CONCAT(p.metadata->>'make', ' ', p.metadata->>'model')) AS model,
                     gps_accuracy_m AS gps_accuracy,
@@ -455,8 +495,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Full sequences (z7-14.9 and z0-14.9 for specific users)
     elif z >= ZOOM_GRID_SEQUENCES + 1 or onlyForUser:
         query = sql.SQL(
-            """
-            SELECT ST_AsMVT(mvtsequences.*, 'sequences') AS mvt
+            """SELECT ST_AsMVT(mvtsequences.*, 'sequences') AS mvt
             FROM (
                 SELECT
                     {sequences_fields}
@@ -470,8 +509,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Sequences + grid (z6-6.9)
     elif z >= ZOOM_GRID_SEQUENCES:
         query = sql.SQL(
-            """
-            SELECT mvtsequences.mvt || mvtgrid.mvt
+            """SELECT mvtsequences.mvt || mvtgrid.mvt
             FROM (
                 SELECT ST_AsMVT(mvtgeomseqs.*, 'sequences') AS mvt
                 FROM (
@@ -502,8 +540,7 @@ def _get_query(z: int, x: int, y: int, onlyForUser: Optional[UUID], additional_f
     # Grid overview (all users + z0-5.9)
     else:
         query = sql.SQL(
-            """
-            SELECT ST_AsMVT(mvtgrid.*, 'grid') AS mvt
+            """SELECT ST_AsMVT(mvtgrid.*, 'grid') AS mvt
             FROM (
                 SELECT
                     {grid_fields}
@@ -634,6 +671,7 @@ def getUserTile(userId: UUID, z: int, x: int, y: int, format: str):
 
 @bp.route("/users/me/map/style.json")
 @auth.login_required_with_redirect()
+@user_dependant_response(False)
 def getMyStyle(account: Account):
     """Get vector tiles style.
 

geovisio/web/pages.py

@@ -180,11 +180,9 @@ def postPage(page, lang, account):
     with db.execute(
         current_app,
         SQL(
-            """
-INSERT INTO pages (name, lang, content)
+            """INSERT INTO pages (name, lang, content)
 VALUES (%(name)s, %(lang)s, %(content)s)
-ON CONFLICT (name, lang) DO UPDATE SET content=EXCLUDED.content
-        """
+ON CONFLICT (name, lang) DO UPDATE SET content=EXCLUDED.content"""
         ),
         {"name": name.value, "lang": lang, "content": request.get_data(as_text=True)},
     ) as res:
@@ -238,3 +236,49 @@ def deletePage(page, lang, account):
             raise InvalidAPIUsage(_("Could not delete page content"), 500)
 
     return "", 200
+
+
+@bp.route("/pages/<page>/publish-change", methods=["POST", "PUT"])
+@auth.login_required()
+def postPageUpdate(page, account):
+    """Act that there is a new version of a page on major changes.
+    For pages that needs acceptance, the users can thus be notified of the changes.
+    ---
+    tags:
+        - Configuration
+    parameters:
+        - name: page
+          in: path
+          description: Page name
+          required: true
+          schema:
+            $ref: '#/components/schemas/GeoVisioPageName'
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    requestBody:
+        content:
+            application/json: {}
+    responses:
+        200:
+            description: Successfully saved
+    """
+
+    name = check_page_name(page)
+
+    if not account.can_edit_pages():
+        raise InvalidAPIUsage(_("You must be logged-in as admin to edit pages"), 403)
+
+    with db.execute(
+        current_app,
+        SQL(
+            """UPDATE pages
+SET updated_at = NOW()
+WHERE name = %(name)s"""
+        ),
+        {"name": name.value},
+    ) as res:
+        if not res.rowcount:
+            raise InvalidAPIUsage(_("Could not publish page changes"), 500)
+
+    return "", 200

geovisio/web/params.py

@@ -1,21 +1,21 @@
 from uuid import UUID
-
-from geovisio import errors
 import dateutil.parser
 from dateutil import tz
 from dateutil.parser import parse as dateparser
 import datetime
+from enum import Enum
 import re
 from werkzeug.datastructures import MultiDict
 from typing import Optional, Tuple, Any, List
 from pygeofilter import ast
 from pygeofilter.backends.evaluator import Evaluator, handle
 from psycopg import sql
+from flask_babel import gettext as _
+from flask import current_app
+from geovisio import errors
 from geovisio.utils.sequences import STAC_FIELD_MAPPINGS, STAC_FIELD_TO_SQL_FILTER
 from geovisio.utils.fields import SortBy, SQLDirection, SortByField
-from flask_babel import gettext as _
 from geovisio.utils import items as utils_items
-
 from geovisio.utils.cql2 import parse_cql2_filter
 
 
@@ -329,16 +329,20 @@ def parse_list(value: Optional[Any], tryFallbacks: bool = True, paramName: Optio
 def parse_collection_filter(value: Optional[str]) -> Optional[sql.SQL]:
     """Reads STAC filter parameter and sends SQL condition back.
 
+    Note: if more search filters are added, don't forget to add them to the qeryables endpoint (in queryables.py)
+
     >>> parse_collection_filter('')
 
     >>> parse_collection_filter("updated >= '2023-12-31'")
     SQL("(s.updated_at >= '2023-12-31')")
     >>> parse_collection_filter("updated >= '2023-12-31' AND created < '2023-10-31'")
     SQL("((s.updated_at >= '2023-12-31') AND (s.inserted_at < '2023-10-31'))")
-    >>> parse_collection_filter("status IN ('deleted','ready')") # when we ask for deleted, we should also have hidden collections
-    SQL("s.status IN ('deleted', 'ready', 'hidden')")
-    >>> parse_collection_filter("status = 'deleted' OR status = 'ready'")
-    SQL("(((s.status = 'deleted') OR (s.status = 'hidden')) OR (s.status = 'ready'))")
+    >>> parse_collection_filter("status IN ('deleted','ready')") # doctest: +IGNORE_EXCEPTION_DETAIL
+    Traceback (most recent call last):
+    geovisio.errors.InvalidAPIUsage: The status filter is not supported anymore, use the `show_deleted` parameter instead if you need to query deleted collections
+    >>> parse_collection_filter("status = 'deleted' OR status = 'ready'") # doctest: +IGNORE_EXCEPTION_DETAIL
+    Traceback (most recent call last):
+    geovisio.errors.InvalidAPIUsage: The status filter is not supported anymore, use the `show_deleted` parameter instead if you need to query deleted collections
     >>> parse_collection_filter('invalid = 10') # doctest: +IGNORE_EXCEPTION_DETAIL
     Traceback (most recent call last):
     geovisio.errors.InvalidAPIUsage: Unsupported filter parameter
@@ -346,6 +350,18 @@ def parse_collection_filter(value: Optional[str]) -> Optional[sql.SQL]:
     Traceback (most recent call last):
     geovisio.errors.InvalidAPIUsage: Unsupported filter parameter
     """
+    if value and "status" in value:
+        if "'hidden'" in value:
+            raise errors.InvalidAPIUsage(
+                _("The status filter is not supported anymore, use the `visibility` filter instead"),
+                status_code=400,
+            )
+        raise errors.InvalidAPIUsage(
+            _(
+                "The status filter is not supported anymore, use the `show_deleted` parameter instead if you need to query deleted collections"
+            ),
+            status_code=400,
+        )
     return parse_cql2_filter(value, STAC_FIELD_TO_SQL_FILTER, ast_updater=_alterFilterAst)
 
 
@@ -373,12 +389,16 @@ class _FilterAstUpdated(Evaluator):
     The rational here is that for non-owned pictures/sequences, when a pictures/sequence is 'hidden' it should be advertised as 'deleted'.
 
     This is especially important for crawler like the meta-catalog, since they should also delete the sequence/picture when it is hidden
+
+    We also need to maintain retrocompatibility, since the `hidden` status has been replaced by a `visibility` field.
     """
 
     @handle(ast.Equal)
     def eq(self, node, lhs, rhs):
         if lhs == ast.Attribute("status") and rhs == "deleted":
-            return ast.Or(node, ast.Equal(ast.Attribute("status"), "hidden"))  # type: ignore
+            return ast.Or(node, ast.NotEqual(ast.Attribute("visibility"), "anyone"))  # type: ignore
+        if lhs == ast.Attribute("status") and rhs == "hidden":
+            return ast.NotEqual(ast.Attribute("visibility"), "anyone")  # type: ignore
         return node
 
     @handle(ast.Or)
@@ -387,8 +407,10 @@ class _FilterAstUpdated(Evaluator):
 
     @handle(ast.In)
     def in_(self, node, lhs, *options):
-        if "deleted" in node.sub_nodes:
-            node.sub_nodes.append("hidden")
+        if "deleted" in node.sub_nodes or "hidden" in node.sub_nodes:
+            if "hidden" in node.sub_nodes:
+                node.sub_nodes.remove("hidden")
+            return ast.Or(node, ast.NotEqual(ast.Attribute("visibility"), "anyone"))
         return node
 
     def adopt(self, node, *sub_args):
@@ -419,6 +441,12 @@ def _parse_sorty_by(value: Optional[str], field_mapping_func, SortByCls):
     return SortByCls(fields=orders)
 
 
+def parse_boolean(value: Optional[str]) -> Optional[bool]:
+    if value is None:
+        return None
+    return value.lower() == "true"
+
+
 def parse_collection_sortby(value: Optional[str]) -> Optional[SortBy]:
     """Reads STAC/OGC sortby parameter, and sends a SQL ORDER BY string.
 
@@ -526,3 +554,20 @@ def as_uuid(value: str, error: str) -> UUID:
         return UUID(value)
     except ValueError:
         raise errors.InvalidAPIUsage(error)
+
+
+class Visibility(Enum):
+    """Represent the visibility of picture"""
+
+    anyone = "anyone"
+    logged_only = "logged-only"
+    owner_only = "owner-only"
+
+
+def check_visibility(visibility: Visibility | str):
+    """Check if the visibility is valid."""
+
+    if visibility == Visibility.logged_only or visibility == "logged-only":
+        if current_app.config["API_REGISTRATION_IS_OPEN"] is True:
+            return False
+    return True

geovisio/web/pictures.py

@@ -44,7 +44,7 @@ def getPictureHD(pictureId, format):
     metadata = utils.pictures.checkPictureStatus(fses, pictureId)
 
     external_url = utils.pictures.getPublicHDPictureExternalUrl(pictureId, format)
-    if external_url and metadata["status"] == "ready":
+    if external_url and metadata["status"] == "ready" and metadata["visibility"] == "anyone":
         return redirect(external_url)
 
     try:
@@ -89,7 +89,7 @@ def getPictureSD(pictureId, format):
     metadata = utils.pictures.checkPictureStatus(fses, pictureId)
 
     external_url = utils.pictures.getPublicDerivatePictureExternalUrl(pictureId, format, "sd.jpg")
-    if external_url and metadata["status"] == "ready":
+    if external_url and metadata["status"] == "ready" and metadata["visibility"] == "anyone":
         return redirect(external_url)
 
     try:
@@ -178,7 +178,7 @@ def getPictureTile(pictureId, col, row, format):
 
     metadata = utils.pictures.checkPictureStatus(fses, pictureId)
     external_url = utils.pictures.getPublicDerivatePictureExternalUrl(pictureId, format, f"tiles/{col}_{row}.jpg")
-    if external_url and metadata["status"] == "ready":
+    if external_url and metadata["status"] == "ready" and metadata["visibility"] == "anyone":
         return redirect(external_url)
 
     picPath = f"{utils.pictures.getPictureFolderPath(pictureId)}/tiles/{col}_{row}.jpg"

geovisio/web/prepare.py

@@ -71,10 +71,12 @@ def prepareItem(collectionId, itemId, account=None):
                     """SELECT 1 
 FROM pictures p
 JOIN sequences_pictures sp ON p.id = sp.pic_id
+JOIN sequences s ON s.id = sp.seq_id
 WHERE
     p.id = %(pic)s
     AND sp.seq_id = %(seq)s
-    AND (p.account_id = %(acc)s OR p.status != 'hidden')"""
+    AND (is_picture_visible_by_user(p, %(acc)s))
+    AND (is_sequence_visible_by_user(s, %(acc)s))"""
                 ),
                 {"pic": itemId, "seq": collectionId, "acc": accountId},
             ).fetchone()
@@ -138,7 +140,7 @@ def prepareCollection(collectionId, account=None):
 FROM sequences
 WHERE
     id = %(seq)s
-    AND (account_id = %(acc)s OR status != 'hidden')"""
+    AND is_sequence_visible_by_user(sequences, %(acc)s)"""
                 ),
                 {"seq": collectionId, "acc": accountId},
             ).fetchone()

geovisio/web/queryables.py

@@ -0,0 +1,57 @@
+import flask
+
+bp = flask.Blueprint("queryables", __name__, url_prefix="/api")
+
+ITEMS_QUERYABLES = {
+    "$schema": "https://json-schema.org/draft/2019-09/schema",
+    "$id": "https://stac-api.example.com/queryables",
+    "type": "object",
+    "title": "Queryables for Panoramax STAC API",
+    "description": "Queryable names for Panoramax STAC API Item Search filter.",
+    "properties": {
+        "semantics": {
+            "description": "Tag to represent the presence of semantics. Only support the IS NOT NULL operator for the moment, to search for all items with at least one semantic tag.",
+            "type": "string",
+        },
+    },
+    "patternProperties": {
+        "^semantics\\.(.+)$": {
+            "description": "Specific semantic tag. The semantic tag `key` should be after the prefix `semantics.`",
+            "type": "string",
+        }
+    },
+    "additionalProperties": False,
+}
+
+COLLECTION_QUERYABLES = {
+    "$schema": "https://json-schema.org/draft/2019-09/schema",
+    "$id": "https://stac-api.example.com/queryables",
+    "type": "object",
+    "title": "Queryables for Panoramax STAC API",
+    "description": "Queryable names for Panoramax STAC API Item Search filter.",
+    "properties": {
+        "created": {
+            "description": "Created date of the collection. The filter can be either a date or a datetime",
+            "type": "string",
+            "anyOf": [{"format": "date-time"}, {"format": "date"}],
+        },
+        "updated": {
+            "description": "Update date of the collection. The filter can be either a date or a datetime",
+            "type": "string",
+            "anyOf": [{"format": "date-time"}, {"format": "date"}],
+        },
+    },
+    "additionalProperties": False,
+}
+
+
+@bp.route("/queryables")
+def search_queryables():
+    """List of queryables for search as defined by https://github.com/stac-api-extensions/filter?tab=readme-ov-file#queryables"""
+    return flask.jsonify(ITEMS_QUERYABLES), {"Cache-Control": "public, max-age=3600"}
+
+
+@bp.route("/collections/queryables")
+def collection_queryables():
+    """List of queryables for collection-search as defined by https://github.com/stac-api-extensions/filter?tab=readme-ov-file#queryables"""
+    return flask.jsonify(COLLECTION_QUERYABLES), {"Cache-Control": "public, max-age=3600"}

geovisio/web/stac.py

@@ -144,6 +144,12 @@ def getLanding():
                     "href": mapUrl,
                     "title": "Pictures and sequences vector tiles",
                 },
+                {
+                    "title": "Queryables",
+                    "href": url_for("queryables.search_queryables", _external=True),
+                    "rel": "http://www.opengis.net/def/rel/ogc/1.0/queryables",
+                    "type": "application/schema+json",
+                },
                 {
                     "rel": "xyz-style",
                     "type": "application/json",
@@ -348,7 +354,6 @@ def getUserCatalog(userId, userIdMatchesAccount=False):
     collection_request.pagination_filter = parse_collection_filter(request.args.get("page"))
 
     userName = None
-    meta_collection = None
     with db.cursor(current_app, row_factory=dict_row) as cursor:
         userName = cursor.execute("SELECT name FROM accounts WHERE id = %s", [userId]).fetchone()
 
@@ -359,8 +364,9 @@ def getUserCatalog(userId, userIdMatchesAccount=False):
         datasetBounds = get_dataset_bounds(
             cursor.connection,
             collection_request.sort_by,
-            additional_filters=SQL("s.account_id = %(account)s"),
+            additional_filters=SQL("s.account_id = %(account)s AND is_sequence_visible_by_user(s, %(account_to_query)s)"),
             additional_filters_params={"account": userId},
+            account_to_query_id=auth.get_current_account_id(),
         )
 
         if datasetBounds is None: