1 files changed, 70 insertions, 13 deletions

diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py
index 7ddfa179a..468312046 100644
--- a/ishtar_common/views_item.py
+++ b/ishtar_common/views_item.py
@@ -33,7 +33,7 @@ from django.db.models.functions import ExtractYear
 from django.db.utils import ProgrammingError
 from django import forms
 from django.forms.models import model_to_dict
-from django.http import HttpResponse
+from django.http import HttpResponse, Http404
 from django.shortcuts import render
 from django.template import loader
 from django.urls import reverse, NoReverseMatch
@@ -283,6 +283,52 @@ def display_item(model, extra_dct=None, show_url=None):
     return func
 
 
+def show_source_item(request, source_id, model, name, base_dct, extra_dct):
+    try:
+        __, source_id, external_id = source_id.split("-")
+        source_id, external_id = int(source_id), int(external_id)
+    except ValueError:
+        raise Http404()
+    models_rest.ApiExternalSource.objects.get()
+    # TODO: check permissions
+    try:
+        src = models_rest.ApiExternalSource.objects.get(
+            pk=source_id)
+    except models_rest.ApiExternalSource.DoesNotExist:
+        return HttpResponse("{}", content_type="text/plain")
+    url = src.url
+    if not url.endswith("/"):
+        url += "/"
+    url += f"api/get/{model.SLUG}/{external_id}/"
+    try:
+        response = requests.get(
+            url,
+            timeout=20,
+            headers={"Authorization": f"Token {src.key}"},
+        )
+    except requests.exceptions.Timeout:
+        return HttpResponse("{}", content_type="text/plain")
+    item = response.json()
+    dct = deepcopy(base_dct)
+    if not item:
+        return HttpResponse("{}", content_type="text/plain")
+    item["is_external"] = True
+    item["current_source"] = src.name
+    dct["item"], dct["item_name"] = item, name
+    dct["is_external"] = True
+
+    if extra_dct:
+        dct.update(extra_dct(request, dct))
+
+    permissions = ["permission_view_document"]
+    for p in permissions:
+        dct[p] = True
+
+    tpl = loader.get_template(f"ishtar/sheet_{name}_window.html")
+    content = tpl.render(dct, request)
+    return HttpResponse(content, content_type="application/xhtml")
+
+
 def show_item(model, name, extra_dct=None, model_for_perms=None):
     def func(request, pk, **dct):
         check_model = model
@@ -298,10 +344,6 @@ def show_item(model, name, extra_dct=None, model_for_perms=None):
             query_own = model.get_query_owns(request.user.ishtaruser)
             if query_own:
                 q = q.filter(query_own).distinct()
-        try:
-            item = q.get(pk=pk)
-        except (ObjectDoesNotExist, ValueError):
-            return HttpResponse("")
         doc_type = "type" in dct and dct.pop("type")
         url_name = (
             "/".join(reverse("show-" + name, args=["0", ""]).split("/")[:-2]) + "/"
@@ -315,12 +357,15 @@ def show_item(model, name, extra_dct=None, model_for_perms=None):
         date = None
         if "date" in dct:
             date = dct.pop("date")
-        dct["sheet_id"] = "%s-%d" % (name, item.pk)
-        dct["window_id"] = "%s-%d-%s" % (
-            name,
-            item.pk,
-            datetime.datetime.now().strftime("%M%s"),
-        )
+        dct["sheet_id"] = f"{name}-{pk}"
+        dct["window_id"] = f"{name}-{pk}-{datetime.datetime.now().strftime('%M%s')}"
+        if pk.startswith("source-"):
+            return show_source_item(
+                request, pk, model, name, dct, extra_dct)
+        try:
+            item = q.get(pk=pk)
+        except (ObjectDoesNotExist, ValueError):
+            return HttpResponse("")
 
         # list current perms
         if hasattr(request.user, "ishtaruser") and request.user.ishtaruser:
@@ -2359,7 +2404,7 @@ def get_distant_item(
     try:
         src = models_rest.ApiExternalSource.objects.get(
             pk=external_source_id)
-    except models_rest.ApiExternalSource.DoesNotExist:
+    except (models_rest.ApiExternalSource.DoesNotExist, ValueError):
         return HttpResponse("{}", content_type="text/plain")
     url = src.url
     url += reverse(f"api-search-{model}")
@@ -2377,6 +2422,18 @@ def get_distant_item(
         )
     except requests.exceptions.Timeout:
         return HttpResponse("{}", content_type="text/plain")
-    return HttpResponse(json.dumps(response.json()), content_type="application/json")
+    dct = response.json()
+    if "rows" in dct:
+        for row in dct["rows"]:
+            if "id" in row:
+                try:
+                    idx = int(row['id'])
+                except ValueError:
+                    continue
+                source_id = f"source-{external_source_id}-{idx}"
+                row["id"] = source_id
+                if "link" in row:
+                    row["link"] = row["link"].replace(str(idx), source_id)
+    return HttpResponse(json.dumps(dct), content_type="application/json")