Improves publication status visibility

Enhances the user experience by restricting access to publications based on their status.

- Introduces admin-only visibility for non-published publications on the works list and landing pages,
  allowing administrators to preview and manage content effectively.

- Adds an "Edit in Admin" button for admins on the work landing page for quick access.

- Implements permission checks in the API viewset to filter publications based on user roles.

- Includes comprehensive tests to ensure the correct behavior for different user types and publication statuses.

Author: nuest

.claude/settings.local.json

@@ -7,7 +7,8 @@
       "Bash(gh issue view:*)",
       "Bash(pytest:*)",
       "Bash(pip search:*)",
-      "Bash(psql:*)"
+      "Bash(psql:*)",
+      "Bash(OPTIMAP_LOGGING_LEVEL=WARNING python manage.py test tests.test_work_landing_page.PublicationStatusVisibilityTest)"
     ],
     "deny": [],
     "ask": []

.claude/temp.md

@@ -1,6 +1,21 @@
-# OPTIMAP
+add a button to the work landing page for the logged in admin that takes the user directly to the editing view in the Django backend.
 
+for the article http://127.0.0.1:8000/work/10.1007/s11368-020-02742-9/ with the internal ID 949
 
+the editing page is http://127.0.0.1:8000/admin/publications/publication/949/change/
 
-# geoextent
+--
 
+
+expand all harvesting to identify an existing OpenAlex record based on the available unique identifier and store the OpenAlex ID together with the record; if there is no perfet match then the property of the record should be set to None and a seperate field should indicate which partial match(es) were found and what kind of match it was (e.g. DOI match, title+author match, etc);
+
+expand all harvesting to include the messages that led to a warning log also in the email that is sent after the harvesting run, so that the user can see what went wrong without having to check the logs;
+
+--
+
+
+add feed-based harvesting support (RSS/Atom) for EarthArxiv;
+
+all articles from EarthArxiv are available via https://eartharxiv.org/repository/list/
+
+there is a feed at https://eartharxiv.org/feed/ but it is unclear how many articles it contains

publications/templates/work_landing_page.html

@@ -18,6 +18,24 @@
 
 <h1 class="page-title">{{ pub.title }}</h1>
 
+{% if is_admin and status_display %}
+  <div class="alert alert-warning">
+    <strong>Admin view:</strong> This publication has status <span class="badge
+      {% if pub.status == 'p' %}badge-success
+      {% elif pub.status == 'd' %}badge-secondary
+      {% elif pub.status == 't' %}badge-warning
+      {% elif pub.status == 'w' %}badge-danger
+      {% elif pub.status == 'h' %}badge-info
+      {% endif %}">{{ status_display }}</span>
+    {% if pub.status != 'p' %}
+      and is not visible to the public.
+    {% endif %}
+    <a href="/admin/publications/publication/{{ pub.id }}/change/" class="btn btn-sm btn-primary float-right" target="_blank" rel="noopener">
+      Edit in Admin
+    </a>
+  </div>
+{% endif %}
+
 <div class="meta muted">
   {% if authors_list %}
     <strong>Authors:</strong> {{ authors_list|join:", " }} ·

publications/templates/works.html

@@ -12,9 +12,25 @@
 {% block content %}
   <div class="container py-5 works-page">
     <h2>All Article Links</h2>
+    {% if is_admin %}
+      <p class="alert alert-info">
+        <strong>Admin view:</strong> You can see all publications regardless of status. Status labels are shown next to each entry.
+      </p>
+    {% endif %}
     <ul>
       {% for item in links %}
-        <li><a href="{{ item.href }}" target="_blank" rel="noopener">{{ item.title }}</a></li>
+        <li>
+          <a href="{{ item.href }}" target="_blank" rel="noopener">{{ item.title }}</a>
+          {% if is_admin and item.status %}
+            <span class="badge
+              {% if item.status_code == 'p' %}badge-success
+              {% elif item.status_code == 'd' %}badge-secondary
+              {% elif item.status_code == 't' %}badge-warning
+              {% elif item.status_code == 'w' %}badge-danger
+              {% elif item.status_code == 'h' %}badge-info
+              {% endif %}">{{ item.status }}</span>
+          {% endif %}
+        </li>
       {% empty %}
         <li>No publications found.</li>
       {% endfor %}

publications/views.py

@@ -613,23 +613,55 @@ def works_list(request):
     Public page that lists a link for every work:
     - DOI present  -> /work/<doi> (site-local landing page)
     - no DOI       -> fall back to Publication.url (external/original)
+
+    Only published works (status='p') are shown to non-admin users.
+    Admin users see all works with status labels.
     """
-    pubs = Publication.objects.all().order_by("-creationDate", "-id")
+    is_admin = request.user.is_authenticated and request.user.is_staff
+
+    if is_admin:
+        pubs = Publication.objects.all().order_by("-creationDate", "-id")
+    else:
+        pubs = Publication.objects.filter(status='p').order_by("-creationDate", "-id")
+
     links = []
     for pub in pubs:
+        link_data = {"title": pub.title}
+
         if pub.doi:
-            links.append({"title": pub.title, "href": reverse("optimap:article-landing", args=[pub.doi])})
+            link_data["href"] = reverse("optimap:article-landing", args=[pub.doi])
         elif pub.url:
-            links.append({"title": pub.title, "href": pub.url})
-    return render(request, "works.html", {"links": links})
+            link_data["href"] = pub.url
+
+        # Add status info for admin users
+        if is_admin:
+            link_data["status"] = pub.get_status_display()
+            link_data["status_code"] = pub.status
+
+        links.append(link_data)
+
+    return render(request, "works.html", {"links": links, "is_admin": is_admin})
 
 
 def work_landing(request, doi):
     """
     Landing page for a publication with a DOI.
     Embeds a small Leaflet map when geometry is available.
+
+    Only published works (status='p') are accessible to non-admin users.
+    Admin users can view all works with a status label.
     """
-    pub = get_object_or_404(Publication, doi=doi)
+    is_admin = request.user.is_authenticated and request.user.is_staff
+
+    # Get the publication
+    try:
+        pub = Publication.objects.get(doi=doi)
+    except Publication.DoesNotExist:
+        raise Http404("Publication not found.")
+
+    # Check access permissions
+    if not is_admin and pub.status != 'p':
+        raise Http404("Publication not found.")
 
     feature_json = None
     if pub.geometry and not pub.geometry.empty:
@@ -645,5 +677,7 @@ def work_landing(request, doi):
         "feature_json": feature_json,
         "timeperiod_label": _format_timeperiod(pub),
         "authors_list": _normalize_authors(pub),
+        "is_admin": is_admin,
+        "status_display": pub.get_status_display() if is_admin else None,
     }
     return render(request, "work_landing_page.html", context)

publications/viewsets.py

@@ -20,7 +20,14 @@ class PublicationViewSet(viewsets.ReadOnlyModelViewSet):
     filter_backends = (filters.InBBoxFilter,)
     serializer_class = PublicationSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
-    queryset = Publication.objects.filter(status="p").distinct()
+
+    def get_queryset(self):
+        """
+        Return all publications for admin users, only published ones for others.
+        """
+        if self.request.user.is_authenticated and self.request.user.is_staff:
+            return Publication.objects.all().distinct()
+        return Publication.objects.filter(status="p").distinct()
 
 class SubscriptionViewSet(viewsets.ModelViewSet):
     """