Move DELETE_REPLY permission to ThreadReply
This commit is contained in:
rubenwardy
parent
31b8a7931b
commit
08f6bd8bef
|
|
@ -126,7 +126,7 @@ def delete_reply(id):
|
|||
flash("Cannot delete thread opening post!", "danger")
|
||||
return redirect(thread.getViewURL())
|
||||
|
||||
if not thread.checkPerm(current_user, Permission.DELETE_REPLY):
|
||||
if not reply.checkPerm(current_user, Permission.DELETE_REPLY):
|
||||
abort(403)
|
||||
|
||||
if request.method == "GET":
|
||||
|
|
|
|||
|
|
@ -1105,7 +1105,7 @@ class Thread(db.Model):
|
|||
|
||||
def checkPerm(self, user, perm):
|
||||
if not user.is_authenticated:
|
||||
return not self.private
|
||||
return perm == Permission.SEE_THREAD and not self.private
|
||||
|
||||
if type(perm) == str:
|
||||
perm = Permission[perm]
|
||||
|
|
@ -1124,7 +1124,7 @@ class Thread(db.Model):
|
|||
elif perm == Permission.COMMENT_THREAD:
|
||||
return canSee and (not self.locked or user.rank.atLeast(UserRank.MODERATOR))
|
||||
|
||||
elif perm == Permission.LOCK_THREAD or perm == Permission.DELETE_REPLY:
|
||||
elif perm == Permission.LOCK_THREAD:
|
||||
return user.rank.atLeast(UserRank.MODERATOR)
|
||||
|
||||
else:
|
||||
|
|
@ -1137,6 +1137,21 @@ class ThreadReply(db.Model):
|
|||
author_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
|
||||
created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)
|
||||
|
||||
def checkPerm(self, user, perm):
|
||||
if not user.is_authenticated:
|
||||
return False
|
||||
|
||||
if type(perm) == str:
|
||||
perm = Permission[perm]
|
||||
elif type(perm) != Permission:
|
||||
raise Exception("Unknown permission given to ThreadReply.checkPerm()")
|
||||
|
||||
if perm == Permission.DELETE_REPLY:
|
||||
return user.rank.atLeast(UserRank.MODERATOR) and self.thread.replies[0] != self
|
||||
|
||||
else:
|
||||
raise Exception("Permission {} is not related to threads".format(perm.name))
|
||||
|
||||
|
||||
class PackageReview(db.Model):
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
</div>
|
||||
|
||||
<div class="card-body">
|
||||
{% if r != thread.replies[0] and thread.checkPerm(current_user, "DELETE_REPLY") %}
|
||||
{% if r.checkPerm(current_user, "DELETE_REPLY") %}
|
||||
<a class="float-right btn btn-secondary btn-sm"
|
||||
href="{{ url_for('threads.delete_reply', id=thread.id, reply=r.id) }}">
|
||||
<i class="fas fa-trash"></i>
|
||||
|
|
|
|||
Loading…
Reference in New Issue