Allow all users to delete their packages

app/blueprints/packages/packages.py

@@ -438,7 +438,7 @@ def remove(package):
 			flash("You don't have permission to do that.", "danger")
 			return redirect(package.getDetailsURL())
 
-		package.state = PackageState.READY_FOR_REVIEW
+		package.state = PackageState.WIP
 
 		msg = "Unapproved {}".format(package.title)
 		addNotification(package.maintainers, current_user, msg, package.getDetailsURL(), package)

app/models.py

@@ -813,7 +813,7 @@ class Package(db.Model):
 			return isOwner or user.rank.atLeast(UserRank.MODERATOR)
 
 		elif perm == Permission.UNAPPROVE_PACKAGE or perm == Permission.DELETE_PACKAGE:
-			return user.rank.atLeast(UserRank.EDITOR)
+			return user.rank.atLeast(UserRank.MEMBER if isOwner else UserRank.EDITOR)
 
 		elif perm == Permission.CHANGE_RELEASE_URL:
 			return user.rank.atLeast(UserRank.MODERATOR)

app/templates/packages/remove.html

@@ -1,19 +1,37 @@
 {% extends "base.html" %}
 
 {% block title %}
-	Delete | {{ package.title }}
+Delete | {{ package.title }}
 {% endblock %}
 
 {% block content %}
-	<form method="POST" action="" class="box box_grey ">
+<form class="card mb-3" style="max-width: 40rem; margin: auto;" method="POST" action="" >
-		<h3>Remove Package</h3>
+	<h3 class="card-header">Remove {{ package.title }}</h3>
 
-		<div class="box-body">
+	<div class="card-body">
-			<p>Deleting a package can be undone by the admin, but he'll be very annoyed!</p>
+		<p>
+			In order to avoid data loss, you cannot permanently delete packages.
+			You can remove them from ContentDB, which will cause them to not be
+			visible to any users and they may be permanently deleted in the future.
+			The Admin can restore removed packages, if needed.
+		</p>
 
-			<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+		{% if package.approved %}
-			<input type="submit" name="delete" value="Delete" class="btn btn-danger" />
+			<p>
+				Unapproving a package will put it back into Work in Progress, where
+				it can be submitted for approval again.
+			</p>
+		{% endif %}
+
+		<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+
+		<a class="btn btn-secondary float-right" href="{{ package.getDetailsURL() }}">Cancel</a>
+
+		<input type="submit" name="delete" value="Remove" class="btn btn-danger mr-2" />
+
+		{% if package.approved %}
 			<input type="submit" name="unapprove" value="Unapprove" class="btn btn-warning" />
-		</div>
+		{% endif %}
-	</form>
+	</div>
+</form>
 {% endblock %}

app/templates/todo/list.html

@@ -34,7 +34,11 @@
 				<div class="list-group list-group-flush">
 					{% for p in wip_packages %}
 						<a href="{{ p.getDetailsURL() }}" class="list-group-item list-group-item-action">
-							<span class="mr-2 badge badge-warning">{{ p.state.value }}</span>
+							{% if p.state == p.state.WIP %}
+								<span class="mr-2 badge badge-warning">WIP</span>
+							{% else %}
+								<span class="mr-2 badge badge-danger">{{ p.state.value }}</span>
+							{% endif %}
 
 							{{ p.title }} by {{ p.author.display_name }}
 						</a>