Allow Editors to edit tags

2020-07-15 19:54:33 +01:00 · 2020-07-15 19:54:33 +01:00 · 7fb2f3170c
parent 9663e87838
commit 7fb2f3170c
4 changed files with 43 additions and 11 deletions
--- a/app/blueprints/admin/tagseditor.py
+++ b/app/blueprints/admin/tagseditor.py
@ -25,8 +25,11 @@ from wtforms.validators import *
 from app.utils import rank_required

@bp.route("/tags/")
-@rank_required(UserRank.MODERATOR)
+@login_required
 def tag_list():
+	if not Permission.EDIT_TAGS.check(current_user):
+		abort(403)
+
 	return render_template("admin/tags/list.html", tags=Tag.query.order_by(db.asc(Tag.title)).all())

 class TagForm(FlaskForm):
@ -36,7 +39,7 @@ class TagForm(FlaskForm):

@bp.route("/tags/new/", methods=["GET", "POST"])
@bp.route("/tags/<name>/edit/", methods=["GET", "POST"])
-@rank_required(UserRank.MODERATOR)
+@login_required
 def create_edit_tag(name=None):
 	tag = None
 	if name is not None:
@ -44,6 +47,9 @@ def create_edit_tag(name=None):
 		if tag is None:
 			abort(404)

+	if not Permission.checkPerm(current_user, Permission.EDIT_TAGS if tag else Permission.CREATE_TAG):
+		abort(403)
+
 	form = TagForm(formdata=request.form, obj=tag)
 	if request.method == "POST" and form.validate():
 		if tag is None:
@ -52,6 +58,10 @@ def create_edit_tag(name=None):
 		else:
 			form.populate_obj(tag)
 		db.session.commit()
-		return redirect(url_for("admin.create_edit_tag", name=tag.name))
+
+		if Permission.EDIT_TAGS.check(current_user):
+			return redirect(url_for("admin.create_edit_tag", name=tag.name))
+		else:
+			return redirect(url_for("homepage.home"))

 	return render_template("admin/tags/edit.html", tag=tag, form=form)
--- a/app/models.py
+++ b/app/models.py
@ -84,6 +84,8 @@ class Permission(enum.Enum):
 	APPROVE_SCREENSHOT = "APPROVE_SCREENSHOT"
 	APPROVE_RELEASE    = "APPROVE_RELEASE"
 	APPROVE_NEW        = "APPROVE_NEW"
+	EDIT_TAGS          = "EDIT_TAGS"
+	CREATE_TAG         = "CREATE_TAG"
 	CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
 	CHANGE_USERNAMES   = "CHANGE_USERNAMES"
 	CHANGE_RANK        = "CHANGE_RANK"
@ -111,11 +113,22 @@ class Permission(enum.Enum):
 				self == Permission.APPROVE_CHANGES    or \
 				self == Permission.APPROVE_RELEASE    or \
 				self == Permission.APPROVE_SCREENSHOT or \
+				self == Permission.EDIT_TAGS or \
+				self == Permission.CREATE_TAG or \
 				self == Permission.SEE_THREAD:
 			return user.rank.atLeast(UserRank.EDITOR)
 		else:
 			raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")

+	@staticmethod
+	def checkPerm(user, perm):
+		if type(perm) == str:
+			perm = Permission[perm]
+		elif type(perm) != Permission:
+			raise Exception("Unknown permission given to Permission.check")
+
+		return perm.check(user)
+
 def display_name_default(context):
    return context.get_current_parameters()["username"]

--- a/app/template_filters.py
+++ b/app/template_filters.py
@ -1,14 +1,16 @@
 from . import app
+from .models import Permission
 from .utils import abs_url_for, url_set_query
 from urllib.parse import urlparse

@app.context_processor
 def inject_debug():
-    return dict(debug=app.debug)
+	return dict(debug=app.debug)

@app.context_processor
 def inject_functions():
-    return dict(abs_url_for=abs_url_for, url_set_query=url_set_query)
+	check_global_perm = Permission.checkPerm
+	return dict(abs_url_for=abs_url_for, url_set_query=url_set_query, check_global_perm=check_global_perm)

@app.template_filter()
 def throw(err):
@ -20,8 +22,8 @@ def domain(url):

@app.template_filter()
 def date(value):
-    return value.strftime("%Y-%m-%d")
+	return value.strftime("%Y-%m-%d")

@app.template_filter()
 def datetime(value):
-    return value.strftime("%Y-%m-%d %H:%M") + " UTC"
+	return value.strftime("%Y-%m-%d %H:%M") + " UTC"
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -92,15 +92,22 @@
 								<li class="nav-item">
 									<a class="nav-link" href="{{ url_for('todo.topics') }}">{{ _("All unadded topics") }}</a>
 								</li>
+
 								{% if current_user.rank.atLeast(current_user.rank.MODERATOR) %}
 									<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.audit') }}">{{ _("Audit Log") }}</a></li>
 								{% endif %}
+
 								{% if current_user.rank == current_user.rank.ADMIN %}
 									<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.admin_page') }}">{{ _("Admin") }}</a></li>
-								{% endif %}
-								{% if current_user.rank == current_user.rank.MODERATOR %}
-									<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.tag_list') }}">{{ _("Tag Editor") }}</a></li>
-									<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.license_list') }}">{{ _("License Editor") }}</a></li>
+								{% else %}
+									{% if check_global_perm(current_user, "EDIT_TAGS") %}
+										<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.tag_list') }}">{{ _("Tag Editor") }}</a></li>
+									{% elif check_global_perm(current_user, "CREATE_TAG") %}
+										<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.create_edit_tag') }}">{{ _("Create Tag") }}</a></li>
+									{% endif %}
+									{% if current_user.rank == current_user.rank.MODERATOR %}
+										<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.license_list') }}">{{ _("License Editor") }}</a></li>
+									{% endif %}
 								{% endif %}
 								<li class="nav-item"><a class="nav-link" href="{{ url_for('user.logout') }}">{{ _("Sign out") }}</a></li>
 							</ul>