Improve permission checking in work queue

app/models.py

@@ -35,11 +35,15 @@ class Permission(enum.Enum):
 	APPROVE_NEW        = "APPROVE_NEW"
 	CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
 
+	# Only return true if the permission is valid for *all* contexts
+	# See Package.checkPerm for package-specific contexts
 	def check(self, user):
 		if not user.is_authenticated:
 			return False
 
-		if self == Permission.APPROVE_NEW:
+		if self == Permission.APPROVE_NEW or \
+				self == Permission.APPROVE_CHANGES or \
+				self == Permission.APPROVE_RELEASE:
 			return user.rank.atLeast(UserRank.EDITOR)
 		else:
 			raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")

app/templates/todo.html

@@ -5,29 +5,33 @@
 {% endblock %}
 
 {% block content %}
-	<h2>Packages Awaiting Approval</h2>
+	{% if canApproveNew %}
-	<ul>
+		<h2>Packages Awaiting Approval</h2>
-		{% for p in approve_new %}
+		<ul>
-			<li><a href="{{ p.getDetailsURL() }}">
+			{% for p in approve_new %}
-				{{ p.title }} by {{ p.author.display_name }}
+				<li><a href="{{ p.getDetailsURL() }}">
-			</a></li>
+					{{ p.title }} by {{ p.author.display_name }}
-		{% else %}
+				</a></li>
-			<li><i>No packages need reviewing.</i></ul>
+			{% else %}
-		{% endfor %}
+				<li><i>No packages need reviewing.</i></ul>
-	</ul>
+			{% endfor %}
+		</ul>
+	{% endif %}
 
-	<h2>Releases Awaiting Approval</h2>
+	{% if canApproveRel %}
-	<ul>
+		<h2>Releases Awaiting Approval</h2>
-		{% for r in releases %}
+		<ul>
-			<li>
+			{% for r in releases %}
-				<a href="{{ r.getEditURL() }}">{{ r.title }}</a>
+				<li>
-				on
+					<a href="{{ r.getEditURL() }}">{{ r.title }}</a>
-				<a href="{{ r.package.getDetailsURL() }}">
+					on
-					{{ r.package.title }} by {{ r.package.author.display_name }}
+					<a href="{{ r.package.getDetailsURL() }}">
-				</a>
+						{{ r.package.title }} by {{ r.package.author.display_name }}
-			</li>
+					</a>
-		{% else %}
+				</li>
-			<li><i>No releases need reviewing.</i></ul>
+			{% else %}
-		{% endfor %}
+				<li><i>No releases need reviewing.</i></ul>
-	</ul>
+			{% endfor %}
+		</ul>
+	{% endif %}
 {% endblock %}

app/views/packages.py

@@ -31,15 +31,28 @@ def txp_page():
 	return render_template('packages.html', title="Texture Packs", packages=packages)
 
 def canSeeWorkQueue():
-	return Permission.APPROVE_NEW.check(current_user)
+	return Permission.APPROVE_NEW.check(current_user) or \
+		Permission.APPROVE_RELEASE.check(current_user) or \
+			Permission.APPROVE_CHANGES.check(current_user)
 
 @menu.register_menu(app, '.todo', "Work Queue", order=20, visible_when=lambda: canSeeWorkQueue)
 @app.route("/todo/")
 @login_required
 def todo_page():
-	packages = Package.query.filter_by(approved=False).all()
+	canApproveNew = Permission.APPROVE_NEW.check(current_user)
-	releases = PackageRelease.query.filter_by(approved=False).all()
+	canApproveRel = Permission.APPROVE_RELEASE.check(current_user)
-	return render_template('todo.html', title="Reports and Work Queue", approve_new=packages, releases=releases)
+
+	packages = None
+	if canApproveNew:
+		packages = Package.query.filter_by(approved=False).all()
+
+	releases = None
+	if canApproveRel:
+		releases = PackageRelease.query.filter_by(approved=False).all()
+
+	return render_template('todo.html', title="Reports and Work Queue",
+		approve_new=packages, releases=releases,
+		canApproveNew=canApproveNew, canApproveRel=canApproveRel)
 
 
 def getPageByInfo(type, author, name):