Add ability for users to remove themselves as maintainers

2020-07-08 23:42:30 +01:00 · 2020-07-08 23:42:30 +01:00 · 8dcbcd8b62
parent d00428eb7e
commit 8dcbcd8b62
4 changed files with 35 additions and 2 deletions
--- a/app/blueprints/packages/packages.py
+++ b/app/blueprints/packages/packages.py
@ -409,12 +409,12 @@ def edit_maintainers(package):
 		for user in users:
 			if not user in package.maintainers:
 				triggerNotif(user, current_user,
-						"Added you as a maintainer to {}".format(package.title), package.getDetailsURL())
+						"Added you as a maintainer of {}".format(package.title), package.getDetailsURL())

 		for user in package.maintainers:
 			if not user in users:
 				triggerNotif(user, current_user,
-						"Removed you as a maintainer to {}".format(package.title), package.getDetailsURL())
+						"Removed you as a maintainer of {}".format(package.title), package.getDetailsURL())

 		package.maintainers.clear()
 		package.maintainers.extend(users)
@ -432,3 +432,24 @@ def edit_maintainers(package):

 	return render_template("packages/edit_maintainers.html", \
 			package=package, form=form, users=users)
+
+
+@bp.route("/packages/<author>/<name>/remove-self-maintainer/", methods=["POST"])
+@login_required
+@is_package_page
+def remove_self_maintainers(package):
+	if not current_user in package.maintainers:
+		flash("You are not a maintainer", "danger")
+
+	elif current_user == package.author:
+		flash("Package owners cannot remove themselves as maintainers", "danger")
+
+	else:
+		package.maintainers.remove(current_user)
+
+		triggerNotif(package.author, current_user,
+					"Removed themself as a maintainer of {}".format(package.title), package.getDetailsURL())
+
+		db.session.commit()
+
+	return redirect(package.getDetailsURL())
--- a/app/models.py
+++ b/app/models.py
@ -645,6 +645,10 @@ class Package(db.Model):
 		return url_for("packages.edit_maintainers",
 				author=self.author.username, name=self.name)

+	def getRemoveSelfMaintainerURL(self):
+		return url_for("packages.remove_self_maintainers",
+				author=self.author.username, name=self.name)
+
 	def getDownloadRelease(self, version=None):
 		for rel in self.releases:
 			if rel.approved and (version is None or
--- a/app/templates/packages/edit_maintainers.html
+++ b/app/templates/packages/edit_maintainers.html
@ -12,6 +12,7 @@
 	<p>
 		{{ _("Maintainers are given write access to the package.") }}
 		{{ _("Depending on their rank, they will be able to edit the package, create releases and screenshots, and read private threads.") }}
+		{{ _("Maintainers cannot add or remove other maintainers, but can remove themselves.") }}
 	</p>

 	<form method="POST" action="" class="tableform">
--- a/app/templates/packages/view.html
+++ b/app/templates/packages/view.html
@ -272,6 +272,13 @@
 									{{ user.display_name }}
 								</a>
 							{% endfor %}
+
+							{% if current_user in package.maintainers and not package.checkPerm(current_user, "EDIT_MAINTAINERS") %}
+								<form class="mt-2"  method="post" action="{{ package.getRemoveSelfMaintainerURL() }}">
+									<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+									<input class="btn btn-sm btn-link p-0" type="submit" value="{{ _("Remove myself") }}" />
+								</form>
+							{% endif %}
 						</td>
 					</tr>
 				</table>