diff --git a/app/blueprints/packages/releases.py b/app/blueprints/packages/releases.py
index 73d21e8..fbc1de4 100644
--- a/app/blueprints/packages/releases.py
+++ b/app/blueprints/packages/releases.py
@@ -133,7 +133,7 @@ def edit_release(package, id):
abort(404)
canEdit = package.checkPerm(current_user, Permission.MAKE_RELEASE)
- canApprove = package.checkPerm(current_user, Permission.APPROVE_RELEASE)
+ canApprove = release.checkPerm(current_user, Permission.APPROVE_RELEASE)
if not (canEdit or canApprove):
return redirect(package.getDetailsURL())
diff --git a/app/models/packages.py b/app/models/packages.py
index 1740535..9807e59 100644
--- a/app/models/packages.py
+++ b/app/models/packages.py
@@ -870,7 +870,7 @@ class PackageRelease(db.Model):
self.releaseDate = datetime.datetime.now()
def approve(self, user):
- if not self.package.checkPerm(user, Permission.APPROVE_RELEASE):
+ if not self.checkPerm(user, Permission.APPROVE_RELEASE):
return False
if self.approved:
@@ -895,24 +895,26 @@ class PackageRelease(db.Model):
elif type(perm) != Permission:
raise Exception("Unknown permission given to PackageRelease.checkPerm()")
- isOwner = user == self.package.author
+ isMaintainer = user == self.package.author or user in self.package.maintainers
if perm == Permission.DELETE_RELEASE:
if user.rank.atLeast(UserRank.ADMIN):
return True
- if not (isOwner or user.rank.atLeast(UserRank.EDITOR)):
+ if not (isMaintainer or user.rank.atLeast(UserRank.EDITOR)):
return False
if not self.package.approved or self.task_id is not None:
return True
- count = PackageRelease.query \
- .filter_by(package_id=self.package_id) \
+ count = self.package.releases \
.filter(PackageRelease.id > self.id) \
.count()
return count > 0
+ elif perm == Permission.APPROVE_RELEASE:
+ return isMaintainer and user.rank.atLeast(
+ UserRank.MEMBER if self.approved else UserRank.NEW_MEMBER)
else:
raise Exception("Permission {} is not related to releases".format(perm.name))
diff --git a/app/templates/packages/release_edit.html b/app/templates/packages/release_edit.html
index 7340ec6..a32f5db 100644
--- a/app/templates/packages/release_edit.html
+++ b/app/templates/packages/release_edit.html
@@ -34,7 +34,7 @@
{% else %}
- {% if package.checkPerm(current_user, "APPROVE_RELEASE") %}
+ {% if release.checkPerm(current_user, "APPROVE_RELEASE") %}
{{ render_checkbox_field(form.approved, class_="my-3") }}
{% else %}
Approved: {{ release.approved }}
diff --git a/app/templates/packages/view.html b/app/templates/packages/view.html
index 5ab8095..f99448c 100644
--- a/app/templates/packages/view.html
+++ b/app/templates/packages/view.html
@@ -453,12 +453,12 @@
{% for rel in releases %}
- {% if rel.approved or package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE") %}
+ {% if rel.approved or package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE") %}
-
- {% if package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE") %}
+ {% if package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE") %}
Edit
- {% if not rel.task_id and not rel.approved and package.checkPerm(current_user, "APPROVE_RELEASE") %}
+ {% if not rel.task_id and not rel.approved and rel.checkPerm(current_user, "APPROVE_RELEASE") %}
/ Approve
{% endif %}
@@ -487,7 +487,7 @@
created {{ rel.releaseDate | date }}.
- {% if (package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE")) and rel.task_id %}
+ {% if (package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE")) and rel.task_id %}
Importing...
{% elif not rel.approved %}
Waiting for approval.