Fix maintainers not being able to delete releases

app/blueprints/packages/releases.py

@@ -133,7 +133,7 @@ def edit_release(package, id):
 		abort(404)
 
 	canEdit	= package.checkPerm(current_user, Permission.MAKE_RELEASE)
-	canApprove = package.checkPerm(current_user, Permission.APPROVE_RELEASE)
+	canApprove = release.checkPerm(current_user, Permission.APPROVE_RELEASE)
 	if not (canEdit or canApprove):
 		return redirect(package.getDetailsURL())
 

app/models/packages.py

@@ -870,7 +870,7 @@ class PackageRelease(db.Model):
 		self.releaseDate = datetime.datetime.now()
 
 	def approve(self, user):
-		if not self.package.checkPerm(user, Permission.APPROVE_RELEASE):
+		if not self.checkPerm(user, Permission.APPROVE_RELEASE):
 			return False
 
 		if self.approved:
@@ -895,24 +895,26 @@ class PackageRelease(db.Model):
 		elif type(perm) != Permission:
 			raise Exception("Unknown permission given to PackageRelease.checkPerm()")
 
-		isOwner = user == self.package.author
+		isMaintainer = user == self.package.author or user in self.package.maintainers
 
 		if perm == Permission.DELETE_RELEASE:
 			if user.rank.atLeast(UserRank.ADMIN):
 				return True
 
-			if not (isOwner or user.rank.atLeast(UserRank.EDITOR)):
+			if not (isMaintainer or user.rank.atLeast(UserRank.EDITOR)):
 				return False
 
 			if not self.package.approved or self.task_id is not None:
 				return True
 
-			count = PackageRelease.query \
+			count = self.package.releases \
-					.filter_by(package_id=self.package_id) \
 					.filter(PackageRelease.id > self.id) \
 					.count()
 
 			return count > 0
+		elif perm == Permission.APPROVE_RELEASE:
+			return isMaintainer and user.rank.atLeast(
+					UserRank.MEMBER if self.approved else UserRank.NEW_MEMBER)
 		else:
 			raise Exception("Permission {} is not related to releases".format(perm.name))
 

app/templates/packages/release_edit.html

@@ -34,7 +34,7 @@
 
 			<br />
 		{% else %}
-			{% if package.checkPerm(current_user, "APPROVE_RELEASE") %}
+			{% if release.checkPerm(current_user, "APPROVE_RELEASE") %}
 				{{ render_checkbox_field(form.approved, class_="my-3") }}
 			{% else %}
 				Approved: {{ release.approved }}

app/templates/packages/view.html

@@ -453,12 +453,12 @@
 				</h3>
 				<ul class="list-group">
 					{% for rel in releases %}
-						{% if rel.approved or package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE")  %}
+						{% if rel.approved or package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE")  %}
 							<li class="list-group-item">
 
-								{% if package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE")  %}
+								{% if package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE")  %}
 									<a class="btn btn-sm btn-primary float-right" href="{{ rel.getEditURL() }}">Edit
-									{% if not rel.task_id and not rel.approved and package.checkPerm(current_user, "APPROVE_RELEASE") %}
+									{% if not rel.task_id and not rel.approved and rel.checkPerm(current_user, "APPROVE_RELEASE") %}
 										/ Approve
 									{% endif %}
 									</a>
@@ -487,7 +487,7 @@
 
 									created {{ rel.releaseDate | date }}.
 								</small>
-								{% if (package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE")) and rel.task_id %}
+								{% if (package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE")) and rel.task_id %}
 									<a href="{{ url_for('tasks.check', id=rel.task_id, r=package.getDetailsURL()) }}">Importing...</a>
 								{% elif not rel.approved %}
 									Waiting for approval.