rubenwardy
parent
5f2a399260
commit
ed88c61714
|
|
@ -99,7 +99,7 @@ class User(db.Model, UserMixin):
|
|||
self.rank = UserRank.NOT_JOINED
|
||||
|
||||
def isClaimed(self):
|
||||
return self.password is not None and self.password != ""
|
||||
return self.rank.atLeast(UserRank.NEW_MEMBER)
|
||||
|
||||
def checkPerm(self, user, perm):
|
||||
if not user.is_authenticated:
|
||||
|
|
@ -111,7 +111,9 @@ class User(db.Model, UserMixin):
|
|||
raise Exception("Unknown permission given to User.checkPerm()")
|
||||
|
||||
# Members can edit their own packages, and editors can edit any packages
|
||||
if perm == Permission.CHANGE_RANK:
|
||||
if perm == Permission.CHANGE_AUTHOR:
|
||||
return user.rank.atLeast(UserRank.EDITOR)
|
||||
elif perm == Permission.CHANGE_RANK:
|
||||
return user.rank.atLeast(UserRank.MODERATOR)
|
||||
else:
|
||||
raise Exception("Permission {} is not related to users".format(perm.name))
|
||||
|
|
|
|||
|
|
@ -2,6 +2,9 @@
|
|||
|
||||
{% block title %}
|
||||
{{ package.title or "Create Package" }}
|
||||
{% if not package and author != current_user %}
|
||||
for {{ author.display_name }}
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
|
|
|
|||
|
|
@ -74,6 +74,11 @@
|
|||
<li><i>No packages available</i></ul>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% if user == current_user or user.checkPerm(current_user, "CHANGE_AUTHOR") %}
|
||||
<a href="{{ url_for('create_edit_package_page', author=user.username) }}">
|
||||
Create
|
||||
</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
{% if form %}
|
||||
|
|
|
|||
|
|
@ -152,11 +152,26 @@ def create_edit_package_page(type=None, author=None, name=None):
|
|||
form = None
|
||||
if type is None:
|
||||
form = PackageForm(formdata=request.form)
|
||||
author = request.args.get("author")
|
||||
if author is None or author == current_user.username:
|
||||
author = current_user
|
||||
else:
|
||||
author = User.query.filter_by(username=author).first()
|
||||
if author is None:
|
||||
flash("Unable to find that user", "error")
|
||||
return redirect(url_for("create_edit_package_page"))
|
||||
|
||||
if not author.checkPerm(current_user, Permission.CHANGE_AUTHOR):
|
||||
flash("Permission denied", "error")
|
||||
return redirect(url_for("create_edit_package_page"))
|
||||
|
||||
else:
|
||||
package = getPageByInfo(type, author, name)
|
||||
if not package.checkPerm(current_user, Permission.EDIT_PACKAGE):
|
||||
return redirect(package.getDetailsURL())
|
||||
|
||||
author = package.author
|
||||
|
||||
form = PackageForm(formdata=request.form, obj=package)
|
||||
|
||||
# Initial form class from post data and default data
|
||||
|
|
@ -164,18 +179,19 @@ def create_edit_package_page(type=None, author=None, name=None):
|
|||
# Successfully submitted!
|
||||
if not package:
|
||||
package = Package()
|
||||
package.author = current_user
|
||||
package.author = author
|
||||
# package.approved = package.checkPerm(current_user, Permission.APPROVE_NEW)
|
||||
|
||||
form.populate_obj(package) # copy to row
|
||||
|
||||
package.tags.clear()
|
||||
for tag in form.tags.raw_data:
|
||||
package.tags.append(Tag.query.get(tag))
|
||||
|
||||
form.populate_obj(package) # copy to row
|
||||
db.session.commit() # save
|
||||
return redirect(package.getDetailsURL()) # redirect
|
||||
|
||||
return render_template("packages/create_edit.html", package=package, form=form)
|
||||
return render_template("packages/create_edit.html", package=package, form=form, author=author)
|
||||
|
||||
@app.route("/<type>s/<author>/<name>/approve/")
|
||||
@login_required
|
||||
|
|
|
|||
Loading…
Reference in New Issue