diff --git a/app/models.py b/app/models.py index 4f5fee2..188377c 100644 --- a/app/models.py +++ b/app/models.py @@ -99,7 +99,7 @@ class User(db.Model, UserMixin): self.rank = UserRank.NOT_JOINED def isClaimed(self): - return self.password is not None and self.password != "" + return self.rank.atLeast(UserRank.NEW_MEMBER) def checkPerm(self, user, perm): if not user.is_authenticated: @@ -111,7 +111,9 @@ class User(db.Model, UserMixin): raise Exception("Unknown permission given to User.checkPerm()") # Members can edit their own packages, and editors can edit any packages - if perm == Permission.CHANGE_RANK: + if perm == Permission.CHANGE_AUTHOR: + return user.rank.atLeast(UserRank.EDITOR) + elif perm == Permission.CHANGE_RANK: return user.rank.atLeast(UserRank.MODERATOR) else: raise Exception("Permission {} is not related to users".format(perm.name)) diff --git a/app/templates/packages/create_edit.html b/app/templates/packages/create_edit.html index a7ebdfd..0561e68 100644 --- a/app/templates/packages/create_edit.html +++ b/app/templates/packages/create_edit.html @@ -2,6 +2,9 @@ {% block title %} {{ package.title or "Create Package" }} + {% if not package and author != current_user %} + for {{ author.display_name }} + {% endif %} {% endblock %} {% block content %} diff --git a/app/templates/users/user_profile_page.html b/app/templates/users/user_profile_page.html index 91a3b54..7e280e1 100644 --- a/app/templates/users/user_profile_page.html +++ b/app/templates/users/user_profile_page.html @@ -74,6 +74,11 @@
  • No packages available {% endfor %} + {% if user == current_user or user.checkPerm(current_user, "CHANGE_AUTHOR") %} + + Create + + {% endif %} {% if form %} diff --git a/app/views/packages.py b/app/views/packages.py index f683749..8165c15 100644 --- a/app/views/packages.py +++ b/app/views/packages.py @@ -152,11 +152,26 @@ def create_edit_package_page(type=None, author=None, name=None): form = None if type is None: form = PackageForm(formdata=request.form) + author = request.args.get("author") + if author is None or author == current_user.username: + author = current_user + else: + author = User.query.filter_by(username=author).first() + if author is None: + flash("Unable to find that user", "error") + return redirect(url_for("create_edit_package_page")) + + if not author.checkPerm(current_user, Permission.CHANGE_AUTHOR): + flash("Permission denied", "error") + return redirect(url_for("create_edit_package_page")) + else: package = getPageByInfo(type, author, name) if not package.checkPerm(current_user, Permission.EDIT_PACKAGE): return redirect(package.getDetailsURL()) + author = package.author + form = PackageForm(formdata=request.form, obj=package) # Initial form class from post data and default data @@ -164,18 +179,19 @@ def create_edit_package_page(type=None, author=None, name=None): # Successfully submitted! if not package: package = Package() - package.author = current_user + package.author = author # package.approved = package.checkPerm(current_user, Permission.APPROVE_NEW) + form.populate_obj(package) # copy to row + package.tags.clear() for tag in form.tags.raw_data: package.tags.append(Tag.query.get(tag)) - form.populate_obj(package) # copy to row db.session.commit() # save return redirect(package.getDetailsURL()) # redirect - return render_template("packages/create_edit.html", package=package, form=form) + return render_template("packages/create_edit.html", package=package, form=form, author=author) @app.route("/s///approve/") @login_required