Revert "Limit visibility of unapproved packages to maintainers and approvers" and "Fix 404 on packages when not logged in"
This reverts commit85a178d90e
. This reverts commit727db52c19
.
This commit is contained in:
parent
afdf06b3f6
commit
f8e82b63e3
|
@ -115,9 +115,6 @@ def getReleases(package):
|
||||||
@bp.route("/packages/<author>/<name>/")
|
@bp.route("/packages/<author>/<name>/")
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def view(package):
|
def view(package):
|
||||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
show_similar = not package.approved and (
|
show_similar = not package.approved and (
|
||||||
current_user in package.maintainers or
|
current_user in package.maintainers or
|
||||||
package.checkPerm(current_user, Permission.APPROVE_NEW))
|
package.checkPerm(current_user, Permission.APPROVE_NEW))
|
||||||
|
@ -208,9 +205,6 @@ def shield(package, type):
|
||||||
@bp.route("/packages/<author>/<name>/download/")
|
@bp.route("/packages/<author>/<name>/download/")
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def download(package):
|
def download(package):
|
||||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
release = package.getDownloadRelease()
|
release = package.getDownloadRelease()
|
||||||
|
|
||||||
if release is None:
|
if release is None:
|
||||||
|
@ -593,9 +587,6 @@ def alias_create_edit(package: Package, alias_id: int = None):
|
||||||
@login_required
|
@login_required
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def share(package):
|
def share(package):
|
||||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
return render_template("packages/share.html", package=package,
|
return render_template("packages/share.html", package=package,
|
||||||
tabs=get_package_tabs(current_user, package), current_tab="share")
|
tabs=get_package_tabs(current_user, package), current_tab="share")
|
||||||
|
|
||||||
|
@ -603,9 +594,6 @@ def share(package):
|
||||||
@bp.route("/packages/<author>/<name>/similar/")
|
@bp.route("/packages/<author>/<name>/similar/")
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def similar(package):
|
def similar(package):
|
||||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
packages_modnames = {}
|
packages_modnames = {}
|
||||||
for metapackage in package.provides:
|
for metapackage in package.provides:
|
||||||
packages_modnames[metapackage] = Package.query.filter(Package.id != package.id,
|
packages_modnames[metapackage] = Package.query.filter(Package.id != package.id,
|
||||||
|
|
|
@ -33,9 +33,6 @@ from . import bp, get_package_tabs
|
||||||
@bp.route("/packages/<author>/<name>/releases/", methods=["GET", "POST"])
|
@bp.route("/packages/<author>/<name>/releases/", methods=["GET", "POST"])
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def list_releases(package):
|
def list_releases(package):
|
||||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
return render_template("packages/releases_list.html",
|
return render_template("packages/releases_list.html",
|
||||||
package=package,
|
package=package,
|
||||||
tabs=get_package_tabs(current_user, package), current_tab="releases")
|
tabs=get_package_tabs(current_user, package), current_tab="releases")
|
||||||
|
@ -111,9 +108,6 @@ def create_release(package):
|
||||||
@bp.route("/packages/<author>/<name>/releases/<id>/download/")
|
@bp.route("/packages/<author>/<name>/releases/<id>/download/")
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def download_release(package, id):
|
def download_release(package, id):
|
||||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
release = PackageRelease.query.get(id)
|
release = PackageRelease.query.get(id)
|
||||||
if release is None or release.package != package:
|
if release is None or release.package != package:
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
|
@ -24,8 +24,7 @@ from flask_login import current_user, login_required
|
||||||
from flask_wtf import FlaskForm
|
from flask_wtf import FlaskForm
|
||||||
from wtforms import *
|
from wtforms import *
|
||||||
from wtforms.validators import *
|
from wtforms.validators import *
|
||||||
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank, \
|
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank
|
||||||
Permission
|
|
||||||
from app.utils import is_package_page, addNotification, get_int_or_abort, isYes, is_safe_url, rank_required
|
from app.utils import is_package_page, addNotification, get_int_or_abort, isYes, is_safe_url, rank_required
|
||||||
from app.tasks.webhooktasks import post_discord_webhook
|
from app.tasks.webhooktasks import post_discord_webhook
|
||||||
|
|
||||||
|
@ -54,9 +53,6 @@ def review(package):
|
||||||
flash(gettext("You can't review your own package!"), "danger")
|
flash(gettext("You can't review your own package!"), "danger")
|
||||||
return redirect(package.getURL("packages.view"))
|
return redirect(package.getURL("packages.view"))
|
||||||
|
|
||||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
review = PackageReview.query.filter_by(package=package, author=current_user).first()
|
review = PackageReview.query.filter_by(package=package, author=current_user).first()
|
||||||
|
|
||||||
form = ReviewForm(formdata=request.form, obj=review)
|
form = ReviewForm(formdata=request.form, obj=review)
|
||||||
|
|
|
@ -599,7 +599,7 @@ class Package(db.Model):
|
||||||
|
|
||||||
def checkPerm(self, user, perm):
|
def checkPerm(self, user, perm):
|
||||||
if not user.is_authenticated:
|
if not user.is_authenticated:
|
||||||
return perm == Permission.SEE_PACKAGE and self.state == PackageState.APPROVED
|
return False
|
||||||
|
|
||||||
if type(perm) == str:
|
if type(perm) == str:
|
||||||
perm = Permission[perm]
|
perm = Permission[perm]
|
||||||
|
@ -610,10 +610,7 @@ class Package(db.Model):
|
||||||
isMaintainer = isOwner or user.rank.atLeast(UserRank.EDITOR) or user in self.maintainers
|
isMaintainer = isOwner or user.rank.atLeast(UserRank.EDITOR) or user in self.maintainers
|
||||||
isApprover = user.rank.atLeast(UserRank.APPROVER)
|
isApprover = user.rank.atLeast(UserRank.APPROVER)
|
||||||
|
|
||||||
if perm == Permission.SEE_PACKAGE:
|
if perm == Permission.CREATE_THREAD:
|
||||||
return self.state == PackageState.APPROVED or isMaintainer or isApprover
|
|
||||||
|
|
||||||
elif perm == Permission.CREATE_THREAD:
|
|
||||||
return user.rank.atLeast(UserRank.MEMBER)
|
return user.rank.atLeast(UserRank.MEMBER)
|
||||||
|
|
||||||
# Members can edit their own packages, and editors can edit any packages
|
# Members can edit their own packages, and editors can edit any packages
|
||||||
|
|
|
@ -59,7 +59,6 @@ class UserRank(enum.Enum):
|
||||||
|
|
||||||
|
|
||||||
class Permission(enum.Enum):
|
class Permission(enum.Enum):
|
||||||
SEE_PACKAGE = "SEE_PACKAGE"
|
|
||||||
EDIT_PACKAGE = "EDIT_PACKAGE"
|
EDIT_PACKAGE = "EDIT_PACKAGE"
|
||||||
DELETE_PACKAGE = "DELETE_PACKAGE"
|
DELETE_PACKAGE = "DELETE_PACKAGE"
|
||||||
CHANGE_AUTHOR = "CHANGE_AUTHOR"
|
CHANGE_AUTHOR = "CHANGE_AUTHOR"
|
||||||
|
|
|
@ -18,8 +18,7 @@
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
from flask import abort, redirect, url_for, request
|
from flask import abort, redirect, url_for, request
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
from app.models import User, NotificationType, Package, UserRank, Notification, db, AuditSeverity, AuditLogEntry, \
|
from app.models import User, NotificationType, Package, UserRank, Notification, db, AuditSeverity, AuditLogEntry, ThreadReply, Thread, PackageState, PackageType, PackageAlias
|
||||||
ThreadReply, Thread, PackageState, PackageType, PackageAlias
|
|
||||||
|
|
||||||
|
|
||||||
def getPackageByInfo(author, name):
|
def getPackageByInfo(author, name):
|
||||||
|
@ -40,15 +39,14 @@ def is_package_page(f):
|
||||||
if not ("author" in kwargs and "name" in kwargs):
|
if not ("author" in kwargs and "name" in kwargs):
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
||||||
author = kwargs.pop("author")
|
author = kwargs["author"]
|
||||||
name = kwargs.pop("name")
|
name = kwargs["name"]
|
||||||
|
|
||||||
package = getPackageByInfo(author, name)
|
package = getPackageByInfo(author, name)
|
||||||
if package is None:
|
if package is None:
|
||||||
package = getPackageByInfo(author, name + "_game")
|
package = getPackageByInfo(author, name + "_game")
|
||||||
if package and package.type == PackageType.GAME:
|
if package and package.type == PackageType.GAME:
|
||||||
args = dict(kwargs)
|
args = dict(kwargs)
|
||||||
args["author"] = author
|
|
||||||
args["name"] = name + "_game"
|
args["name"] = name + "_game"
|
||||||
return redirect(url_for(request.endpoint, **args))
|
return redirect(url_for(request.endpoint, **args))
|
||||||
|
|
||||||
|
@ -61,6 +59,8 @@ def is_package_page(f):
|
||||||
|
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
||||||
|
del kwargs["author"]
|
||||||
|
del kwargs["name"]
|
||||||
return f(package=package, *args, **kwargs)
|
return f(package=package, *args, **kwargs)
|
||||||
|
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
|
Loading…
Reference in New Issue