Allow Editors to edit tags

[cheatdb.git] / app / blueprints / admin / tagseditor.py

diff --git a/app/blueprints/admin/tagseditor.py b/app/blueprints/admin/tagseditor.py
index 70328bdf98fd705318f234fa63ec669b32601f4a..39d69e89f895ee194bb4ea9f98169352ff63affe 100644 (file)
--- a/app/blueprints/admin/tagseditor.py
+++ b/app/blueprints/admin/tagseditor.py
@@ -25,8 +25,11 @@ from wtforms.validators import *
 from app.utils import rank_required
 
 @bp.route("/tags/")
-@rank_required(UserRank.MODERATOR)
+@login_required
 def tag_list():
+       if not Permission.EDIT_TAGS.check(current_user):
+               abort(403)
+
        return render_template("admin/tags/list.html", tags=Tag.query.order_by(db.asc(Tag.title)).all())
 
 class TagForm(FlaskForm):
@@ -36,7 +39,7 @@ class TagForm(FlaskForm):
 
 @bp.route("/tags/new/", methods=["GET", "POST"])
 @bp.route("/tags/<name>/edit/", methods=["GET", "POST"])
-@rank_required(UserRank.MODERATOR)
+@login_required
 def create_edit_tag(name=None):
        tag = None
        if name is not None:
@@ -44,6 +47,9 @@ def create_edit_tag(name=None):
                if tag is None:
                        abort(404)
 
+       if not Permission.checkPerm(current_user, Permission.EDIT_TAGS if tag else Permission.CREATE_TAG):
+               abort(403)
+
        form = TagForm(formdata=request.form, obj=tag)
        if request.method == "POST" and form.validate():
                if tag is None:
@@ -52,6 +58,10 @@ def create_edit_tag(name=None):
                else:
                        form.populate_obj(tag)
                db.session.commit()
-               return redirect(url_for("admin.create_edit_tag", name=tag.name))
+
+               if Permission.EDIT_TAGS.check(current_user):
+                       return redirect(url_for("admin.create_edit_tag", name=tag.name))
+               else:
+                       return redirect(url_for("homepage.home"))
 
        return render_template("admin/tags/edit.html", tag=tag, form=form)