@app.route("/threads/")
def threads_page():
- threads = Thread.query.filter_by(private=False).all()
- return render_template("threads/list.html", threads=threads)
+ query = Thread.query
+ if not Permission.SEE_THREAD.check(current_user):
+ query = query.filter_by(private=False)
+ return render_template("threads/list.html", threads=query.all())
+
+
+@app.route("/threads/<int:id>/subscribe/", methods=["POST"])
+@login_required
+def thread_subscribe_page(id):
+ thread = Thread.query.get(id)
+ if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
+ abort(404)
+
+ if current_user in thread.watchers:
+ flash("Already subscribed!", "success")
+ else:
+ flash("Subscribed to thread", "success")
+ thread.watchers.append(current_user)
+ db.session.commit()
+
+ return redirect(url_for("thread_page", id=id))
+
+
+@app.route("/threads/<int:id>/unsubscribe/", methods=["POST"])
+@login_required
+def thread_unsubscribe_page(id):
+ thread = Thread.query.get(id)
+ if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
+ abort(404)
+
+ if current_user in thread.watchers:
+ flash("Unsubscribed!", "success")
+ thread.watchers.remove(current_user)
+ db.session.commit()
+ else:
+ flash("Not subscribed to thread", "success")
+
+ return redirect(url_for("thread_page", id=id))
+
@app.route("/threads/<int:id>/", methods=["GET", "POST"])
def thread_page(id):
flash("Unable to find that package!", "error")
# Don't allow making threads on approved packages for now
- if package is None or package.approved:
+ if package is None:
abort(403)
def_is_private = request.args.get("private") or False
is_review_thread = package is not None and not package.approved
# Check that user can make the thread
- if is_review_thread and not (package.author == current_user or \
- package.checkPerm(current_user, Permission.APPROVE_NEW)):
+ if not package.checkPerm(current_user, Permission.CREATE_THREAD):
flash("Unable to create thread!", "error")
return redirect(url_for("home_page"))