return redirect(package.getDetailsURL())
return render_template("packages/release_bulk_change.html", package=package, form=form)
+
+
+@bp.route("/packages/<author>/<name>/releases/<id>/delete/", methods=["POST"])
+@login_required
+@is_package_page
+def delete_release(package, id):
+ release = PackageRelease.query.get(id)
+ if release is None or release.package != package:
+ abort(404)
+
+ if not release.checkPerm(current_user, Permission.DELETE_RELEASE):
+ return redirect(release.getEditURL())
+
+ db.session.delete(release)
+ db.session.commit()
+
+ return redirect(package.getDetailsURL())
CHANGE_AUTHOR = "CHANGE_AUTHOR"
CHANGE_NAME = "CHANGE_NAME"
MAKE_RELEASE = "MAKE_RELEASE"
+ DELETE_RELEASE = "DELETE_RELEASE"
ADD_SCREENSHOTS = "ADD_SCREENSHOTS"
APPROVE_SCREENSHOT = "APPROVE_SCREENSHOT"
APPROVE_RELEASE = "APPROVE_RELEASE"
name=self.package.name,
id=self.id)
+ def getDeleteURL(self):
+ return url_for("packages.delete_release",
+ author=self.package.author.username,
+ name=self.package.name,
+ id=self.id)
+
def getDownloadURL(self):
return url_for("packages.download_release",
author=self.package.author.username,
self.approved = True
return True
+ def checkPerm(self, user, perm):
+ if not user.is_authenticated:
+ return False
+
+ if type(perm) == str:
+ perm = Permission[perm]
+ elif type(perm) != Permission:
+ raise Exception("Unknown permission given to PackageRelease.checkPerm()")
+
+ isOwner = user == self.package.author
+
+ if perm == Permission.DELETE_RELEASE:
+ if user.rank.atLeast(UserRank.ADMIN):
+ return True
+
+ if not (isOwner or user.rank.atLeast(UserRank.EDITOR)):
+ return False
+
+ if not self.package.approved:
+ return True
+
+ count = PackageRelease.query \
+ .filter_by(package_id=self.package_id) \
+ .filter(PackageRelease.id > self.id) \
+ .count()
+
+ return count > 0
+ else:
+ raise Exception("Permission {} is not related to releases".format(perm.name))
+
class PackageReview(db.Model):
id = db.Column(db.Integer, primary_key=True)
{% endblock %}
{% block content %}
+ <h2>{{ _("Edit Release") }}</h2>
{% from "macros/forms.html" import render_field, render_submit_field, render_checkbox_field %}
<form method="POST" action="">
{{ form.hidden_tag() }}
{{ render_submit_field(form.submit) }}
</form>
+
+ <h2 class="mt-5">{{ _("Delete Release") }}</h2>
+
+ {% if release.checkPerm(current_user, "DELETE_RELEASE") %}
+ <form method="POST" action="{{ release.getDeleteURL() }}" class="mb-5">
+ <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+ <p>This is permanent.</p>
+ <input class="btn btn-danger" type="submit" value="Delete">
+ </form>
+ {% else %}
+ <div class="alert alert-secondary mb-5">
+ {{ _("You cannot delete the latest release; please create a newer one first.") }}
+ </div>
+ {% endif %}
{% endblock %}
{% block scriptextra %}