]> git.lizzy.rs Git - cheatdb.git/commitdiff
Add ability to delete releases
authorrubenwardy <rw@rubenwardy.com>
Sun, 19 Jan 2020 00:02:33 +0000 (00:02 +0000)
committerrubenwardy <rw@rubenwardy.com>
Sun, 19 Jan 2020 00:02:37 +0000 (00:02 +0000)
app/blueprints/packages/releases.py
app/models.py
app/templates/packages/release_edit.html

index a7f161e8aee7ae0653bf5faa97674832441b3f37..6ef19d2082e01073db89baa944311bc281dd6861 100644 (file)
@@ -225,3 +225,20 @@ def bulk_change_release(package):
                return redirect(package.getDetailsURL())
 
        return render_template("packages/release_bulk_change.html", package=package, form=form)
+
+
+@bp.route("/packages/<author>/<name>/releases/<id>/delete/", methods=["POST"])
+@login_required
+@is_package_page
+def delete_release(package, id):
+       release = PackageRelease.query.get(id)
+       if release is None or release.package != package:
+               abort(404)
+
+       if not release.checkPerm(current_user, Permission.DELETE_RELEASE):
+               return redirect(release.getEditURL())
+
+       db.session.delete(release)
+       db.session.commit()
+
+       return redirect(package.getDetailsURL())
index 78bba432e0b7533192453e5af6f7057a8b2ae98a..df1e5a1195f55dbb20b1c898be257d1bf0aa4a44 100644 (file)
@@ -78,6 +78,7 @@ class Permission(enum.Enum):
        CHANGE_AUTHOR      = "CHANGE_AUTHOR"
        CHANGE_NAME        = "CHANGE_NAME"
        MAKE_RELEASE       = "MAKE_RELEASE"
+       DELETE_RELEASE     = "DELETE_RELEASE"
        ADD_SCREENSHOTS    = "ADD_SCREENSHOTS"
        APPROVE_SCREENSHOT = "APPROVE_SCREENSHOT"
        APPROVE_RELEASE    = "APPROVE_RELEASE"
@@ -741,6 +742,12 @@ class PackageRelease(db.Model):
                                name=self.package.name,
                                id=self.id)
 
+       def getDeleteURL(self):
+               return url_for("packages.delete_release",
+                               author=self.package.author.username,
+                               name=self.package.name,
+                               id=self.id)
+
        def getDownloadURL(self):
                return url_for("packages.download_release",
                                author=self.package.author.username,
@@ -761,6 +768,36 @@ class PackageRelease(db.Model):
                self.approved = True
                return True
 
+       def checkPerm(self, user, perm):
+               if not user.is_authenticated:
+                       return False
+
+               if type(perm) == str:
+                       perm = Permission[perm]
+               elif type(perm) != Permission:
+                       raise Exception("Unknown permission given to PackageRelease.checkPerm()")
+
+               isOwner = user == self.package.author
+
+               if perm == Permission.DELETE_RELEASE:
+                       if user.rank.atLeast(UserRank.ADMIN):
+                               return True
+
+                       if not (isOwner or user.rank.atLeast(UserRank.EDITOR)):
+                               return False
+
+                       if not self.package.approved:
+                               return True
+
+                       count = PackageRelease.query \
+                                       .filter_by(package_id=self.package_id) \
+                                       .filter(PackageRelease.id > self.id) \
+                                       .count()
+
+                       return count > 0
+               else:
+                       raise Exception("Permission {} is not related to releases".format(perm.name))
+
 
 class PackageReview(db.Model):
        id         = db.Column(db.Integer, primary_key=True)
index 37fc655efc720c10ad4154f48afaf90eec1bf7ab..36d41d42055eb701a7e9052335a65b25c90b0372 100644 (file)
@@ -5,6 +5,7 @@
 {% endblock %}
 
 {% block content %}
+       <h2>{{ _("Edit Release") }}</h2>
        {% from "macros/forms.html" import render_field, render_submit_field, render_checkbox_field %}
        <form method="POST" action="">
                {{ form.hidden_tag() }}
 
                {{ render_submit_field(form.submit) }}
        </form>
+
+       <h2 class="mt-5">{{ _("Delete Release") }}</h2>
+
+       {% if release.checkPerm(current_user, "DELETE_RELEASE") %}
+               <form method="POST" action="{{ release.getDeleteURL() }}" class="mb-5">
+                       <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+                       <p>This is permanent.</p>
+                       <input class="btn btn-danger" type="submit" value="Delete">
+               </form>
+       {% else %}
+               <div class="alert alert-secondary mb-5">
+                       {{ _("You cannot delete the latest release; please create a newer one first.") }}
+               </div>
+       {% endif %}
 {% endblock %}
 
 {% block scriptextra %}