Add ability for users to remove themselves as maintainers

diff --git a/app/blueprints/packages/packages.py b/app/blueprints/packages/packages.py
index aa884159aa28a054e78cfd99768b85f56b29b08b..0297cc4e434093b258cdc4d18c2fecef03ec710b 100644 (file)
--- a/app/blueprints/packages/packages.py
+++ b/app/blueprints/packages/packages.py
@@ -409,12 +409,12 @@ def edit_maintainers(package):
                for user in users:
                        if not user in package.maintainers:
                                triggerNotif(user, current_user,
-                                               "Added you as a maintainer to {}".format(package.title), package.getDetailsURL())
+                                               "Added you as a maintainer of {}".format(package.title), package.getDetailsURL())
 
                for user in package.maintainers:
                        if not user in users:
                                triggerNotif(user, current_user,
-                                               "Removed you as a maintainer to {}".format(package.title), package.getDetailsURL())
+                                               "Removed you as a maintainer of {}".format(package.title), package.getDetailsURL())
 
                package.maintainers.clear()
                package.maintainers.extend(users)
@@ -432,3 +432,24 @@ def edit_maintainers(package):
 
        return render_template("packages/edit_maintainers.html", \
                        package=package, form=form, users=users)
+
+
+@bp.route("/packages/<author>/<name>/remove-self-maintainer/", methods=["POST"])
+@login_required
+@is_package_page
+def remove_self_maintainers(package):
+       if not current_user in package.maintainers:
+               flash("You are not a maintainer", "danger")
+
+       elif current_user == package.author:
+               flash("Package owners cannot remove themselves as maintainers", "danger")
+
+       else:
+               package.maintainers.remove(current_user)
+
+               triggerNotif(package.author, current_user,
+                                       "Removed themself as a maintainer of {}".format(package.title), package.getDetailsURL())
+
+               db.session.commit()
+
+       return redirect(package.getDetailsURL())

diff --git a/app/models.py b/app/models.py
index 0cb90c96c3b37d0c2a5c3f18bc77741b4dca39e3..56adc8eb1c6648b44d323b5c2b173415fe030c86 100644 (file)
--- a/app/models.py
+++ b/app/models.py
@@ -645,6 +645,10 @@ class Package(db.Model):
                return url_for("packages.edit_maintainers",
                                author=self.author.username, name=self.name)
 
+       def getRemoveSelfMaintainerURL(self):
+               return url_for("packages.remove_self_maintainers",
+                               author=self.author.username, name=self.name)
+
        def getDownloadRelease(self, version=None):
                for rel in self.releases:
                        if rel.approved and (version is None or

diff --git a/app/templates/packages/edit_maintainers.html b/app/templates/packages/edit_maintainers.html
index 2c67e3b9690a554b422d47278193bebcc0dd0ff1..db9a997eea3ec1a40b5601c7d74a0b418f43439b 100644 (file)
--- a/app/templates/packages/edit_maintainers.html
+++ b/app/templates/packages/edit_maintainers.html
@@ -12,6 +12,7 @@
        <p>
                {{ _("Maintainers are given write access to the package.") }}
                {{ _("Depending on their rank, they will be able to edit the package, create releases and screenshots, and read private threads.") }}
+               {{ _("Maintainers cannot add or remove other maintainers, but can remove themselves.") }}
        </p>
 
        <form method="POST" action="" class="tableform">

diff --git a/app/templates/packages/view.html b/app/templates/packages/view.html
index 3885aca87b5b9cf1b7bf585924110db01a98b226..8be65fba2f95866f04d3ca53d82a8f7a8b2d3c8e 100644 (file)
--- a/app/templates/packages/view.html
+++ b/app/templates/packages/view.html
@@ -272,6 +272,13 @@
                                                                        {{ user.display_name }}
                                                                </a>
                                                        {% endfor %}
+
+                                                       {% if current_user in package.maintainers and not package.checkPerm(current_user, "EDIT_MAINTAINERS") %}
+                                                               <form class="mt-2"  method="post" action="{{ package.getRemoveSelfMaintainerURL() }}">
+                                                                       <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+                                                                       <input class="btn btn-sm btn-link p-0" type="submit" value="{{ _("Remove myself") }}" />
+                                                               </form>
+                                                       {% endif %}
                                                </td>
                                        </tr>
                                </table>