]> git.lizzy.rs Git - cheatdb.git/commitdiff
projects / cheatdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9663e87)
Allow Editors to edit tags
authorrubenwardy <rw@rubenwardy.com>
Wed, 15 Jul 2020 18:54:33 +0000 (19:54 +0100)
committerrubenwardy <rw@rubenwardy.com>
Wed, 15 Jul 2020 18:54:36 +0000 (19:54 +0100)
app/blueprints/admin/tagseditor.py patch | blob | history
app/models.py patch | blob | history
app/template_filters.py patch | blob | history
app/templates/base.html patch | blob | history

diff --git a/app/blueprints/admin/tagseditor.py b/app/blueprints/admin/tagseditor.py
index 70328bdf98fd705318f234fa63ec669b32601f4a..39d69e89f895ee194bb4ea9f98169352ff63affe 100644 (file)
--- a/app/blueprints/admin/tagseditor.py
+++ b/app/blueprints/admin/tagseditor.py
@@ -25,8 +25,11 @@ from wtforms.validators import *
 from app.utils import rank_required
 
 @bp.route("/tags/")
-@rank_required(UserRank.MODERATOR)
+@login_required
 def tag_list():
+       if not Permission.EDIT_TAGS.check(current_user):
+               abort(403)
+
        return render_template("admin/tags/list.html", tags=Tag.query.order_by(db.asc(Tag.title)).all())
 
 class TagForm(FlaskForm):
@@ -36,7 +39,7 @@ class TagForm(FlaskForm):
 
 @bp.route("/tags/new/", methods=["GET", "POST"])
 @bp.route("/tags/<name>/edit/", methods=["GET", "POST"])
-@rank_required(UserRank.MODERATOR)
+@login_required
 def create_edit_tag(name=None):
        tag = None
        if name is not None:
@@ -44,6 +47,9 @@ def create_edit_tag(name=None):
                if tag is None:
                        abort(404)
 
+       if not Permission.checkPerm(current_user, Permission.EDIT_TAGS if tag else Permission.CREATE_TAG):
+               abort(403)
+
        form = TagForm(formdata=request.form, obj=tag)
        if request.method == "POST" and form.validate():
                if tag is None:
@@ -52,6 +58,10 @@ def create_edit_tag(name=None):
                else:
                        form.populate_obj(tag)
                db.session.commit()
-               return redirect(url_for("admin.create_edit_tag", name=tag.name))
+
+               if Permission.EDIT_TAGS.check(current_user):
+                       return redirect(url_for("admin.create_edit_tag", name=tag.name))
+               else:
+                       return redirect(url_for("homepage.home"))
 
        return render_template("admin/tags/edit.html", tag=tag, form=form)
diff --git a/app/models.py b/app/models.py
index 711d9fd24d5d97ba5cfa861d60d6956c82751897..e6ff6f094c19e639f44886651166eb7f825d5b88 100644 (file)
--- a/app/models.py
+++ b/app/models.py
@@ -84,6 +84,8 @@ class Permission(enum.Enum):
        APPROVE_SCREENSHOT = "APPROVE_SCREENSHOT"
        APPROVE_RELEASE    = "APPROVE_RELEASE"
        APPROVE_NEW        = "APPROVE_NEW"
+       EDIT_TAGS          = "EDIT_TAGS"
+       CREATE_TAG         = "CREATE_TAG"
        CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
        CHANGE_USERNAMES   = "CHANGE_USERNAMES"
        CHANGE_RANK        = "CHANGE_RANK"
@@ -111,11 +113,22 @@ class Permission(enum.Enum):
                                self == Permission.APPROVE_CHANGES    or \
                                self == Permission.APPROVE_RELEASE    or \
                                self == Permission.APPROVE_SCREENSHOT or \
+                               self == Permission.EDIT_TAGS or \
+                               self == Permission.CREATE_TAG or \
                                self == Permission.SEE_THREAD:
                        return user.rank.atLeast(UserRank.EDITOR)
                else:
                        raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")
 
+       @staticmethod
+       def checkPerm(user, perm):
+               if type(perm) == str:
+                       perm = Permission[perm]
+               elif type(perm) != Permission:
+                       raise Exception("Unknown permission given to Permission.check")
+
+               return perm.check(user)
+
 def display_name_default(context):
     return context.get_current_parameters()["username"]
 
diff --git a/app/template_filters.py b/app/template_filters.py
index 14a10c64c36af8aeac055a9a62428588763d8173..574c1b1f00f975c1f1516ade5289767a830e647b 100644 (file)
--- a/app/template_filters.py
+++ b/app/template_filters.py
@@ -1,14 +1,16 @@
 from . import app
+from .models import Permission
 from .utils import abs_url_for, url_set_query
 from urllib.parse import urlparse
 
 @app.context_processor
 def inject_debug():
-    return dict(debug=app.debug)
+       return dict(debug=app.debug)
 
 @app.context_processor
 def inject_functions():
-    return dict(abs_url_for=abs_url_for, url_set_query=url_set_query)
+       check_global_perm = Permission.checkPerm
+       return dict(abs_url_for=abs_url_for, url_set_query=url_set_query, check_global_perm=check_global_perm)
 
 @app.template_filter()
 def throw(err):
@@ -20,8 +22,8 @@ def domain(url):
 
 @app.template_filter()
 def date(value):
-    return value.strftime("%Y-%m-%d")
+       return value.strftime("%Y-%m-%d")
 
 @app.template_filter()
 def datetime(value):
-    return value.strftime("%Y-%m-%d %H:%M") + " UTC"
+       return value.strftime("%Y-%m-%d %H:%M") + " UTC"
diff --git a/app/templates/base.html b/app/templates/base.html
index 67d83512a1793bb09e43dee44610e877a1ed9ff3..c9be4a27307605e5030b97c6d32762231fb1ab40 100644 (file)
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -92,15 +92,22 @@
                                                                <li class="nav-item">
                                                                        <a class="nav-link" href="{{ url_for('todo.topics') }}">{{ _("All unadded topics") }}</a>
                                                                </li>
+
                                                                {% if current_user.rank.atLeast(current_user.rank.MODERATOR) %}
                                                                        <li class="nav-item"><a class="nav-link" href="{{ url_for('admin.audit') }}">{{ _("Audit Log") }}</a></li>
                                                                {% endif %}
+
                                                                {% if current_user.rank == current_user.rank.ADMIN %}
                                                                        <li class="nav-item"><a class="nav-link" href="{{ url_for('admin.admin_page') }}">{{ _("Admin") }}</a></li>
-                                                               {% endif %}
-                                                               {% if current_user.rank == current_user.rank.MODERATOR %}
-                                                                       <li class="nav-item"><a class="nav-link" href="{{ url_for('admin.tag_list') }}">{{ _("Tag Editor") }}</a></li>
-                                                                       <li class="nav-item"><a class="nav-link" href="{{ url_for('admin.license_list') }}">{{ _("License Editor") }}</a></li>
+                                                               {% else %}
+                                                                       {% if check_global_perm(current_user, "EDIT_TAGS") %}
+                                                                               <li class="nav-item"><a class="nav-link" href="{{ url_for('admin.tag_list') }}">{{ _("Tag Editor") }}</a></li>
+                                                                       {% elif check_global_perm(current_user, "CREATE_TAG") %}
+                                                                               <li class="nav-item"><a class="nav-link" href="{{ url_for('admin.create_edit_tag') }}">{{ _("Create Tag") }}</a></li>
+                                                                       {% endif %}
+                                                                       {% if current_user.rank == current_user.rank.MODERATOR %}
+                                                                               <li class="nav-item"><a class="nav-link" href="{{ url_for('admin.license_list') }}">{{ _("License Editor") }}</a></li>
+                                                                       {% endif %}
                                                                {% endif %}
                                                                <li class="nav-item"><a class="nav-link" href="{{ url_for('user.logout') }}">{{ _("Sign out") }}</a></li>
                                                        </ul>
Cheat database for Dragonfire clientsmods, and texture packs.