Improve permission checking in work queue
This commit is contained in:
parent
71691708ae
commit
8a8b0e505b
@ -35,11 +35,15 @@ class Permission(enum.Enum):
|
||||
APPROVE_NEW = "APPROVE_NEW"
|
||||
CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
|
||||
|
||||
# Only return true if the permission is valid for *all* contexts
|
||||
# See Package.checkPerm for package-specific contexts
|
||||
def check(self, user):
|
||||
if not user.is_authenticated:
|
||||
return False
|
||||
|
||||
if self == Permission.APPROVE_NEW:
|
||||
if self == Permission.APPROVE_NEW or \
|
||||
self == Permission.APPROVE_CHANGES or \
|
||||
self == Permission.APPROVE_RELEASE:
|
||||
return user.rank.atLeast(UserRank.EDITOR)
|
||||
else:
|
||||
raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")
|
||||
|
@ -5,29 +5,33 @@
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<h2>Packages Awaiting Approval</h2>
|
||||
<ul>
|
||||
{% for p in approve_new %}
|
||||
<li><a href="{{ p.getDetailsURL() }}">
|
||||
{{ p.title }} by {{ p.author.display_name }}
|
||||
</a></li>
|
||||
{% else %}
|
||||
<li><i>No packages need reviewing.</i></ul>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% if canApproveNew %}
|
||||
<h2>Packages Awaiting Approval</h2>
|
||||
<ul>
|
||||
{% for p in approve_new %}
|
||||
<li><a href="{{ p.getDetailsURL() }}">
|
||||
{{ p.title }} by {{ p.author.display_name }}
|
||||
</a></li>
|
||||
{% else %}
|
||||
<li><i>No packages need reviewing.</i></ul>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% endif %}
|
||||
|
||||
<h2>Releases Awaiting Approval</h2>
|
||||
<ul>
|
||||
{% for r in releases %}
|
||||
<li>
|
||||
<a href="{{ r.getEditURL() }}">{{ r.title }}</a>
|
||||
on
|
||||
<a href="{{ r.package.getDetailsURL() }}">
|
||||
{{ r.package.title }} by {{ r.package.author.display_name }}
|
||||
</a>
|
||||
</li>
|
||||
{% else %}
|
||||
<li><i>No releases need reviewing.</i></ul>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% if canApproveRel %}
|
||||
<h2>Releases Awaiting Approval</h2>
|
||||
<ul>
|
||||
{% for r in releases %}
|
||||
<li>
|
||||
<a href="{{ r.getEditURL() }}">{{ r.title }}</a>
|
||||
on
|
||||
<a href="{{ r.package.getDetailsURL() }}">
|
||||
{{ r.package.title }} by {{ r.package.author.display_name }}
|
||||
</a>
|
||||
</li>
|
||||
{% else %}
|
||||
<li><i>No releases need reviewing.</i></ul>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
@ -31,15 +31,28 @@ def txp_page():
|
||||
return render_template('packages.html', title="Texture Packs", packages=packages)
|
||||
|
||||
def canSeeWorkQueue():
|
||||
return Permission.APPROVE_NEW.check(current_user)
|
||||
return Permission.APPROVE_NEW.check(current_user) or \
|
||||
Permission.APPROVE_RELEASE.check(current_user) or \
|
||||
Permission.APPROVE_CHANGES.check(current_user)
|
||||
|
||||
@menu.register_menu(app, '.todo', "Work Queue", order=20, visible_when=lambda: canSeeWorkQueue)
|
||||
@app.route("/todo/")
|
||||
@login_required
|
||||
def todo_page():
|
||||
packages = Package.query.filter_by(approved=False).all()
|
||||
releases = PackageRelease.query.filter_by(approved=False).all()
|
||||
return render_template('todo.html', title="Reports and Work Queue", approve_new=packages, releases=releases)
|
||||
canApproveNew = Permission.APPROVE_NEW.check(current_user)
|
||||
canApproveRel = Permission.APPROVE_RELEASE.check(current_user)
|
||||
|
||||
packages = None
|
||||
if canApproveNew:
|
||||
packages = Package.query.filter_by(approved=False).all()
|
||||
|
||||
releases = None
|
||||
if canApproveRel:
|
||||
releases = PackageRelease.query.filter_by(approved=False).all()
|
||||
|
||||
return render_template('todo.html', title="Reports and Work Queue",
|
||||
approve_new=packages, releases=releases,
|
||||
canApproveNew=canApproveNew, canApproveRel=canApproveRel)
|
||||
|
||||
|
||||
def getPageByInfo(type, author, name):
|
||||
|
Loading…
x
Reference in New Issue
Block a user