mirror of
https://github.com/minetest/contentdb.git
synced 2025-01-10 15:07:35 +01:00
Restrict changing display name to moderator and above
This commit is contained in:
parent
0a72a38dd0
commit
4841c66602
app
@ -65,6 +65,7 @@ class Permission(enum.Enum):
|
||||
APPROVE_RELEASE = "APPROVE_RELEASE"
|
||||
APPROVE_NEW = "APPROVE_NEW"
|
||||
CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
|
||||
CHANGE_DNAME = "CHANGE_DNAME"
|
||||
CHANGE_RANK = "CHANGE_RANK"
|
||||
CHANGE_EMAIL = "CHANGE_EMAIL"
|
||||
EDIT_EDITREQUEST = "EDIT_EDITREQUEST"
|
||||
@ -140,7 +141,7 @@ class User(db.Model, UserMixin):
|
||||
# Members can edit their own packages, and editors can edit any packages
|
||||
if perm == Permission.CHANGE_AUTHOR:
|
||||
return user.rank.atLeast(UserRank.EDITOR)
|
||||
elif perm == Permission.CHANGE_RANK:
|
||||
elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_DNAME:
|
||||
return user.rank.atLeast(UserRank.MODERATOR)
|
||||
elif perm == Permission.CHANGE_EMAIL:
|
||||
return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
|
||||
|
@ -7,7 +7,7 @@
|
||||
{% block content %}
|
||||
|
||||
<div class="box box_grey">
|
||||
<h2>{{ user.username }}</h2>
|
||||
<h2>{{ user.display_name }}</h2>
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
@ -73,7 +73,9 @@
|
||||
<div class="col-sm-6 col-md-5 col-lg-4">
|
||||
{{ form.hidden_tag() }}
|
||||
|
||||
{{ render_field(form.display_name, tabindex=230) }}
|
||||
{% if user.checkPerm(current_user, "CHANGE_DNAME") %}
|
||||
{{ render_field(form.display_name, tabindex=230) }}
|
||||
{% endif %}
|
||||
|
||||
{% if user.checkPerm(current_user, "CHANGE_EMAIL") %}
|
||||
{{ render_field(form.email, tabindex=240) }}
|
||||
|
@ -50,14 +50,16 @@ def user_profile_page(username):
|
||||
abort(404)
|
||||
|
||||
form = None
|
||||
if user == current_user or user.checkPerm(current_user, Permission.CHANGE_RANK):
|
||||
if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
|
||||
user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
|
||||
user.checkPerm(current_user, Permission.CHANGE_RANK):
|
||||
# Initialize form
|
||||
form = UserProfileForm(formdata=request.form, obj=user)
|
||||
|
||||
# Process valid POST
|
||||
if request.method=="POST" and form.validate():
|
||||
# Copy form fields to user_profile fields
|
||||
if user == current_user:
|
||||
if user.checkPerm(current_user, Permission.CHANGE_DNAME):
|
||||
user.display_name = form["display_name"].data
|
||||
|
||||
if user.checkPerm(current_user, Permission.CHANGE_RANK):
|
||||
|
Loading…
Reference in New Issue
Block a user