Mirrorlandia_minetest/contentdb
1
0
Fork 0
mirror of https://github.com/minetest/contentdb.git synced 2024-11-10 09:33:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restrict changing display name to moderator and above

Browse Source
This commit is contained in:
rubenwardy 2018-05-21 22:31:50 +01:00
parent 0a72a38dd0
commit 4841c66602
No known key found for this signature in database
GPG Key ID: A1E29D52FF81513C
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/models.py
View File

@ -65,6 +65,7 @@ class Permission(enum.Enum):
APPROVE_RELEASE = "APPROVE_RELEASE" APPROVE_RELEASE = "APPROVE_RELEASE"
APPROVE_NEW = "APPROVE_NEW" APPROVE_NEW = "APPROVE_NEW"
CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL" CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
CHANGE_DNAME = "CHANGE_DNAME"
CHANGE_RANK = "CHANGE_RANK" CHANGE_RANK = "CHANGE_RANK"
CHANGE_EMAIL = "CHANGE_EMAIL" CHANGE_EMAIL = "CHANGE_EMAIL"
EDIT_EDITREQUEST = "EDIT_EDITREQUEST" EDIT_EDITREQUEST = "EDIT_EDITREQUEST"
@ -140,7 +141,7 @@ class User(db.Model, UserMixin):
# Members can edit their own packages, and editors can edit any packages # Members can edit their own packages, and editors can edit any packages
if perm == Permission.CHANGE_AUTHOR: if perm == Permission.CHANGE_AUTHOR:
return user.rank.atLeast(UserRank.EDITOR) return user.rank.atLeast(UserRank.EDITOR)
elif perm == Permission.CHANGE_RANK: elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_DNAME:
return user.rank.atLeast(UserRank.MODERATOR) return user.rank.atLeast(UserRank.MODERATOR)
elif perm == Permission.CHANGE_EMAIL: elif perm == Permission.CHANGE_EMAIL:
return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank)) return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))

6
app/templates/users/user_profile_page.html
View File

@ -7,7 +7,7 @@
{% block content %} {% block content %}
<div class="box box_grey"> <div class="box box_grey">
<h2>{{ user.username }}</h2> <h2>{{ user.display_name }}</h2>
<table> <table>
<tr> <tr>
@ -73,7 +73,9 @@
<div class="col-sm-6 col-md-5 col-lg-4"> <div class="col-sm-6 col-md-5 col-lg-4">
{{ form.hidden_tag() }} {{ form.hidden_tag() }}
{{ render_field(form.display_name, tabindex=230) }} {% if user.checkPerm(current_user, "CHANGE_DNAME") %}
{{ render_field(form.display_name, tabindex=230) }}
{% endif %}
{% if user.checkPerm(current_user, "CHANGE_EMAIL") %} {% if user.checkPerm(current_user, "CHANGE_EMAIL") %}
{{ render_field(form.email, tabindex=240) }} {{ render_field(form.email, tabindex=240) }}

6
app/views/users.py
View File

@ -50,14 +50,16 @@ def user_profile_page(username):
abort(404) abort(404)
form = None form = None
if user == current_user or user.checkPerm(current_user, Permission.CHANGE_RANK): if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
user.checkPerm(current_user, Permission.CHANGE_RANK):
# Initialize form # Initialize form
form = UserProfileForm(formdata=request.form, obj=user) form = UserProfileForm(formdata=request.form, obj=user)
# Process valid POST # Process valid POST
if request.method=="POST" and form.validate(): if request.method=="POST" and form.validate():
# Copy form fields to user_profile fields # Copy form fields to user_profile fields
if user == current_user: if user.checkPerm(current_user, Permission.CHANGE_DNAME):
user.display_name = form["display_name"].data user.display_name = form["display_name"].data
if user.checkPerm(current_user, Permission.CHANGE_RANK): if user.checkPerm(current_user, Permission.CHANGE_RANK):