mirror of
https://github.com/minetest/contentdb.git
synced 2024-12-22 22:12:24 +01:00
Allow admin to delete any user (except admins)
This commit is contained in:
parent
6bbe2307e9
commit
562b0ceffe
@ -270,13 +270,18 @@ def delete(username):
|
||||
if request.method == "GET":
|
||||
return render_template("users/delete.html", user=user, can_delete=user.can_delete())
|
||||
|
||||
if user.can_delete():
|
||||
if "delete" in request.form and (user.can_delete() or current_user.rank.atLeast(UserRank.ADMIN)):
|
||||
msg = "Deleted user {}".format(user.username)
|
||||
flash(msg, "success")
|
||||
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
||||
|
||||
if current_user.rank.atLeast(UserRank.ADMIN):
|
||||
for pkg in user.packages.all():
|
||||
pkg.review_thread = None
|
||||
db.session.delete(pkg)
|
||||
|
||||
db.session.delete(user)
|
||||
else:
|
||||
elif "deactivate" in request.form:
|
||||
user.replies.delete()
|
||||
for thread in user.threads.all():
|
||||
db.session.delete(thread)
|
||||
@ -286,6 +291,8 @@ def delete(username):
|
||||
msg = "Deactivated user {}".format(user.username)
|
||||
flash(msg, "success")
|
||||
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
||||
else:
|
||||
assert False
|
||||
|
||||
db.session.commit()
|
||||
|
||||
|
@ -115,7 +115,7 @@ class ForumTopic(db.Model):
|
||||
topic_id = db.Column(db.Integer, primary_key=True, autoincrement=False)
|
||||
|
||||
author_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
|
||||
author = db.relationship("User")
|
||||
author = db.relationship("User", back_populates="forum_topics")
|
||||
|
||||
wip = db.Column(db.Boolean, server_default="0")
|
||||
discarded = db.Column(db.Boolean, server_default="0")
|
||||
|
@ -174,6 +174,7 @@ class User(db.Model, UserMixin):
|
||||
tokens = db.relationship("APIToken", back_populates="owner", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||
threads = db.relationship("Thread", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||
replies = db.relationship("ThreadReply", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||
forum_topics = db.relationship("ForumTopic", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||
|
||||
def __init__(self, username=None, active=False, email=None, password=None):
|
||||
self.username = username
|
||||
|
@ -27,7 +27,16 @@
|
||||
{% endif %}
|
||||
|
||||
<a class="btn btn-secondary mr-3" href="{{ url_for('users.account', username=user.username) }}">Cancel</a>
|
||||
<input type="submit" value="{% if can_delete %}Delete{% else %}Deactivate{% endif %}" class="btn btn-danger" />
|
||||
<input type="submit"
|
||||
{% if can_delete %}
|
||||
name="delete" value="Delete"
|
||||
{% else %}
|
||||
name="deactivate" value="Deactivate"
|
||||
{% endif %}
|
||||
class="btn btn-danger" />
|
||||
{% if not can_delete and current_user.rank.atLeast(current_user.rank.ADMIN) %}
|
||||
<input type="submit" name="delete" value="Delete Anyway" class="btn btn-danger ml-3" />
|
||||
{% endif %}
|
||||
</div>
|
||||
</form>
|
||||
{% endblock %}
|
||||
|
Loading…
Reference in New Issue
Block a user