Add ability to delete releases

This commit is contained in:
rubenwardy 2020-01-19 00:02:33 +00:00
parent 0d6e217405
commit 59039a14a5
3 changed files with 69 additions and 0 deletions

@ -225,3 +225,20 @@ def bulk_change_release(package):
return redirect(package.getDetailsURL())
return render_template("packages/release_bulk_change.html", package=package, form=form)
@bp.route("/packages/<author>/<name>/releases/<id>/delete/", methods=["POST"])
@login_required
@is_package_page
def delete_release(package, id):
release = PackageRelease.query.get(id)
if release is None or release.package != package:
abort(404)
if not release.checkPerm(current_user, Permission.DELETE_RELEASE):
return redirect(release.getEditURL())
db.session.delete(release)
db.session.commit()
return redirect(package.getDetailsURL())

@ -78,6 +78,7 @@ class Permission(enum.Enum):
CHANGE_AUTHOR = "CHANGE_AUTHOR"
CHANGE_NAME = "CHANGE_NAME"
MAKE_RELEASE = "MAKE_RELEASE"
DELETE_RELEASE = "DELETE_RELEASE"
ADD_SCREENSHOTS = "ADD_SCREENSHOTS"
APPROVE_SCREENSHOT = "APPROVE_SCREENSHOT"
APPROVE_RELEASE = "APPROVE_RELEASE"
@ -741,6 +742,12 @@ class PackageRelease(db.Model):
name=self.package.name,
id=self.id)
def getDeleteURL(self):
return url_for("packages.delete_release",
author=self.package.author.username,
name=self.package.name,
id=self.id)
def getDownloadURL(self):
return url_for("packages.download_release",
author=self.package.author.username,
@ -761,6 +768,36 @@ class PackageRelease(db.Model):
self.approved = True
return True
def checkPerm(self, user, perm):
if not user.is_authenticated:
return False
if type(perm) == str:
perm = Permission[perm]
elif type(perm) != Permission:
raise Exception("Unknown permission given to PackageRelease.checkPerm()")
isOwner = user == self.package.author
if perm == Permission.DELETE_RELEASE:
if user.rank.atLeast(UserRank.ADMIN):
return True
if not (isOwner or user.rank.atLeast(UserRank.EDITOR)):
return False
if not self.package.approved:
return True
count = PackageRelease.query \
.filter_by(package_id=self.package_id) \
.filter(PackageRelease.id > self.id) \
.count()
return count > 0
else:
raise Exception("Permission {} is not related to releases".format(perm.name))
class PackageReview(db.Model):
id = db.Column(db.Integer, primary_key=True)

@ -5,6 +5,7 @@
{% endblock %}
{% block content %}
<h2>{{ _("Edit Release") }}</h2>
{% from "macros/forms.html" import render_field, render_submit_field, render_checkbox_field %}
<form method="POST" action="">
{{ form.hidden_tag() }}
@ -59,6 +60,20 @@
{{ render_submit_field(form.submit) }}
</form>
<h2 class="mt-5">{{ _("Delete Release") }}</h2>
{% if release.checkPerm(current_user, "DELETE_RELEASE") %}
<form method="POST" action="{{ release.getDeleteURL() }}" class="mb-5">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
<p>This is permanent.</p>
<input class="btn btn-danger" type="submit" value="Delete">
</form>
{% else %}
<div class="alert alert-secondary mb-5">
{{ _("You cannot delete the latest release; please create a newer one first.") }}
</div>
{% endif %}
{% endblock %}
{% block scriptextra %}