Improve permission checking in work queue

2024-11-10 01:23:48 +01:00 · 2018-03-21 19:53:53 +00:00 · 2018-03-21 19:53:53 +00:00 · 8a8b0e505b
commit 8a8b0e505b
parent 71691708ae
3 changed files with 50 additions and 29 deletions
--- a/app/models.py
+++ b/app/models.py
@ -35,11 +35,15 @@ class Permission(enum.Enum):
 	APPROVE_NEW        = "APPROVE_NEW"
 	CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"

+	# Only return true if the permission is valid for *all* contexts
+	# See Package.checkPerm for package-specific contexts
 	def check(self, user):
 		if not user.is_authenticated:
 			return False

-		if self == Permission.APPROVE_NEW:
+		if self == Permission.APPROVE_NEW or \
+				self == Permission.APPROVE_CHANGES or \
+				self == Permission.APPROVE_RELEASE:
 			return user.rank.atLeast(UserRank.EDITOR)
 		else:
 			raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")
--- a/app/templates/todo.html
+++ b/app/templates/todo.html
@ -5,29 +5,33 @@
 {% endblock %}

 {% block content %}
-	<h2>Packages Awaiting Approval</h2>
-	<ul>
-		{% for p in approve_new %}
-			<li><a href="{{ p.getDetailsURL() }}">
-				{{ p.title }} by {{ p.author.display_name }}
-			</a></li>
-		{% else %}
-			<li><i>No packages need reviewing.</i></ul>
-		{% endfor %}
-	</ul>
+	{% if canApproveNew %}
+		<h2>Packages Awaiting Approval</h2>
+		<ul>
+			{% for p in approve_new %}
+				<li><a href="{{ p.getDetailsURL() }}">
+					{{ p.title }} by {{ p.author.display_name }}
+				</a></li>
+			{% else %}
+				<li><i>No packages need reviewing.</i></ul>
+			{% endfor %}
+		</ul>
+	{% endif %}

-	<h2>Releases Awaiting Approval</h2>
-	<ul>
-		{% for r in releases %}
-			<li>
-				<a href="{{ r.getEditURL() }}">{{ r.title }}</a>
-				on
-				<a href="{{ r.package.getDetailsURL() }}">
-					{{ r.package.title }} by {{ r.package.author.display_name }}
-				</a>
-			</li>
-		{% else %}
-			<li><i>No releases need reviewing.</i></ul>
-		{% endfor %}
-	</ul>
+	{% if canApproveRel %}
+		<h2>Releases Awaiting Approval</h2>
+		<ul>
+			{% for r in releases %}
+				<li>
+					<a href="{{ r.getEditURL() }}">{{ r.title }}</a>
+					on
+					<a href="{{ r.package.getDetailsURL() }}">
+						{{ r.package.title }} by {{ r.package.author.display_name }}
+					</a>
+				</li>
+			{% else %}
+				<li><i>No releases need reviewing.</i></ul>
+			{% endfor %}
+		</ul>
+	{% endif %}
 {% endblock %}
--- a/app/views/packages.py
+++ b/app/views/packages.py
@ -31,15 +31,28 @@ def txp_page():
 	return render_template('packages.html', title="Texture Packs", packages=packages)

 def canSeeWorkQueue():
-	return Permission.APPROVE_NEW.check(current_user)
+	return Permission.APPROVE_NEW.check(current_user) or \
+		Permission.APPROVE_RELEASE.check(current_user) or \
+			Permission.APPROVE_CHANGES.check(current_user)

@menu.register_menu(app, '.todo', "Work Queue", order=20, visible_when=lambda: canSeeWorkQueue)
@app.route("/todo/")
@login_required
 def todo_page():
-	packages = Package.query.filter_by(approved=False).all()
-	releases = PackageRelease.query.filter_by(approved=False).all()
-	return render_template('todo.html', title="Reports and Work Queue", approve_new=packages, releases=releases)
+	canApproveNew = Permission.APPROVE_NEW.check(current_user)
+	canApproveRel = Permission.APPROVE_RELEASE.check(current_user)
+
+	packages = None
+	if canApproveNew:
+		packages = Package.query.filter_by(approved=False).all()
+
+	releases = None
+	if canApproveRel:
+		releases = PackageRelease.query.filter_by(approved=False).all()
+
+	return render_template('todo.html', title="Reports and Work Queue",
+		approve_new=packages, releases=releases,
+		canApproveNew=canApproveNew, canApproveRel=canApproveRel)


 def getPageByInfo(type, author, name):