From 8a8b0e505bab6ea4d631e7c63dad9260ff7e8936 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Wed, 21 Mar 2018 19:53:53 +0000 Subject: [PATCH] Improve permission checking in work queue --- app/models.py | 6 ++++- app/templates/todo.html | 52 ++++++++++++++++++++++------------------- app/views/packages.py | 21 +++++++++++++---- 3 files changed, 50 insertions(+), 29 deletions(-) diff --git a/app/models.py b/app/models.py index 2ab3655d..2eaee9b7 100644 --- a/app/models.py +++ b/app/models.py @@ -35,11 +35,15 @@ class Permission(enum.Enum): APPROVE_NEW = "APPROVE_NEW" CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL" + # Only return true if the permission is valid for *all* contexts + # See Package.checkPerm for package-specific contexts def check(self, user): if not user.is_authenticated: return False - if self == Permission.APPROVE_NEW: + if self == Permission.APPROVE_NEW or \ + self == Permission.APPROVE_CHANGES or \ + self == Permission.APPROVE_RELEASE: return user.rank.atLeast(UserRank.EDITOR) else: raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.") diff --git a/app/templates/todo.html b/app/templates/todo.html index edb7d4a9..35aee9ac 100644 --- a/app/templates/todo.html +++ b/app/templates/todo.html @@ -5,29 +5,33 @@ {% endblock %} {% block content %} -

Packages Awaiting Approval

- - {% endfor %} - + {% if canApproveNew %} +

Packages Awaiting Approval

+ + {% endfor %} + + {% endif %} -

Releases Awaiting Approval

- - {% endfor %} - + {% if canApproveRel %} +

Releases Awaiting Approval

+ + {% endfor %} + + {% endif %} {% endblock %} diff --git a/app/views/packages.py b/app/views/packages.py index 6f2d3041..a294ee87 100644 --- a/app/views/packages.py +++ b/app/views/packages.py @@ -31,15 +31,28 @@ def txp_page(): return render_template('packages.html', title="Texture Packs", packages=packages) def canSeeWorkQueue(): - return Permission.APPROVE_NEW.check(current_user) + return Permission.APPROVE_NEW.check(current_user) or \ + Permission.APPROVE_RELEASE.check(current_user) or \ + Permission.APPROVE_CHANGES.check(current_user) @menu.register_menu(app, '.todo', "Work Queue", order=20, visible_when=lambda: canSeeWorkQueue) @app.route("/todo/") @login_required def todo_page(): - packages = Package.query.filter_by(approved=False).all() - releases = PackageRelease.query.filter_by(approved=False).all() - return render_template('todo.html', title="Reports and Work Queue", approve_new=packages, releases=releases) + canApproveNew = Permission.APPROVE_NEW.check(current_user) + canApproveRel = Permission.APPROVE_RELEASE.check(current_user) + + packages = None + if canApproveNew: + packages = Package.query.filter_by(approved=False).all() + + releases = None + if canApproveRel: + releases = PackageRelease.query.filter_by(approved=False).all() + + return render_template('todo.html', title="Reports and Work Queue", + approve_new=packages, releases=releases, + canApproveNew=canApproveNew, canApproveRel=canApproveRel) def getPageByInfo(type, author, name):