Improve permission checking in work queue

This commit is contained in:
rubenwardy 2018-03-21 19:53:53 +00:00
parent 71691708ae
commit 8a8b0e505b
3 changed files with 50 additions and 29 deletions

@ -35,11 +35,15 @@ class Permission(enum.Enum):
APPROVE_NEW = "APPROVE_NEW" APPROVE_NEW = "APPROVE_NEW"
CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL" CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
# Only return true if the permission is valid for *all* contexts
# See Package.checkPerm for package-specific contexts
def check(self, user): def check(self, user):
if not user.is_authenticated: if not user.is_authenticated:
return False return False
if self == Permission.APPROVE_NEW: if self == Permission.APPROVE_NEW or \
self == Permission.APPROVE_CHANGES or \
self == Permission.APPROVE_RELEASE:
return user.rank.atLeast(UserRank.EDITOR) return user.rank.atLeast(UserRank.EDITOR)
else: else:
raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.") raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")

@ -5,29 +5,33 @@
{% endblock %} {% endblock %}
{% block content %} {% block content %}
<h2>Packages Awaiting Approval</h2> {% if canApproveNew %}
<ul> <h2>Packages Awaiting Approval</h2>
{% for p in approve_new %} <ul>
<li><a href="{{ p.getDetailsURL() }}"> {% for p in approve_new %}
{{ p.title }} by {{ p.author.display_name }} <li><a href="{{ p.getDetailsURL() }}">
</a></li> {{ p.title }} by {{ p.author.display_name }}
{% else %} </a></li>
<li><i>No packages need reviewing.</i></ul> {% else %}
{% endfor %} <li><i>No packages need reviewing.</i></ul>
</ul> {% endfor %}
</ul>
{% endif %}
<h2>Releases Awaiting Approval</h2> {% if canApproveRel %}
<ul> <h2>Releases Awaiting Approval</h2>
{% for r in releases %} <ul>
<li> {% for r in releases %}
<a href="{{ r.getEditURL() }}">{{ r.title }}</a> <li>
on <a href="{{ r.getEditURL() }}">{{ r.title }}</a>
<a href="{{ r.package.getDetailsURL() }}"> on
{{ r.package.title }} by {{ r.package.author.display_name }} <a href="{{ r.package.getDetailsURL() }}">
</a> {{ r.package.title }} by {{ r.package.author.display_name }}
</li> </a>
{% else %} </li>
<li><i>No releases need reviewing.</i></ul> {% else %}
{% endfor %} <li><i>No releases need reviewing.</i></ul>
</ul> {% endfor %}
</ul>
{% endif %}
{% endblock %} {% endblock %}

@ -31,15 +31,28 @@ def txp_page():
return render_template('packages.html', title="Texture Packs", packages=packages) return render_template('packages.html', title="Texture Packs", packages=packages)
def canSeeWorkQueue(): def canSeeWorkQueue():
return Permission.APPROVE_NEW.check(current_user) return Permission.APPROVE_NEW.check(current_user) or \
Permission.APPROVE_RELEASE.check(current_user) or \
Permission.APPROVE_CHANGES.check(current_user)
@menu.register_menu(app, '.todo', "Work Queue", order=20, visible_when=lambda: canSeeWorkQueue) @menu.register_menu(app, '.todo', "Work Queue", order=20, visible_when=lambda: canSeeWorkQueue)
@app.route("/todo/") @app.route("/todo/")
@login_required @login_required
def todo_page(): def todo_page():
packages = Package.query.filter_by(approved=False).all() canApproveNew = Permission.APPROVE_NEW.check(current_user)
releases = PackageRelease.query.filter_by(approved=False).all() canApproveRel = Permission.APPROVE_RELEASE.check(current_user)
return render_template('todo.html', title="Reports and Work Queue", approve_new=packages, releases=releases)
packages = None
if canApproveNew:
packages = Package.query.filter_by(approved=False).all()
releases = None
if canApproveRel:
releases = PackageRelease.query.filter_by(approved=False).all()
return render_template('todo.html', title="Reports and Work Queue",
approve_new=packages, releases=releases,
canApproveNew=canApproveNew, canApproveRel=canApproveRel)
def getPageByInfo(type, author, name): def getPageByInfo(type, author, name):