Improve permission checking in work queue

2025-01-03 19:57:29 +01:00 · 2018-03-21 19:53:53 +00:00 · 2018-03-21 19:53:53 +00:00 · 8a8b0e505b
commit 8a8b0e505b
parent 71691708ae
3 changed files with 50 additions and 29 deletions
--- a/app/models.py
+++ b/app/models.py
@ -35,11 +35,15 @@ class Permission(enum.Enum):
 	APPROVE_NEW        = "APPROVE_NEW"
 	CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"

+	# Only return true if the permission is valid for *all* contexts
+	# See Package.checkPerm for package-specific contexts
 	def check(self, user):
 		if not user.is_authenticated:
 			return False

-		if self == Permission.APPROVE_NEW:
+		if self == Permission.APPROVE_NEW or \
+				self == Permission.APPROVE_CHANGES or \
+				self == Permission.APPROVE_RELEASE:
 			return user.rank.atLeast(UserRank.EDITOR)
 		else:
 			raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")
--- a/app/templates/todo.html
+++ b/app/templates/todo.html
@ -5,6 +5,7 @@
 {% endblock %}

 {% block content %}
+	{% if canApproveNew %}
 		<h2>Packages Awaiting Approval</h2>
 		<ul>
 			{% for p in approve_new %}
@ -15,7 +16,9 @@
 				<li><i>No packages need reviewing.</i></ul>
 			{% endfor %}
 		</ul>
+	{% endif %}

+	{% if canApproveRel %}
 		<h2>Releases Awaiting Approval</h2>
 		<ul>
 			{% for r in releases %}
@ -30,4 +33,5 @@
 				<li><i>No releases need reviewing.</i></ul>
 			{% endfor %}
 		</ul>
+	{% endif %}
 {% endblock %}
--- a/app/views/packages.py
+++ b/app/views/packages.py
@ -31,15 +31,28 @@ def txp_page():
 	return render_template('packages.html', title="Texture Packs", packages=packages)

 def canSeeWorkQueue():
-	return Permission.APPROVE_NEW.check(current_user)
+	return Permission.APPROVE_NEW.check(current_user) or \
+		Permission.APPROVE_RELEASE.check(current_user) or \
+			Permission.APPROVE_CHANGES.check(current_user)

@menu.register_menu(app, '.todo', "Work Queue", order=20, visible_when=lambda: canSeeWorkQueue)
@app.route("/todo/")
@login_required
 def todo_page():
+	canApproveNew = Permission.APPROVE_NEW.check(current_user)
+	canApproveRel = Permission.APPROVE_RELEASE.check(current_user)
+
+	packages = None
+	if canApproveNew:
 		packages = Package.query.filter_by(approved=False).all()
+
+	releases = None
+	if canApproveRel:
 		releases = PackageRelease.query.filter_by(approved=False).all()
-	return render_template('todo.html', title="Reports and Work Queue", approve_new=packages, releases=releases)
+
+	return render_template('todo.html', title="Reports and Work Queue",
+		approve_new=packages, releases=releases,
+		canApproveNew=canApproveNew, canApproveRel=canApproveRel)


 def getPageByInfo(type, author, name):