Prevent trusted users from approving their own packages

This commit is contained in:
rubenwardy 2018-07-28 14:25:51 +01:00
parent d4c2166019
commit 901e115a21
No known key found for this signature in database
GPG Key ID: A1E29D52FF81513C
2 changed files with 22 additions and 6 deletions

@ -34,6 +34,8 @@ title: Ranks and Permissions
<th>N</th>
<th>Y</th>
<th>N</th>
<th>Y</th>
<th>N</th>
</tr>
</thead>
<tbody>
@ -58,7 +60,7 @@ title: Ranks and Permissions
<th></th>
<th></th> <!-- member -->
<th></th>
<th></th> <!-- trusted member -->
<th></th> <!-- trusted member -->
<th></th>
<th></th> <!-- editor -->
<th></th>
@ -101,7 +103,7 @@ title: Ranks and Permissions
<td>Approve Screenshot</td>
<th></th> <!-- new -->
<th></th>
<th></th> <!-- member -->
<th></th> <!-- member -->
<th></th>
<th></th> <!-- trusted member -->
<th></th>
@ -187,6 +189,21 @@ title: Ranks and Permissions
<th></th> <!-- admin -->
<th></th>
</tr>
<tr>
<td>See Private Thread</td>
<th></th> <!-- new -->
<th></th>
<th></th> <!-- member -->
<th></th>
<th></th> <!-- trusted member -->
<th></th>
<th></th> <!-- editor -->
<th></th>
<th></th> <!-- moderator -->
<th></th>
<th></th> <!-- admin -->
<th></th>
</tr>
<tr>
<td>Set Email</td>
<th></th> <!-- new -->

@ -489,12 +489,11 @@ class Package(db.Model):
else:
return user.rank.atLeast(UserRank.EDITOR)
# Editors can change authors
elif perm == Permission.CHANGE_AUTHOR:
# Editors can change authors and approve new packages
elif perm == Permission.APPROVE_NEW or perm == Permission.CHANGE_AUTHOR:
return user.rank.atLeast(UserRank.EDITOR)
elif perm == Permission.APPROVE_NEW or perm == Permission.APPROVE_RELEASE \
or perm == Permission.APPROVE_SCREENSHOT:
elif perm == Permission.APPROVE_RELEASE or perm == Permission.APPROVE_SCREENSHOT:
return user.rank.atLeast(UserRank.TRUSTED_MEMBER if isOwner else UserRank.EDITOR)
# Moderators can delete packages