From a60786d32c93ad4169d50c7c98341084b1996019 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Sun, 23 Feb 2020 20:12:32 +0000 Subject: [PATCH] Fix non-admin users not being able to set profile URLs --- app/blueprints/users/profile.py | 2 ++ app/models.py | 3 ++- app/templates/users/profile.html | 7 ++++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/blueprints/users/profile.py b/app/blueprints/users/profile.py index a4e194e3..177eefef 100644 --- a/app/blueprints/users/profile.py +++ b/app/blueprints/users/profile.py @@ -63,6 +63,8 @@ def profile(username): # Copy form fields to user_profile fields if user.checkPerm(current_user, Permission.CHANGE_DNAME): user.display_name = form["display_name"].data + + if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS): user.website_url = form["website_url"].data user.donate_url = form["donate_url"].data diff --git a/app/models.py b/app/models.py index 86136f28..eff06b6a 100644 --- a/app/models.py +++ b/app/models.py @@ -93,6 +93,7 @@ class Permission(enum.Enum): UNAPPROVE_PACKAGE = "UNAPPROVE_PACKAGE" TOPIC_DISCARD = "TOPIC_DISCARD" CREATE_TOKEN = "CREATE_TOKEN" + CHANGE_PROFILE_URLS = "CHANGE_PROFILE_URLS" # Only return true if the permission is valid for *all* contexts # See Package.checkPerm for package-specific contexts @@ -192,7 +193,7 @@ class User(db.Model, UserMixin): return user.rank.atLeast(UserRank.EDITOR) elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_DNAME: return user.rank.atLeast(UserRank.MODERATOR) - elif perm == Permission.CHANGE_EMAIL: + elif perm == Permission.CHANGE_EMAIL or perm == Permission.CHANGE_PROFILE_URLS: return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank)) elif perm == Permission.CREATE_TOKEN: if user == self: diff --git a/app/templates/users/profile.html b/app/templates/users/profile.html index 37ee5df0..e237fa96 100644 --- a/app/templates/users/profile.html +++ b/app/templates/users/profile.html @@ -164,6 +164,9 @@ {% if user.checkPerm(current_user, "CHANGE_DNAME") %} {{ render_field(form.display_name, tabindex=230) }} + {% endif %} + + {% if user.checkPerm(current_user, "CHANGE_PROFILE_URLS") %} {{ render_field(form.website_url, tabindex=232) }} {{ render_field(form.donate_url, tabindex=233) }} {% endif %} @@ -177,7 +180,9 @@ {{ render_field(form.rank, tabindex=250) }} {% endif %} - {{ render_submit_field(form.submit, tabindex=280) }} +

+ {{ render_submit_field(form.submit, tabindex=280) }} +