Fix non-admin users not being able to set profile URLs

This commit is contained in:
rubenwardy 2020-02-23 20:12:32 +00:00
parent 2976afd5d1
commit a60786d32c
3 changed files with 10 additions and 2 deletions

@ -63,6 +63,8 @@ def profile(username):
# Copy form fields to user_profile fields
if user.checkPerm(current_user, Permission.CHANGE_DNAME):
user.display_name = form["display_name"].data
if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):
user.website_url = form["website_url"].data
user.donate_url = form["donate_url"].data

@ -93,6 +93,7 @@ class Permission(enum.Enum):
UNAPPROVE_PACKAGE = "UNAPPROVE_PACKAGE"
TOPIC_DISCARD = "TOPIC_DISCARD"
CREATE_TOKEN = "CREATE_TOKEN"
CHANGE_PROFILE_URLS = "CHANGE_PROFILE_URLS"
# Only return true if the permission is valid for *all* contexts
# See Package.checkPerm for package-specific contexts
@ -192,7 +193,7 @@ class User(db.Model, UserMixin):
return user.rank.atLeast(UserRank.EDITOR)
elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_DNAME:
return user.rank.atLeast(UserRank.MODERATOR)
elif perm == Permission.CHANGE_EMAIL:
elif perm == Permission.CHANGE_EMAIL or perm == Permission.CHANGE_PROFILE_URLS:
return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank))
elif perm == Permission.CREATE_TOKEN:
if user == self:

@ -164,6 +164,9 @@
{% if user.checkPerm(current_user, "CHANGE_DNAME") %}
{{ render_field(form.display_name, tabindex=230) }}
{% endif %}
{% if user.checkPerm(current_user, "CHANGE_PROFILE_URLS") %}
{{ render_field(form.website_url, tabindex=232) }}
{{ render_field(form.donate_url, tabindex=233) }}
{% endif %}
@ -177,7 +180,9 @@
{{ render_field(form.rank, tabindex=250) }}
{% endif %}
{{ render_submit_field(form.submit, tabindex=280) }}
<p>
{{ render_submit_field(form.submit, tabindex=280) }}
</p>
</form>
</div>
</div>