From c2994a27fd837bcf27e73d8ef85a88026f8f3e0f Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Sun, 7 Mar 2021 15:00:36 +0000 Subject: [PATCH] Fix maintainers not being able to delete releases --- app/blueprints/packages/releases.py | 2 +- app/models/packages.py | 12 +++++++----- app/templates/packages/release_edit.html | 2 +- app/templates/packages/view.html | 8 ++++---- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/app/blueprints/packages/releases.py b/app/blueprints/packages/releases.py index 73d21e89..fbc1de40 100644 --- a/app/blueprints/packages/releases.py +++ b/app/blueprints/packages/releases.py @@ -133,7 +133,7 @@ def edit_release(package, id): abort(404) canEdit = package.checkPerm(current_user, Permission.MAKE_RELEASE) - canApprove = package.checkPerm(current_user, Permission.APPROVE_RELEASE) + canApprove = release.checkPerm(current_user, Permission.APPROVE_RELEASE) if not (canEdit or canApprove): return redirect(package.getDetailsURL()) diff --git a/app/models/packages.py b/app/models/packages.py index 17405353..9807e59a 100644 --- a/app/models/packages.py +++ b/app/models/packages.py @@ -870,7 +870,7 @@ class PackageRelease(db.Model): self.releaseDate = datetime.datetime.now() def approve(self, user): - if not self.package.checkPerm(user, Permission.APPROVE_RELEASE): + if not self.checkPerm(user, Permission.APPROVE_RELEASE): return False if self.approved: @@ -895,24 +895,26 @@ class PackageRelease(db.Model): elif type(perm) != Permission: raise Exception("Unknown permission given to PackageRelease.checkPerm()") - isOwner = user == self.package.author + isMaintainer = user == self.package.author or user in self.package.maintainers if perm == Permission.DELETE_RELEASE: if user.rank.atLeast(UserRank.ADMIN): return True - if not (isOwner or user.rank.atLeast(UserRank.EDITOR)): + if not (isMaintainer or user.rank.atLeast(UserRank.EDITOR)): return False if not self.package.approved or self.task_id is not None: return True - count = PackageRelease.query \ - .filter_by(package_id=self.package_id) \ + count = self.package.releases \ .filter(PackageRelease.id > self.id) \ .count() return count > 0 + elif perm == Permission.APPROVE_RELEASE: + return isMaintainer and user.rank.atLeast( + UserRank.MEMBER if self.approved else UserRank.NEW_MEMBER) else: raise Exception("Permission {} is not related to releases".format(perm.name)) diff --git a/app/templates/packages/release_edit.html b/app/templates/packages/release_edit.html index 7340ec65..a32f5db8 100644 --- a/app/templates/packages/release_edit.html +++ b/app/templates/packages/release_edit.html @@ -34,7 +34,7 @@
{% else %} - {% if package.checkPerm(current_user, "APPROVE_RELEASE") %} + {% if release.checkPerm(current_user, "APPROVE_RELEASE") %} {{ render_checkbox_field(form.approved, class_="my-3") }} {% else %} Approved: {{ release.approved }} diff --git a/app/templates/packages/view.html b/app/templates/packages/view.html index 5ab8095c..f99448cb 100644 --- a/app/templates/packages/view.html +++ b/app/templates/packages/view.html @@ -453,12 +453,12 @@