Fix maintainers not being able to delete releases

This commit is contained in:
rubenwardy 2021-03-07 15:00:36 +00:00
parent 9cb9f8a4f6
commit c2994a27fd
4 changed files with 13 additions and 11 deletions

@ -133,7 +133,7 @@ def edit_release(package, id):
abort(404) abort(404)
canEdit = package.checkPerm(current_user, Permission.MAKE_RELEASE) canEdit = package.checkPerm(current_user, Permission.MAKE_RELEASE)
canApprove = package.checkPerm(current_user, Permission.APPROVE_RELEASE) canApprove = release.checkPerm(current_user, Permission.APPROVE_RELEASE)
if not (canEdit or canApprove): if not (canEdit or canApprove):
return redirect(package.getDetailsURL()) return redirect(package.getDetailsURL())

@ -870,7 +870,7 @@ class PackageRelease(db.Model):
self.releaseDate = datetime.datetime.now() self.releaseDate = datetime.datetime.now()
def approve(self, user): def approve(self, user):
if not self.package.checkPerm(user, Permission.APPROVE_RELEASE): if not self.checkPerm(user, Permission.APPROVE_RELEASE):
return False return False
if self.approved: if self.approved:
@ -895,24 +895,26 @@ class PackageRelease(db.Model):
elif type(perm) != Permission: elif type(perm) != Permission:
raise Exception("Unknown permission given to PackageRelease.checkPerm()") raise Exception("Unknown permission given to PackageRelease.checkPerm()")
isOwner = user == self.package.author isMaintainer = user == self.package.author or user in self.package.maintainers
if perm == Permission.DELETE_RELEASE: if perm == Permission.DELETE_RELEASE:
if user.rank.atLeast(UserRank.ADMIN): if user.rank.atLeast(UserRank.ADMIN):
return True return True
if not (isOwner or user.rank.atLeast(UserRank.EDITOR)): if not (isMaintainer or user.rank.atLeast(UserRank.EDITOR)):
return False return False
if not self.package.approved or self.task_id is not None: if not self.package.approved or self.task_id is not None:
return True return True
count = PackageRelease.query \ count = self.package.releases \
.filter_by(package_id=self.package_id) \
.filter(PackageRelease.id > self.id) \ .filter(PackageRelease.id > self.id) \
.count() .count()
return count > 0 return count > 0
elif perm == Permission.APPROVE_RELEASE:
return isMaintainer and user.rank.atLeast(
UserRank.MEMBER if self.approved else UserRank.NEW_MEMBER)
else: else:
raise Exception("Permission {} is not related to releases".format(perm.name)) raise Exception("Permission {} is not related to releases".format(perm.name))

@ -34,7 +34,7 @@
<br /> <br />
{% else %} {% else %}
{% if package.checkPerm(current_user, "APPROVE_RELEASE") %} {% if release.checkPerm(current_user, "APPROVE_RELEASE") %}
{{ render_checkbox_field(form.approved, class_="my-3") }} {{ render_checkbox_field(form.approved, class_="my-3") }}
{% else %} {% else %}
Approved: {{ release.approved }} Approved: {{ release.approved }}

@ -453,12 +453,12 @@
</h3> </h3>
<ul class="list-group"> <ul class="list-group">
{% for rel in releases %} {% for rel in releases %}
{% if rel.approved or package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE") %} {% if rel.approved or package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE") %}
<li class="list-group-item"> <li class="list-group-item">
{% if package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE") %} {% if package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE") %}
<a class="btn btn-sm btn-primary float-right" href="{{ rel.getEditURL() }}">Edit <a class="btn btn-sm btn-primary float-right" href="{{ rel.getEditURL() }}">Edit
{% if not rel.task_id and not rel.approved and package.checkPerm(current_user, "APPROVE_RELEASE") %} {% if not rel.task_id and not rel.approved and rel.checkPerm(current_user, "APPROVE_RELEASE") %}
/ Approve / Approve
{% endif %} {% endif %}
</a> </a>
@ -487,7 +487,7 @@
created {{ rel.releaseDate | date }}. created {{ rel.releaseDate | date }}.
</small> </small>
{% if (package.checkPerm(current_user, "MAKE_RELEASE") or package.checkPerm(current_user, "APPROVE_RELEASE")) and rel.task_id %} {% if (package.checkPerm(current_user, "MAKE_RELEASE") or rel.checkPerm(current_user, "APPROVE_RELEASE")) and rel.task_id %}
<a href="{{ url_for('tasks.check', id=rel.task_id, r=package.getDetailsURL()) }}">Importing...</a> <a href="{{ url_for('tasks.check', id=rel.task_id, r=package.getDetailsURL()) }}">Importing...</a>
{% elif not rel.approved %} {% elif not rel.approved %}
Waiting for approval. Waiting for approval.