mirror of
https://github.com/minetest/contentdb.git
synced 2024-12-22 22:12:24 +01:00
Fix unapproved packages appearing in collections
This commit is contained in:
parent
f470357a42
commit
ea2f1f4f6f
@ -65,7 +65,11 @@ def view(author, name):
|
||||
if not collection.check_perm(current_user, Permission.VIEW_COLLECTION):
|
||||
abort(404)
|
||||
|
||||
return render_template("collections/view.html", collection=collection)
|
||||
items = collection.items
|
||||
if collection.check_perm(current_user, Permission.EDIT_COLLECTION):
|
||||
items = [x for x in items if x.package.check_perm(current_user, Permission.VIEW_PACKAGE)]
|
||||
|
||||
return render_template("collections/view.html", collection=collection, items=items)
|
||||
|
||||
|
||||
class CollectionForm(FlaskForm):
|
||||
|
@ -130,7 +130,7 @@ def user_redirect(author):
|
||||
@bp.route("/packages/<author>/<name>/")
|
||||
@is_package_page
|
||||
def view(package):
|
||||
if package.state != PackageState.APPROVED and not package.check_perm(current_user, Permission.EDIT_PACKAGE):
|
||||
if not package.check_perm(current_user, Permission.VIEW_PACKAGE):
|
||||
return render_template("packages/gone.html", package=package), 403
|
||||
|
||||
show_similar = not package.approved and (
|
||||
|
@ -645,14 +645,17 @@ class Package(db.Model):
|
||||
return None
|
||||
|
||||
def check_perm(self, user, perm):
|
||||
if not user.is_authenticated:
|
||||
return False
|
||||
|
||||
if type(perm) == str:
|
||||
perm = Permission[perm]
|
||||
elif type(perm) != Permission:
|
||||
raise Exception("Unknown permission given to Package.check_perm()")
|
||||
|
||||
if perm == Permission.VIEW_PACKAGE:
|
||||
return self.state == PackageState.APPROVED or self.check_perm(user, Permission.EDIT_PACKAGE)
|
||||
|
||||
if not user.is_authenticated:
|
||||
return False
|
||||
|
||||
is_owner = user == self.author
|
||||
is_maintainer = is_owner or user.rank.at_least(UserRank.EDITOR) or user in self.maintainers
|
||||
is_approver = user.rank.at_least(UserRank.APPROVER)
|
||||
|
@ -59,6 +59,7 @@ class UserRank(enum.Enum):
|
||||
|
||||
|
||||
class Permission(enum.Enum):
|
||||
VIEW_PACKAGE = "VIEW_PACKAGE"
|
||||
EDIT_PACKAGE = "EDIT_PACKAGE"
|
||||
DELETE_PACKAGE = "DELETE_PACKAGE"
|
||||
CHANGE_AUTHOR = "CHANGE_AUTHOR"
|
||||
|
@ -59,24 +59,29 @@
|
||||
|
||||
<section class="mt-5">
|
||||
<h2 class="sr-only">{{ _("Packages") }}</h2>
|
||||
{% if not collection.items %}
|
||||
{% if not items %}
|
||||
<p class="text-muted">
|
||||
{{ _("To add a package, go to the package's page and click 'Add to collection'") }}
|
||||
</p>
|
||||
{% endif %}
|
||||
<div class="grid-2 gap-3">
|
||||
{% for item in collection.items %}
|
||||
{% for item in items %}
|
||||
{% set package_link %}
|
||||
<a href="{{ item.package.get_url('packages.view') }}">
|
||||
{{ item.package.title }}
|
||||
</a>
|
||||
{% endset %}
|
||||
<div class="">
|
||||
<div>
|
||||
<article class="card">
|
||||
<div class="embed-responsive embed-responsive-16by9">
|
||||
<img class="card-img-top embed-responsive-item" src="{{ item.package.get_thumb_url(4) }}" alt="{{ item.package.title }} screenshot">
|
||||
</div>
|
||||
<div class="card-body">
|
||||
{% if item.package.state.name != "APPROVED" %}
|
||||
<span class="badge badge-warning float-right">
|
||||
{{ item.package.state.value }}
|
||||
</span>
|
||||
{% endif %}
|
||||
<h5 class="mt-0">
|
||||
{{ _("%(title)s by %(author)s", title=package_link, author=item.package.author.display_name) }}
|
||||
</h5>
|
||||
|
Loading…
Reference in New Issue
Block a user