diff --git a/app/blueprints/collections/__init__.py b/app/blueprints/collections/__init__.py index 1965bd87..f193326f 100644 --- a/app/blueprints/collections/__init__.py +++ b/app/blueprints/collections/__init__.py @@ -65,7 +65,11 @@ def view(author, name): if not collection.check_perm(current_user, Permission.VIEW_COLLECTION): abort(404) - return render_template("collections/view.html", collection=collection) + items = collection.items + if collection.check_perm(current_user, Permission.EDIT_COLLECTION): + items = [x for x in items if x.package.check_perm(current_user, Permission.VIEW_PACKAGE)] + + return render_template("collections/view.html", collection=collection, items=items) class CollectionForm(FlaskForm): diff --git a/app/blueprints/packages/packages.py b/app/blueprints/packages/packages.py index 6139e0fd..6344abb1 100644 --- a/app/blueprints/packages/packages.py +++ b/app/blueprints/packages/packages.py @@ -130,7 +130,7 @@ def user_redirect(author): @bp.route("/packages///") @is_package_page def view(package): - if package.state != PackageState.APPROVED and not package.check_perm(current_user, Permission.EDIT_PACKAGE): + if not package.check_perm(current_user, Permission.VIEW_PACKAGE): return render_template("packages/gone.html", package=package), 403 show_similar = not package.approved and ( diff --git a/app/models/packages.py b/app/models/packages.py index 4ed28e7f..a5ea10d7 100644 --- a/app/models/packages.py +++ b/app/models/packages.py @@ -645,14 +645,17 @@ class Package(db.Model): return None def check_perm(self, user, perm): - if not user.is_authenticated: - return False - if type(perm) == str: perm = Permission[perm] elif type(perm) != Permission: raise Exception("Unknown permission given to Package.check_perm()") + if perm == Permission.VIEW_PACKAGE: + return self.state == PackageState.APPROVED or self.check_perm(user, Permission.EDIT_PACKAGE) + + if not user.is_authenticated: + return False + is_owner = user == self.author is_maintainer = is_owner or user.rank.at_least(UserRank.EDITOR) or user in self.maintainers is_approver = user.rank.at_least(UserRank.APPROVER) diff --git a/app/models/users.py b/app/models/users.py index ef0b27e5..0aaf2d8e 100644 --- a/app/models/users.py +++ b/app/models/users.py @@ -59,6 +59,7 @@ class UserRank(enum.Enum): class Permission(enum.Enum): + VIEW_PACKAGE = "VIEW_PACKAGE" EDIT_PACKAGE = "EDIT_PACKAGE" DELETE_PACKAGE = "DELETE_PACKAGE" CHANGE_AUTHOR = "CHANGE_AUTHOR" diff --git a/app/templates/collections/view.html b/app/templates/collections/view.html index 162e9ce1..24487a68 100644 --- a/app/templates/collections/view.html +++ b/app/templates/collections/view.html @@ -59,24 +59,29 @@

{{ _("Packages") }}

- {% if not collection.items %} + {% if not items %}

{{ _("To add a package, go to the package's page and click 'Add to collection'") }}

{% endif %}
- {% for item in collection.items %} + {% for item in items %} {% set package_link %} {{ item.package.title }} {% endset %} -
+
{{ item.package.title }} screenshot
+ {% if item.package.state.name != "APPROVED" %} + + {{ item.package.state.value }} + + {% endif %}
{{ _("%(title)s by %(author)s", title=package_link, author=item.package.author.display_name) }}