Add ability to create packages on behalf of other users

Fixes #27

app/models.py

@@ -99,7 +99,7 @@ class User(db.Model, UserMixin):
 		self.rank = UserRank.NOT_JOINED
 
 	def isClaimed(self):
-		return self.password is not None and self.password != ""
+		return self.rank.atLeast(UserRank.NEW_MEMBER)
 
 	def checkPerm(self, user, perm):
 		if not user.is_authenticated:
@@ -111,7 +111,9 @@ class User(db.Model, UserMixin):
 			raise Exception("Unknown permission given to User.checkPerm()")
 
 		# Members can edit their own packages, and editors can edit any packages
-		if perm == Permission.CHANGE_RANK:
+		if perm == Permission.CHANGE_AUTHOR:
+			return user.rank.atLeast(UserRank.EDITOR)
+		elif perm == Permission.CHANGE_RANK:
 			return user.rank.atLeast(UserRank.MODERATOR)
 		else:
 			raise Exception("Permission {} is not related to users".format(perm.name))

app/templates/packages/create_edit.html

@@ -2,6 +2,9 @@
 
 {% block title %}
 	{{ package.title or "Create Package" }}
+	{% if not package and author != current_user %}
+		for {{ author.display_name }}
+	{% endif %}
 {% endblock %}
 
 {% block content %}

app/templates/users/user_profile_page.html

@@ -74,6 +74,11 @@
 			<li><i>No packages available</i></ul>
 		{% endfor %}
 	</ul>
+	{% if user == current_user or user.checkPerm(current_user, "CHANGE_AUTHOR") %}
+		<a href="{{ url_for('create_edit_package_page', author=user.username) }}">
+			Create
+		</a>
+	{% endif %}
 </div>
 
 {% if form %}

app/views/packages.py

@@ -152,11 +152,26 @@ def create_edit_package_page(type=None, author=None, name=None):
 	form = None
 	if type is None:
 		form = PackageForm(formdata=request.form)
+		author = request.args.get("author")
+		if author is None or author == current_user.username:
+			author = current_user
+		else:
+			author = User.query.filter_by(username=author).first()
+			if author is None:
+				flash("Unable to find that user", "error")
+				return redirect(url_for("create_edit_package_page"))
+
+			if not author.checkPerm(current_user, Permission.CHANGE_AUTHOR):
+				flash("Permission denied", "error")
+				return redirect(url_for("create_edit_package_page"))
+
 	else:
 		package = getPageByInfo(type, author, name)
 		if not package.checkPerm(current_user, Permission.EDIT_PACKAGE):
 			return redirect(package.getDetailsURL())
 
+		author = package.author
+
 		form = PackageForm(formdata=request.form, obj=package)
 
 	# Initial form class from post data and default data
@@ -164,18 +179,19 @@ def create_edit_package_page(type=None, author=None, name=None):
 		# Successfully submitted!
 		if not package:
 			package = Package()
-			package.author = current_user
+			package.author = author
 			# package.approved = package.checkPerm(current_user, Permission.APPROVE_NEW)
 
+		form.populate_obj(package) # copy to row
+
 		package.tags.clear()
 		for tag in form.tags.raw_data:
 			package.tags.append(Tag.query.get(tag))
 
-		form.populate_obj(package) # copy to row
 		db.session.commit() # save
 		return redirect(package.getDetailsURL()) # redirect
 
-	return render_template("packages/create_edit.html", package=package, form=form)
+	return render_template("packages/create_edit.html", package=package, form=form, author=author)
 
 @app.route("/<type>s/<author>/<name>/approve/")
 @login_required