mirror of
https://github.com/minetest/contentdb.git
synced 2025-03-22 10:12:28 +01:00
Allow editors and approvers to see package audit log descriptions
This commit is contained in:
@ -15,7 +15,9 @@
|
|||||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
from flask import render_template, request, abort
|
from flask import render_template, request, abort
|
||||||
from app.models import db, AuditLogEntry, UserRank, User
|
from flask_login import current_user, login_required
|
||||||
|
|
||||||
|
from app.models import db, AuditLogEntry, UserRank, User, Permission
|
||||||
from app.utils import rank_required, get_int_or_abort
|
from app.utils import rank_required, get_int_or_abort
|
||||||
|
|
||||||
from . import bp
|
from . import bp
|
||||||
@ -40,7 +42,10 @@ def audit():
|
|||||||
|
|
||||||
|
|
||||||
@bp.route("/admin/audit/<int:id_>/")
|
@bp.route("/admin/audit/<int:id_>/")
|
||||||
@rank_required(UserRank.MODERATOR)
|
@login_required
|
||||||
def audit_view(id_):
|
def audit_view(id_):
|
||||||
entry = AuditLogEntry.query.get(id_)
|
entry: AuditLogEntry = AuditLogEntry.query.get_or_404(id_)
|
||||||
|
if not entry.checkPerm(current_user, Permission.VIEW_AUDIT_DESCRIPTION):
|
||||||
|
abort(403)
|
||||||
|
|
||||||
return render_template("admin/audit_view.html", entry=entry)
|
return render_template("admin/audit_view.html", entry=entry)
|
||||||
|
@ -106,6 +106,20 @@ class AuditLogEntry(db.Model):
|
|||||||
self.package = package
|
self.package = package
|
||||||
self.description = description
|
self.description = description
|
||||||
|
|
||||||
|
def checkPerm(self, user, perm):
|
||||||
|
if not user.is_authenticated:
|
||||||
|
return False
|
||||||
|
|
||||||
|
if type(perm) == str:
|
||||||
|
perm = Permission[perm]
|
||||||
|
elif type(perm) != Permission:
|
||||||
|
raise Exception("Unknown permission given to AuditLogEntry.checkPerm()")
|
||||||
|
|
||||||
|
if perm == Permission.VIEW_AUDIT_DESCRIPTION:
|
||||||
|
return user.rank.atLeast(UserRank.APPROVER if self.package is not None else UserRank.MODERATOR)
|
||||||
|
else:
|
||||||
|
raise Exception("Permission {} is not related to audit log entries".format(perm.name))
|
||||||
|
|
||||||
|
|
||||||
REPO_BLACKLIST = [".zip", "mediafire.com", "dropbox.com", "weebly.com",
|
REPO_BLACKLIST = [".zip", "mediafire.com", "dropbox.com", "weebly.com",
|
||||||
"minetest.net", "dropboxusercontent.com", "4shared.com",
|
"minetest.net", "dropboxusercontent.com", "4shared.com",
|
||||||
|
@ -90,6 +90,7 @@ class Permission(enum.Enum):
|
|||||||
DELETE_REVIEW = "DELETE_REVIEW"
|
DELETE_REVIEW = "DELETE_REVIEW"
|
||||||
CHANGE_PROFILE_URLS = "CHANGE_PROFILE_URLS"
|
CHANGE_PROFILE_URLS = "CHANGE_PROFILE_URLS"
|
||||||
CHANGE_DISPLAY_NAME = "CHANGE_DISPLAY_NAME"
|
CHANGE_DISPLAY_NAME = "CHANGE_DISPLAY_NAME"
|
||||||
|
VIEW_AUDIT_DESCRIPTION = "VIEW_AUDIT_DESCRIPTION"
|
||||||
|
|
||||||
# Only return true if the permission is valid for *all* contexts
|
# Only return true if the permission is valid for *all* contexts
|
||||||
# See Package.checkPerm for package-specific contexts
|
# See Package.checkPerm for package-specific contexts
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
<div class="list-group mt-3">
|
<div class="list-group mt-3">
|
||||||
{% for entry in log %}
|
{% for entry in log %}
|
||||||
<a class="list-group-item list-group-item-action"
|
<a class="list-group-item list-group-item-action"
|
||||||
{% if entry.description and current_user.rank.atLeast(current_user.rank.MODERATOR) %}
|
{% if entry.description and entry.checkPerm(current_user, 'VIEW_AUDIT_DESCRIPTION') %}
|
||||||
href="{{ url_for('admin.audit_view', id_=entry.id) }}">
|
href="{{ url_for('admin.audit_view', id_=entry.id) }}">
|
||||||
{% else %}
|
{% else %}
|
||||||
href="{{ entry.url }}">
|
href="{{ entry.url }}">
|
||||||
|
Reference in New Issue
Block a user