Revert "Limit visibility of unapproved packages to maintainers and approvers" and "Fix 404 on packages when not logged in"

This reverts commit 85a178d90e7ea654f456716a203388a1035048a4.
This reverts commit 727db52c19b6775972f9b5c073b26ce3c9e543bd.
This commit is contained in:
rubenwardy 2022-02-01 14:53:51 +00:00
parent afdf06b3f6
commit f8e82b63e3
6 changed files with 8 additions and 34 deletions

@ -115,9 +115,6 @@ def getReleases(package):
@bp.route("/packages/<author>/<name>/")
@is_package_page
def view(package):
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
abort(404)
show_similar = not package.approved and (
current_user in package.maintainers or
package.checkPerm(current_user, Permission.APPROVE_NEW))
@ -208,9 +205,6 @@ def shield(package, type):
@bp.route("/packages/<author>/<name>/download/")
@is_package_page
def download(package):
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
abort(404)
release = package.getDownloadRelease()
if release is None:
@ -593,9 +587,6 @@ def alias_create_edit(package: Package, alias_id: int = None):
@login_required
@is_package_page
def share(package):
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
abort(404)
return render_template("packages/share.html", package=package,
tabs=get_package_tabs(current_user, package), current_tab="share")
@ -603,9 +594,6 @@ def share(package):
@bp.route("/packages/<author>/<name>/similar/")
@is_package_page
def similar(package):
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
abort(404)
packages_modnames = {}
for metapackage in package.provides:
packages_modnames[metapackage] = Package.query.filter(Package.id != package.id,

@ -33,9 +33,6 @@ from . import bp, get_package_tabs
@bp.route("/packages/<author>/<name>/releases/", methods=["GET", "POST"])
@is_package_page
def list_releases(package):
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
abort(404)
return render_template("packages/releases_list.html",
package=package,
tabs=get_package_tabs(current_user, package), current_tab="releases")
@ -111,9 +108,6 @@ def create_release(package):
@bp.route("/packages/<author>/<name>/releases/<id>/download/")
@is_package_page
def download_release(package, id):
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
abort(404)
release = PackageRelease.query.get(id)
if release is None or release.package != package:
abort(404)

@ -24,8 +24,7 @@ from flask_login import current_user, login_required
from flask_wtf import FlaskForm
from wtforms import *
from wtforms.validators import *
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank, \
Permission
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank
from app.utils import is_package_page, addNotification, get_int_or_abort, isYes, is_safe_url, rank_required
from app.tasks.webhooktasks import post_discord_webhook
@ -54,9 +53,6 @@ def review(package):
flash(gettext("You can't review your own package!"), "danger")
return redirect(package.getURL("packages.view"))
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
abort(404)
review = PackageReview.query.filter_by(package=package, author=current_user).first()
form = ReviewForm(formdata=request.form, obj=review)

@ -599,7 +599,7 @@ class Package(db.Model):
def checkPerm(self, user, perm):
if not user.is_authenticated:
return perm == Permission.SEE_PACKAGE and self.state == PackageState.APPROVED
return False
if type(perm) == str:
perm = Permission[perm]
@ -610,10 +610,7 @@ class Package(db.Model):
isMaintainer = isOwner or user.rank.atLeast(UserRank.EDITOR) or user in self.maintainers
isApprover = user.rank.atLeast(UserRank.APPROVER)
if perm == Permission.SEE_PACKAGE:
return self.state == PackageState.APPROVED or isMaintainer or isApprover
elif perm == Permission.CREATE_THREAD:
if perm == Permission.CREATE_THREAD:
return user.rank.atLeast(UserRank.MEMBER)
# Members can edit their own packages, and editors can edit any packages

@ -59,7 +59,6 @@ class UserRank(enum.Enum):
class Permission(enum.Enum):
SEE_PACKAGE = "SEE_PACKAGE"
EDIT_PACKAGE = "EDIT_PACKAGE"
DELETE_PACKAGE = "DELETE_PACKAGE"
CHANGE_AUTHOR = "CHANGE_AUTHOR"

@ -18,8 +18,7 @@
from functools import wraps
from flask import abort, redirect, url_for, request
from flask_login import current_user
from app.models import User, NotificationType, Package, UserRank, Notification, db, AuditSeverity, AuditLogEntry, \
ThreadReply, Thread, PackageState, PackageType, PackageAlias
from app.models import User, NotificationType, Package, UserRank, Notification, db, AuditSeverity, AuditLogEntry, ThreadReply, Thread, PackageState, PackageType, PackageAlias
def getPackageByInfo(author, name):
@ -40,15 +39,14 @@ def is_package_page(f):
if not ("author" in kwargs and "name" in kwargs):
abort(400)
author = kwargs.pop("author")
name = kwargs.pop("name")
author = kwargs["author"]
name = kwargs["name"]
package = getPackageByInfo(author, name)
if package is None:
package = getPackageByInfo(author, name + "_game")
if package and package.type == PackageType.GAME:
args = dict(kwargs)
args["author"] = author
args["name"] = name + "_game"
return redirect(url_for(request.endpoint, **args))
@ -61,6 +59,8 @@ def is_package_page(f):
abort(404)
del kwargs["author"]
del kwargs["name"]
return f(package=package, *args, **kwargs)
return decorated_function