mirror of
https://github.com/minetest/contentdb.git
synced 2024-12-23 06:22:24 +01:00
Revert "Limit visibility of unapproved packages to maintainers and approvers" and "Fix 404 on packages when not logged in"
This reverts commit 85a178d90e7ea654f456716a203388a1035048a4. This reverts commit 727db52c19b6775972f9b5c073b26ce3c9e543bd.
This commit is contained in:
parent
afdf06b3f6
commit
f8e82b63e3
@ -115,9 +115,6 @@ def getReleases(package):
|
||||
@bp.route("/packages/<author>/<name>/")
|
||||
@is_package_page
|
||||
def view(package):
|
||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
||||
abort(404)
|
||||
|
||||
show_similar = not package.approved and (
|
||||
current_user in package.maintainers or
|
||||
package.checkPerm(current_user, Permission.APPROVE_NEW))
|
||||
@ -208,9 +205,6 @@ def shield(package, type):
|
||||
@bp.route("/packages/<author>/<name>/download/")
|
||||
@is_package_page
|
||||
def download(package):
|
||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
||||
abort(404)
|
||||
|
||||
release = package.getDownloadRelease()
|
||||
|
||||
if release is None:
|
||||
@ -593,9 +587,6 @@ def alias_create_edit(package: Package, alias_id: int = None):
|
||||
@login_required
|
||||
@is_package_page
|
||||
def share(package):
|
||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
||||
abort(404)
|
||||
|
||||
return render_template("packages/share.html", package=package,
|
||||
tabs=get_package_tabs(current_user, package), current_tab="share")
|
||||
|
||||
@ -603,9 +594,6 @@ def share(package):
|
||||
@bp.route("/packages/<author>/<name>/similar/")
|
||||
@is_package_page
|
||||
def similar(package):
|
||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
||||
abort(404)
|
||||
|
||||
packages_modnames = {}
|
||||
for metapackage in package.provides:
|
||||
packages_modnames[metapackage] = Package.query.filter(Package.id != package.id,
|
||||
|
@ -33,9 +33,6 @@ from . import bp, get_package_tabs
|
||||
@bp.route("/packages/<author>/<name>/releases/", methods=["GET", "POST"])
|
||||
@is_package_page
|
||||
def list_releases(package):
|
||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
||||
abort(404)
|
||||
|
||||
return render_template("packages/releases_list.html",
|
||||
package=package,
|
||||
tabs=get_package_tabs(current_user, package), current_tab="releases")
|
||||
@ -111,9 +108,6 @@ def create_release(package):
|
||||
@bp.route("/packages/<author>/<name>/releases/<id>/download/")
|
||||
@is_package_page
|
||||
def download_release(package, id):
|
||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
||||
abort(404)
|
||||
|
||||
release = PackageRelease.query.get(id)
|
||||
if release is None or release.package != package:
|
||||
abort(404)
|
||||
|
@ -24,8 +24,7 @@ from flask_login import current_user, login_required
|
||||
from flask_wtf import FlaskForm
|
||||
from wtforms import *
|
||||
from wtforms.validators import *
|
||||
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank, \
|
||||
Permission
|
||||
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank
|
||||
from app.utils import is_package_page, addNotification, get_int_or_abort, isYes, is_safe_url, rank_required
|
||||
from app.tasks.webhooktasks import post_discord_webhook
|
||||
|
||||
@ -54,9 +53,6 @@ def review(package):
|
||||
flash(gettext("You can't review your own package!"), "danger")
|
||||
return redirect(package.getURL("packages.view"))
|
||||
|
||||
if not package.checkPerm(current_user, Permission.SEE_PACKAGE):
|
||||
abort(404)
|
||||
|
||||
review = PackageReview.query.filter_by(package=package, author=current_user).first()
|
||||
|
||||
form = ReviewForm(formdata=request.form, obj=review)
|
||||
|
@ -599,7 +599,7 @@ class Package(db.Model):
|
||||
|
||||
def checkPerm(self, user, perm):
|
||||
if not user.is_authenticated:
|
||||
return perm == Permission.SEE_PACKAGE and self.state == PackageState.APPROVED
|
||||
return False
|
||||
|
||||
if type(perm) == str:
|
||||
perm = Permission[perm]
|
||||
@ -610,10 +610,7 @@ class Package(db.Model):
|
||||
isMaintainer = isOwner or user.rank.atLeast(UserRank.EDITOR) or user in self.maintainers
|
||||
isApprover = user.rank.atLeast(UserRank.APPROVER)
|
||||
|
||||
if perm == Permission.SEE_PACKAGE:
|
||||
return self.state == PackageState.APPROVED or isMaintainer or isApprover
|
||||
|
||||
elif perm == Permission.CREATE_THREAD:
|
||||
if perm == Permission.CREATE_THREAD:
|
||||
return user.rank.atLeast(UserRank.MEMBER)
|
||||
|
||||
# Members can edit their own packages, and editors can edit any packages
|
||||
|
@ -59,7 +59,6 @@ class UserRank(enum.Enum):
|
||||
|
||||
|
||||
class Permission(enum.Enum):
|
||||
SEE_PACKAGE = "SEE_PACKAGE"
|
||||
EDIT_PACKAGE = "EDIT_PACKAGE"
|
||||
DELETE_PACKAGE = "DELETE_PACKAGE"
|
||||
CHANGE_AUTHOR = "CHANGE_AUTHOR"
|
||||
|
@ -18,8 +18,7 @@
|
||||
from functools import wraps
|
||||
from flask import abort, redirect, url_for, request
|
||||
from flask_login import current_user
|
||||
from app.models import User, NotificationType, Package, UserRank, Notification, db, AuditSeverity, AuditLogEntry, \
|
||||
ThreadReply, Thread, PackageState, PackageType, PackageAlias
|
||||
from app.models import User, NotificationType, Package, UserRank, Notification, db, AuditSeverity, AuditLogEntry, ThreadReply, Thread, PackageState, PackageType, PackageAlias
|
||||
|
||||
|
||||
def getPackageByInfo(author, name):
|
||||
@ -40,15 +39,14 @@ def is_package_page(f):
|
||||
if not ("author" in kwargs and "name" in kwargs):
|
||||
abort(400)
|
||||
|
||||
author = kwargs.pop("author")
|
||||
name = kwargs.pop("name")
|
||||
author = kwargs["author"]
|
||||
name = kwargs["name"]
|
||||
|
||||
package = getPackageByInfo(author, name)
|
||||
if package is None:
|
||||
package = getPackageByInfo(author, name + "_game")
|
||||
if package and package.type == PackageType.GAME:
|
||||
args = dict(kwargs)
|
||||
args["author"] = author
|
||||
args["name"] = name + "_game"
|
||||
return redirect(url_for(request.endpoint, **args))
|
||||
|
||||
@ -61,6 +59,8 @@ def is_package_page(f):
|
||||
|
||||
abort(404)
|
||||
|
||||
del kwargs["author"]
|
||||
del kwargs["name"]
|
||||
return f(package=package, *args, **kwargs)
|
||||
|
||||
return decorated_function
|
||||
|
Loading…
Reference in New Issue
Block a user