Allow users to discard their own topics

6 files changed, 63 insertions, 36 deletions

diff --git a/app/models.py b/app/models.py
index 545a7f1..3a41c83 100644
--- a/app/models.py
+++ b/app/models.py
@@ -79,6 +79,7 @@ class Permission(enum.Enum):
 	SEE_THREAD         = "SEE_THREAD"
 	CREATE_THREAD      = "CREATE_THREAD"
 	UNAPPROVE_PACKAGE  = "UNAPPROVE_PACKAGE"
+	TOPIC_DISCARD      = "TOPIC_DISCARD"
 
 	# Only return true if the permission is valid for *all* contexts
 	# See Package.checkPerm for package-specific contexts
@@ -843,6 +844,21 @@ class ForumTopic(db.Model):
 			"created_at": self.created_at.isoformat(),
 		}
 
+	def checkPerm(self, user, perm):
+		if not user.is_authenticated:
+			return False
+
+		if type(perm) == str:
+			perm = Permission[perm]
+		elif type(perm) != Permission:
+			raise Exception("Unknown permission given to ForumTopic.checkPerm()")
+
+		if perm == Permission.TOPIC_DISCARD:
+			return self.author == user or user.rank.atLeast(UserRank.EDITOR)
+
+		else:
+			raise Exception("Permission {} is not related to topics".format(perm.name))
+
 
 # Setup Flask-User
 db_adapter = SQLAlchemyAdapter(db, User)        # Register the User model
diff --git a/app/public/static/topic_discard.js b/app/public/static/topic_discard.js
new file mode 100644
index 0000000..efc4272
--- /dev/null
+++ b/app/public/static/topic_discard.js
@@ -0,0 +1,29 @@
+$(".topic-discard").click(function() {
+	var ele = $(this);
+	var tid = ele.attr("data-tid");
+	var discard = !ele.parent().parent().hasClass("discardtopic");
+	fetch(new Request("/api/topic_discard/?tid=" + tid +
+			"&discard=" + (discard ? "true" : "false"), {
+		method: "post",
+		credentials: "same-origin",
+		headers: {
+			"Accept": "application/json",
+			"X-CSRFToken": csrf_token,
+		},
+	})).then(function(response) {
+		response.text().then(function(txt) {
+			console.log(JSON.parse(txt));
+			if (JSON.parse(txt).discarded) {
+				ele.parent().parent().addClass("discardtopic");
+				ele.removeClass("btn-danger");
+				ele.addClass("btn-success");
+				ele.text("Show");
+			} else {
+				ele.parent().parent().removeClass("discardtopic");
+				ele.removeClass("btn-success");
+				ele.addClass("btn-danger");
+				ele.text("Discard");
+			}
+		}).catch(console.log)
+	}).catch(console.log)
+});
diff --git a/app/templates/macros/topics.html b/app/templates/macros/topics.html
index 8316a70..432867d 100644
--- a/app/templates/macros/topics.html
+++ b/app/templates/macros/topics.html
@@ -1,4 +1,4 @@
-{% macro render_topics_table(topics, show_author=True, show_discard=False) -%}
+{% macro render_topics_table(topics, show_author=True, show_discard=False, current_user=current_user) -%}
 <table class="table">
 	<tr>
 		<th></th>
@@ -27,7 +27,7 @@
 					href="{{ url_for('create_edit_package_page', author=topic.author.username, repo=topic.getRepoURL(), forums=topic.topic_id, title=topic.title, bname=topic.name) }}">
 					Create
 				</a>
-				{% if show_discard %}
+				{% if show_discard and current_user.is_authenticated and topic.checkPerm(current_user, "TOPIC_DISCARD") %}
 					<a class="btn btn-{% if topic.discarded %}success{% else %}danger{% endif %} topic-discard" data-tid={{ topic.topic_id }}>
 						{% if topic.discarded %}
 							Show
diff --git a/app/templates/todo/topics.html b/app/templates/todo/topics.html
index 5d3e7f9..b112254 100644
--- a/app/templates/todo/topics.html
+++ b/app/templates/todo/topics.html
@@ -59,7 +59,7 @@ Topics to be Added
 	</form>
 
 	{% from "macros/topics.html" import render_topics_table %}
-	{{ render_topics_table(topics, show_discard=True) }}
+	{{ render_topics_table(topics, show_discard=True, current_user=current_user) }}
 
 	<ul class="pagination mt-4">
 		<li class="page-item {% if not prev_url %}disabled{% endif %}">
@@ -83,35 +83,5 @@ Topics to be Added
 	<script>
 		var csrf_token = "{{ csrf_token() }}";
 	</script>
-	<script>
-		$(".topic-discard").click(function() {
-			var ele = $(this);
-			var tid = ele.attr("data-tid");
-			var discard = !ele.parent().parent().hasClass("discardtopic");
-			fetch(new Request("{{ url_for('topic_set_discard') }}?tid=" + tid +
-					"&discard=" + (discard ? "true" : "false"), {
-				method: "post",
-				credentials: "same-origin",
-				headers: {
-					"Accept": "application/json",
-					"X-CSRFToken": csrf_token,
-				},
-			})).then(function(response) {
-				response.text().then(function(txt) {
-					console.log(JSON.parse(txt));
-					if (JSON.parse(txt).discarded) {
-						ele.parent().parent().addClass("discardtopic");
-						ele.removeClass("btn-danger");
-						ele.addClass("btn-success");
-						ele.text("Show");
-					} else {
-						ele.parent().parent().removeClass("discardtopic");
-						ele.removeClass("btn-success");
-						ele.addClass("btn-danger");
-						ele.text("Discard");
-					}
-				}).catch(console.log)
-			}).catch(console.log)
-		});
-	</script>
+	<script src="/static/topic_discard.js"></script>
 {% endblock %}
diff --git a/app/templates/users/user_profile_page.html b/app/templates/users/user_profile_page.html
index 8949189..3dcb369 100644
--- a/app/templates/users/user_profile_page.html
+++ b/app/templates/users/user_profile_page.html
@@ -134,11 +134,20 @@
 
 		<p class="card-body">
 			List of your forum topics which do not have a matching package.
+			Topics with a strikethrough have beened marked as discarded.
 		</p>
 
 		{% from "macros/topics.html" import render_topics_table %}
-		{{ render_topics_table(topics_to_add, show_author=False) }}
+		{{ render_topics_table(topics_to_add, show_author=False, show_discard=True, current_user=current_user) }}
 	</div>
 {% endif %}
 
 {% endblock %}
+
+
+{% block scriptextra %}
+	<script>
+		var csrf_token = "{{ csrf_token() }}";
+	</script>
+	<script src="/static/topic_discard.js"></script>
+{% endblock %}
diff --git a/app/views/api.py b/app/views/api.py
index 04f58d6..0c1fc0e 100644
--- a/app/views/api.py
+++ b/app/views/api.py
@@ -46,7 +46,7 @@ def api_topics_page():
 
 
 @app.route("/api/topic_discard/", methods=["POST"])
-@rank_required(UserRank.EDITOR)
+@login_required
 def topic_set_discard():
 	tid = request.args.get("tid")
 	discard = request.args.get("discard")
@@ -54,6 +54,9 @@ def topic_set_discard():
 		abort(400)
 
 	topic = ForumTopic.query.get(tid)
+	if not topic.checkPerm(current_user, Permission.TOPIC_DISCARD):
+		abort(403)
+
 	topic.discarded = discard == "true"
 	db.session.commit()