Add ability to edit editrequests

4 files changed, 69 insertions, 8 deletions

diff --git a/app/models.py b/app/models.py
index 113a1cb..01340bd 100644
--- a/app/models.py
+++ b/app/models.py
@@ -49,6 +49,7 @@ class Permission(enum.Enum):
 	APPROVE_NEW        = "APPROVE_NEW"
 	CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
 	CHANGE_RANK        = "CHANGE_RANK"
+	EDIT_EDITREQUEST   = "EDIT_EDITREQUEST"
 
 	# Only return true if the permission is valid for *all* contexts
 	# See Package.checkPerm for package-specific contexts
@@ -248,7 +249,7 @@ class Package(db.Model):
 				author=self.author.username, name=self.name)
 
 	def getCreateEditRequestURL(self):
-		return url_for("create_editrequest_page",
+		return url_for("create_edit_editrequest_page",
 				ptype=self.type.toName(),
 				author=self.author.username, name=self.name)
 
@@ -353,6 +354,9 @@ class EditRequest(db.Model):
 	title        = db.Column(db.String(100), nullable=False)
 	desc         = db.Column(db.String(1000), nullable=True)
 
+	# 0 - open
+	# 1 - merged
+	# 2 - rejected
 	status       = db.Column(db.Integer, nullable=False, default=0)
 
 	changes = db.relationship("EditRequestChange", backref="request",
@@ -379,11 +383,38 @@ class EditRequest(db.Model):
 				name=self.package.name,
 				id=self.id)
 
+	def getEditURL(self):
+		return url_for("create_edit_editrequest_page",
+				ptype=self.package.type.toName(),
+				author=self.package.author.username,
+				name=self.package.name,
+				id=self.id)
+
 	def applyAll(self, package):
 		for change in self.changes:
 			change.apply(package)
 
 
+	def checkPerm(self, user, perm):
+		if not user.is_authenticated:
+			return False
+
+		if type(perm) == str:
+			perm = Permission[perm]
+		elif type(perm) != Permission:
+			raise Exception("Unknown permission given to EditRequest.checkPerm()")
+
+		isOwner = user == self.author
+
+		# Members can edit their own packages, and editors can edit any packages
+		if perm == Permission.EDIT_EDITREQUEST:
+			return isOwner or user.rank.atLeast(UserRank.EDITOR)
+
+		else:
+			raise Exception("Permission {} is not related to packages".format(perm.name))
+
+
+
 
 class EditRequestChange(db.Model):
 	id           = db.Column(db.Integer, primary_key=True)
diff --git a/app/templates/packages/editrequest_create.html b/app/templates/packages/editrequest_create_edit.html
index dbeba24..db3beb2 100644
--- a/app/templates/packages/editrequest_create.html
+++ b/app/templates/packages/editrequest_create_edit.html
@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 
 {% block title %}
-	{{ package.title or "Create Package" }}
+	{{ package.title or "Edit Request" }}
 {% endblock %}
 
 {% block content %}
diff --git a/app/templates/packages/editrequest_view.html b/app/templates/packages/editrequest_view.html
index 22b60ae..ce8f70e 100644
--- a/app/templates/packages/editrequest_view.html
+++ b/app/templates/packages/editrequest_view.html
@@ -7,6 +7,9 @@
 {% block content %}
 	<h1>{{ request.title }} by {{ request.author.display_name }}</h1>
 	<p>
+		{% if request.status != 1 and request.status != 2 and request.checkPerm(current_user, 'EDIT_EDITREQUEST') %}
+			<a href="{{ request.getEditURL() }}">Edit</a> |
+		{% endif %}
 		Package: <a href="{{ package.getDetailsURL() }}">{{ package.title }}</a>
 	</p>
 	<p>
diff --git a/app/views/packages.py b/app/views/packages.py
index c39cc8e..9dde674 100644
--- a/app/views/packages.py
+++ b/app/views/packages.py
@@ -249,19 +249,43 @@ class EditRequestForm(PackageForm):
 	edit_desc  = TextField("Edit Description", [Optional()])
 
 @app.route("/<ptype>s/<author>/<name>/requests/new/", methods=["GET","POST"])
+@app.route("/<ptype>s/<author>/<name>/requests/<id>/edit/", methods=["GET","POST"])
 @login_required
-def create_editrequest_page(ptype, author, name):
+def create_edit_editrequest_page(ptype, author, name, id=None):
 	package = getPageByInfo(ptype, author, name)
+	edited_package = package
 
-	form = EditRequestForm(request.form, obj=package)
+	erequest = None
+	if id is not None:
+		erequest = EditRequest.query.get(id)
+		if erequest.package != package:
+			abort(404)
+
+		from copy import copy
+		edited_package = copy(package)
+		erequest.applyAll(edited_package)
+
+		if not erequest.checkPerm(current_user, Permission.EDIT_EDITREQUEST):
+			abort(403)
+
+		if erequest.status != 0:
+			flash("Can't edit EditRequest, it has already been merged or rejected", "error")
+			return redirect(erequest.getURL())
+
+
+	form = EditRequestForm(request.form, obj=edited_package)
 	if request.method == "POST" and form.validate():
-		erequest = EditRequest()
-		erequest.package = package
-		erequest.author  = current_user
+		if erequest is None:
+			erequest = EditRequest()
+			erequest.package = package
+			erequest.author  = current_user
+
 		erequest.title   = form["edit_title"].data
 		erequest.desc    = form["edit_desc"].data
 		db.session.add(erequest)
 
+		EditRequestChange.query.filter_by(request=erequest).delete()
+
 		wasChangeMade = False
 		for e in PackagePropertyKey:
 			newValue = form[e.name].data
@@ -288,8 +312,11 @@ def create_editrequest_page(ptype, author, name):
 			return redirect(erequest.getURL())
 		else:
 			flash("No changes detected", "warning")
+	elif erequest is not None:
+		form["edit_title"].data = erequest.title
+		form["edit_desc"].data  = erequest.desc
 
-	return render_template("packages/editrequest_create.html", package=package, form=form)
+	return render_template("packages/editrequest_create_edit.html", package=package, form=form)
 
 
 @app.route("/<ptype>s/<author>/<name>/requests/<id>/")