diff options
| author | rubenwardy <rw@rubenwardy.com> | 2018-03-24 19:37:33 +0000 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2018-03-24 19:37:33 +0000 |
| commit | 69efdd7fdeca8f278da4c511d4b3aef4cdab1129 (patch) | |
| tree | d90629d1c291bf299fc2658f3d8cb7375d0a6e9e | |
| parent | f51224a8d5b2204798611465c77308c90839730b (diff) | |
| download | cheatdb-69efdd7fdeca8f278da4c511d4b3aef4cdab1129.tar.xz | |
Add user rank changing
Fixes #14
| -rw-r--r-- | app/models.py | 30 | ||||
| -rw-r--r-- | app/templates/users/user_profile_page.html | 4 | ||||
| -rw-r--r-- | app/views/users.py | 28 | ||||
| -rw-r--r-- | setup.py | 2 |
4 files changed, 52 insertions, 12 deletions
diff --git a/app/models.py b/app/models.py index aeca471..f456e81 100644 --- a/app/models.py +++ b/app/models.py @@ -24,6 +24,20 @@ class UserRank(enum.Enum): def getTitle(self): return self.name.replace("_", " ").title() + def toName(self): + return self.name.lower() + + def __str__(self): + return self.name + + @classmethod + def choices(cls): + return [(choice, choice.getTitle()) for choice in cls] + + @classmethod + def coerce(cls, item): + return item if type(item) == UserRank else UserRank[item] + class Permission(enum.Enum): EDIT_PACKAGE = "EDIT_PACKAGE" @@ -34,6 +48,7 @@ class Permission(enum.Enum): APPROVE_RELEASE = "APPROVE_RELEASE" APPROVE_NEW = "APPROVE_NEW" CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL" + CHANGE_RANK = "CHANGE_RANK" # Only return true if the permission is valid for *all* contexts # See Package.checkPerm for package-specific contexts @@ -86,6 +101,21 @@ class User(db.Model, UserMixin): def isClaimed(self): return self.password is not None and self.password != "" + def checkPerm(self, user, perm): + if not user.is_authenticated: + return False + + if type(perm) == str: + perm = Permission[perm] + elif type(perm) != Permission: + raise Exception("Unknown permission given to User.checkPerm()") + + # Members can edit their own packages, and editors can edit any packages + if perm == Permission.CHANGE_RANK: + return user.rank.atLeast(UserRank.MODERATOR) + else: + raise Exception("Permission {} is not related to users".format(perm.name)) + class PackageType(enum.Enum): MOD = "Mod" GAME = "Game" diff --git a/app/templates/users/user_profile_page.html b/app/templates/users/user_profile_page.html index faa6e0c..91a3b54 100644 --- a/app/templates/users/user_profile_page.html +++ b/app/templates/users/user_profile_page.html @@ -87,6 +87,10 @@ {{ render_field(form.display_name, tabindex=240) }} + {% if user.checkPerm(current_user, "CHANGE_RANK") %} + {{ render_field(form.rank, tabindex=240) }} + {% endif %} + {{ render_submit_field(form.submit, tabindex=280) }} </div> </div> diff --git a/app/views/users.py b/app/views/users.py index 37387db..3ac37c2 100644 --- a/app/views/users.py +++ b/app/views/users.py @@ -4,20 +4,18 @@ from flask_login import login_user, logout_user from flask.ext import menu from app import app from app.models import * - - - -# Define the User registration form -# It augments the Flask-User RegisterForm with additional fields -from flask_user.forms import RegisterForm from flask_wtf import FlaskForm -from wtforms import StringField, SubmitField, validators +from flask_user.forms import RegisterForm +from wtforms import * +from wtforms.validators import * + class MyRegisterForm(RegisterForm): display_name = StringField("Display name") # Define the User profile form class UserProfileForm(FlaskForm): display_name = StringField("Display name") + rank = SelectField("Rank", [InputRequired()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER) submit = SubmitField("Save") @app.route("/users/", methods=["GET"]) @@ -33,20 +31,28 @@ def user_profile_page(username): abort(404) form = None - if user == current_user: + if user == current_user or user.checkPerm(current_user, Permission.CHANGE_RANK): # Initialize form - form = UserProfileForm(formdata=request.form, obj=current_user) + form = UserProfileForm(formdata=request.form, obj=user) # Process valid POST if request.method=="POST" and form.validate(): # Copy form fields to user_profile fields - form.populate_obj(current_user) + if user == current_user: + user.display_name = form["display_name"].data + + if user.checkPerm(current_user, Permission.CHANGE_RANK): + newRank = form["rank"].data + if current_user.rank.atLeast(newRank): + user.rank = form["rank"].data + else: + flash("Can't promote a user to a rank higher than yourself!", "error") # Save user_profile db.session.commit() # Redirect to home page - return redirect(url_for("home_page")) + return redirect(url_for("user_profile_page", username=username)) # Process GET or invalid POST return render_template("users/user_profile_page.html", @@ -17,7 +17,7 @@ if not os.path.isfile("db.sqlite"): ruben = User("rubenwardy") ruben.github_username = "rubenwardy" - ruben.rank = UserRank.EDITOR + ruben.rank = UserRank.ADMIN db.session.add(ruben) ez = User("Shara") |