diff options
| author | rubenwardy <rw@rubenwardy.com> | 2018-07-28 14:25:51 +0100 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2018-07-28 14:25:51 +0100 |
| commit | 901e115a217f45668d3d078559fcd23e4f9c34ac (patch) | |
| tree | 90d09c8e89a4fccae95513eccdae5aabd1befa52 | |
| parent | d4c21660196dcd61e36b8c8ffee7bffae8b1017b (diff) | |
| download | cheatdb-901e115a217f45668d3d078559fcd23e4f9c34ac.tar.xz | |
Prevent trusted users from approving their own packages
| -rw-r--r-- | app/flatpages/help/ranks_permissions.md | 21 | ||||
| -rw-r--r-- | app/models.py | 7 |
2 files changed, 22 insertions, 6 deletions
diff --git a/app/flatpages/help/ranks_permissions.md b/app/flatpages/help/ranks_permissions.md index 5737938..9252930 100644 --- a/app/flatpages/help/ranks_permissions.md +++ b/app/flatpages/help/ranks_permissions.md @@ -34,6 +34,8 @@ title: Ranks and Permissions <th>N</th> <th>Y</th> <th>N</th> + <th>Y</th> + <th>N</th> </tr> </thead> <tbody> @@ -58,7 +60,7 @@ title: Ranks and Permissions <th></th> <th></th> <!-- member --> <th></th> - <th>✓</th> <!-- trusted member --> + <th></th> <!-- trusted member --> <th></th> <th>✓</th> <!-- editor --> <th>✓</th> @@ -101,7 +103,7 @@ title: Ranks and Permissions <td>Approve Screenshot</td> <th></th> <!-- new --> <th></th> - <th>✓</th> <!-- member --> + <th></th> <!-- member --> <th></th> <th>✓</th> <!-- trusted member --> <th></th> @@ -188,6 +190,21 @@ title: Ranks and Permissions <th>✓</th> </tr> <tr> + <td>See Private Thread</td> + <th>✓</th> <!-- new --> + <th></th> + <th>✓</th> <!-- member --> + <th></th> + <th>✓</th> <!-- trusted member --> + <th></th> + <th>✓</th> <!-- editor --> + <th>✓</th> + <th>✓</th> <!-- moderator --> + <th>✓</th> + <th>✓</th> <!-- admin --> + <th>✓</th> + </tr> + <tr> <td>Set Email</td> <th>✓</th> <!-- new --> <th></th> diff --git a/app/models.py b/app/models.py index c402d09..0452009 100644 --- a/app/models.py +++ b/app/models.py @@ -489,12 +489,11 @@ class Package(db.Model): else: return user.rank.atLeast(UserRank.EDITOR) - # Editors can change authors - elif perm == Permission.CHANGE_AUTHOR: + # Editors can change authors and approve new packages + elif perm == Permission.APPROVE_NEW or perm == Permission.CHANGE_AUTHOR: return user.rank.atLeast(UserRank.EDITOR) - elif perm == Permission.APPROVE_NEW or perm == Permission.APPROVE_RELEASE \ - or perm == Permission.APPROVE_SCREENSHOT: + elif perm == Permission.APPROVE_RELEASE or perm == Permission.APPROVE_SCREENSHOT: return user.rank.atLeast(UserRank.TRUSTED_MEMBER if isOwner else UserRank.EDITOR) # Moderators can delete packages |