diff options
| author | rubenwardy <rw@rubenwardy.com> | 2020-07-15 19:54:33 +0100 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2020-07-15 19:54:36 +0100 |
| commit | 7fb2f3170c067e7869bfb19f29da5f4d41762f34 (patch) | |
| tree | 8f23c0efa12876d02ae54a09f51b08103998e841 /app/blueprints/admin | |
| parent | 9663e87838dcc040cf0c5df99db1e07b7b56189e (diff) | |
| download | cheatdb-7fb2f3170c067e7869bfb19f29da5f4d41762f34.tar.xz | |
Allow Editors to edit tags
Diffstat (limited to 'app/blueprints/admin')
| -rw-r--r-- | app/blueprints/admin/tagseditor.py | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/app/blueprints/admin/tagseditor.py b/app/blueprints/admin/tagseditor.py index 70328bd..39d69e8 100644 --- a/app/blueprints/admin/tagseditor.py +++ b/app/blueprints/admin/tagseditor.py @@ -25,8 +25,11 @@ from wtforms.validators import * from app.utils import rank_required @bp.route("/tags/") -@rank_required(UserRank.MODERATOR) +@login_required def tag_list(): + if not Permission.EDIT_TAGS.check(current_user): + abort(403) + return render_template("admin/tags/list.html", tags=Tag.query.order_by(db.asc(Tag.title)).all()) class TagForm(FlaskForm): @@ -36,7 +39,7 @@ class TagForm(FlaskForm): @bp.route("/tags/new/", methods=["GET", "POST"]) @bp.route("/tags/<name>/edit/", methods=["GET", "POST"]) -@rank_required(UserRank.MODERATOR) +@login_required def create_edit_tag(name=None): tag = None if name is not None: @@ -44,6 +47,9 @@ def create_edit_tag(name=None): if tag is None: abort(404) + if not Permission.checkPerm(current_user, Permission.EDIT_TAGS if tag else Permission.CREATE_TAG): + abort(403) + form = TagForm(formdata=request.form, obj=tag) if request.method == "POST" and form.validate(): if tag is None: @@ -52,6 +58,10 @@ def create_edit_tag(name=None): else: form.populate_obj(tag) db.session.commit() - return redirect(url_for("admin.create_edit_tag", name=tag.name)) + + if Permission.EDIT_TAGS.check(current_user): + return redirect(url_for("admin.create_edit_tag", name=tag.name)) + else: + return redirect(url_for("homepage.home")) return render_template("admin/tags/edit.html", tag=tag, form=form) |