Improve permission checking in work queue

author: rubenwardy <rw@rubenwardy.com> 2018-03-21 19:53:53 +0000
committer: rubenwardy <rw@rubenwardy.com> 2018-03-21 19:53:53 +0000
commit: 8a8b0e505bab6ea4d631e7c63dad9260ff7e8936 (patch)
tree: f1d8c3f1378b7bffa87fcf09717f750efdf496ed /app/models.py
parent: 71691708ae121493cf52b19acbb6893caf8fe7ed (diff)
download: cheatdb-8a8b0e505bab6ea4d631e7c63dad9260ff7e8936.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/app/models.py b/app/models.py
index 2ab3655..2eaee9b 100644
--- a/app/models.py
+++ b/app/models.py
@@ -35,11 +35,15 @@ class Permission(enum.Enum):
 	APPROVE_NEW        = "APPROVE_NEW"
 	CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL"
 
+	# Only return true if the permission is valid for *all* contexts
+	# See Package.checkPerm for package-specific contexts
 	def check(self, user):
 		if not user.is_authenticated:
 			return False
 
-		if self == Permission.APPROVE_NEW:
+		if self == Permission.APPROVE_NEW or \
+				self == Permission.APPROVE_CHANGES or \
+				self == Permission.APPROVE_RELEASE:
 			return user.rank.atLeast(UserRank.EDITOR)
 		else:
 			raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")
author	rubenwardy <rw@rubenwardy.com>	2018-03-21 19:53:53 +0000
committer	rubenwardy <rw@rubenwardy.com>	2018-03-21 19:53:53 +0000
commit	8a8b0e505bab6ea4d631e7c63dad9260ff7e8936 (patch)
tree	f1d8c3f1378b7bffa87fcf09717f750efdf496ed /app/models.py
parent	71691708ae121493cf52b19acbb6893caf8fe7ed (diff)
download	cheatdb-8a8b0e505bab6ea4d631e7c63dad9260ff7e8936.tar.xz