diff options
| -rw-r--r-- | app/models.py | 3 | ||||
| -rw-r--r-- | app/templates/users/user_profile_page.html | 6 | ||||
| -rw-r--r-- | app/views/users.py | 6 |
3 files changed, 10 insertions, 5 deletions
diff --git a/app/models.py b/app/models.py index f632b7c..b5607ab 100644 --- a/app/models.py +++ b/app/models.py @@ -65,6 +65,7 @@ class Permission(enum.Enum): APPROVE_RELEASE = "APPROVE_RELEASE" APPROVE_NEW = "APPROVE_NEW" CHANGE_RELEASE_URL = "CHANGE_RELEASE_URL" + CHANGE_DNAME = "CHANGE_DNAME" CHANGE_RANK = "CHANGE_RANK" CHANGE_EMAIL = "CHANGE_EMAIL" EDIT_EDITREQUEST = "EDIT_EDITREQUEST" @@ -140,7 +141,7 @@ class User(db.Model, UserMixin): # Members can edit their own packages, and editors can edit any packages if perm == Permission.CHANGE_AUTHOR: return user.rank.atLeast(UserRank.EDITOR) - elif perm == Permission.CHANGE_RANK: + elif perm == Permission.CHANGE_RANK or perm == Permission.CHANGE_DNAME: return user.rank.atLeast(UserRank.MODERATOR) elif perm == Permission.CHANGE_EMAIL: return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank)) diff --git a/app/templates/users/user_profile_page.html b/app/templates/users/user_profile_page.html index 53afd57..e4f9ff0 100644 --- a/app/templates/users/user_profile_page.html +++ b/app/templates/users/user_profile_page.html @@ -7,7 +7,7 @@ {% block content %} <div class="box box_grey"> - <h2>{{ user.username }}</h2> + <h2>{{ user.display_name }}</h2> <table> <tr> @@ -73,7 +73,9 @@ <div class="col-sm-6 col-md-5 col-lg-4"> {{ form.hidden_tag() }} - {{ render_field(form.display_name, tabindex=230) }} + {% if user.checkPerm(current_user, "CHANGE_DNAME") %} + {{ render_field(form.display_name, tabindex=230) }} + {% endif %} {% if user.checkPerm(current_user, "CHANGE_EMAIL") %} {{ render_field(form.email, tabindex=240) }} diff --git a/app/views/users.py b/app/views/users.py index dda53cd..c2460e1 100644 --- a/app/views/users.py +++ b/app/views/users.py @@ -50,14 +50,16 @@ def user_profile_page(username): abort(404) form = None - if user == current_user or user.checkPerm(current_user, Permission.CHANGE_RANK): + if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \ + user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \ + user.checkPerm(current_user, Permission.CHANGE_RANK): # Initialize form form = UserProfileForm(formdata=request.form, obj=user) # Process valid POST if request.method=="POST" and form.validate(): # Copy form fields to user_profile fields - if user == current_user: + if user.checkPerm(current_user, Permission.CHANGE_DNAME): user.display_name = form["display_name"].data if user.checkPerm(current_user, Permission.CHANGE_RANK): |