diff options
| -rw-r--r-- | app/models.py | 16 | ||||
| -rw-r--r-- | app/public/static/topic_discard.js | 29 | ||||
| -rw-r--r-- | app/templates/macros/topics.html | 4 | ||||
| -rw-r--r-- | app/templates/todo/topics.html | 34 | ||||
| -rw-r--r-- | app/templates/users/user_profile_page.html | 11 | ||||
| -rw-r--r-- | app/views/api.py | 5 |
6 files changed, 63 insertions, 36 deletions
diff --git a/app/models.py b/app/models.py index 545a7f1..3a41c83 100644 --- a/app/models.py +++ b/app/models.py @@ -79,6 +79,7 @@ class Permission(enum.Enum): SEE_THREAD = "SEE_THREAD" CREATE_THREAD = "CREATE_THREAD" UNAPPROVE_PACKAGE = "UNAPPROVE_PACKAGE" + TOPIC_DISCARD = "TOPIC_DISCARD" # Only return true if the permission is valid for *all* contexts # See Package.checkPerm for package-specific contexts @@ -843,6 +844,21 @@ class ForumTopic(db.Model): "created_at": self.created_at.isoformat(), } + def checkPerm(self, user, perm): + if not user.is_authenticated: + return False + + if type(perm) == str: + perm = Permission[perm] + elif type(perm) != Permission: + raise Exception("Unknown permission given to ForumTopic.checkPerm()") + + if perm == Permission.TOPIC_DISCARD: + return self.author == user or user.rank.atLeast(UserRank.EDITOR) + + else: + raise Exception("Permission {} is not related to topics".format(perm.name)) + # Setup Flask-User db_adapter = SQLAlchemyAdapter(db, User) # Register the User model diff --git a/app/public/static/topic_discard.js b/app/public/static/topic_discard.js new file mode 100644 index 0000000..efc4272 --- /dev/null +++ b/app/public/static/topic_discard.js @@ -0,0 +1,29 @@ +$(".topic-discard").click(function() { + var ele = $(this); + var tid = ele.attr("data-tid"); + var discard = !ele.parent().parent().hasClass("discardtopic"); + fetch(new Request("/api/topic_discard/?tid=" + tid + + "&discard=" + (discard ? "true" : "false"), { + method: "post", + credentials: "same-origin", + headers: { + "Accept": "application/json", + "X-CSRFToken": csrf_token, + }, + })).then(function(response) { + response.text().then(function(txt) { + console.log(JSON.parse(txt)); + if (JSON.parse(txt).discarded) { + ele.parent().parent().addClass("discardtopic"); + ele.removeClass("btn-danger"); + ele.addClass("btn-success"); + ele.text("Show"); + } else { + ele.parent().parent().removeClass("discardtopic"); + ele.removeClass("btn-success"); + ele.addClass("btn-danger"); + ele.text("Discard"); + } + }).catch(console.log) + }).catch(console.log) +}); diff --git a/app/templates/macros/topics.html b/app/templates/macros/topics.html index 8316a70..432867d 100644 --- a/app/templates/macros/topics.html +++ b/app/templates/macros/topics.html @@ -1,4 +1,4 @@ -{% macro render_topics_table(topics, show_author=True, show_discard=False) -%} +{% macro render_topics_table(topics, show_author=True, show_discard=False, current_user=current_user) -%} <table class="table"> <tr> <th></th> @@ -27,7 +27,7 @@ href="{{ url_for('create_edit_package_page', author=topic.author.username, repo=topic.getRepoURL(), forums=topic.topic_id, title=topic.title, bname=topic.name) }}"> Create </a> - {% if show_discard %} + {% if show_discard and current_user.is_authenticated and topic.checkPerm(current_user, "TOPIC_DISCARD") %} <a class="btn btn-{% if topic.discarded %}success{% else %}danger{% endif %} topic-discard" data-tid={{ topic.topic_id }}> {% if topic.discarded %} Show diff --git a/app/templates/todo/topics.html b/app/templates/todo/topics.html index 5d3e7f9..b112254 100644 --- a/app/templates/todo/topics.html +++ b/app/templates/todo/topics.html @@ -59,7 +59,7 @@ Topics to be Added </form> {% from "macros/topics.html" import render_topics_table %} - {{ render_topics_table(topics, show_discard=True) }} + {{ render_topics_table(topics, show_discard=True, current_user=current_user) }} <ul class="pagination mt-4"> <li class="page-item {% if not prev_url %}disabled{% endif %}"> @@ -83,35 +83,5 @@ Topics to be Added <script> var csrf_token = "{{ csrf_token() }}"; </script> - <script> - $(".topic-discard").click(function() { - var ele = $(this); - var tid = ele.attr("data-tid"); - var discard = !ele.parent().parent().hasClass("discardtopic"); - fetch(new Request("{{ url_for('topic_set_discard') }}?tid=" + tid + - "&discard=" + (discard ? "true" : "false"), { - method: "post", - credentials: "same-origin", - headers: { - "Accept": "application/json", - "X-CSRFToken": csrf_token, - }, - })).then(function(response) { - response.text().then(function(txt) { - console.log(JSON.parse(txt)); - if (JSON.parse(txt).discarded) { - ele.parent().parent().addClass("discardtopic"); - ele.removeClass("btn-danger"); - ele.addClass("btn-success"); - ele.text("Show"); - } else { - ele.parent().parent().removeClass("discardtopic"); - ele.removeClass("btn-success"); - ele.addClass("btn-danger"); - ele.text("Discard"); - } - }).catch(console.log) - }).catch(console.log) - }); - </script> + <script src="/static/topic_discard.js"></script> {% endblock %} diff --git a/app/templates/users/user_profile_page.html b/app/templates/users/user_profile_page.html index 8949189..3dcb369 100644 --- a/app/templates/users/user_profile_page.html +++ b/app/templates/users/user_profile_page.html @@ -134,11 +134,20 @@ <p class="card-body"> List of your forum topics which do not have a matching package. + Topics with a strikethrough have beened marked as discarded. </p> {% from "macros/topics.html" import render_topics_table %} - {{ render_topics_table(topics_to_add, show_author=False) }} + {{ render_topics_table(topics_to_add, show_author=False, show_discard=True, current_user=current_user) }} </div> {% endif %} {% endblock %} + + +{% block scriptextra %} + <script> + var csrf_token = "{{ csrf_token() }}"; + </script> + <script src="/static/topic_discard.js"></script> +{% endblock %} diff --git a/app/views/api.py b/app/views/api.py index 04f58d6..0c1fc0e 100644 --- a/app/views/api.py +++ b/app/views/api.py @@ -46,7 +46,7 @@ def api_topics_page(): @app.route("/api/topic_discard/", methods=["POST"]) -@rank_required(UserRank.EDITOR) +@login_required def topic_set_discard(): tid = request.args.get("tid") discard = request.args.get("discard") @@ -54,6 +54,9 @@ def topic_set_discard(): abort(400) topic = ForumTopic.query.get(tid) + if not topic.checkPerm(current_user, Permission.TOPIC_DISCARD): + abort(403) + topic.discarded = discard == "true" db.session.commit() |