4 files changed, 42 insertions, 20 deletions
diff --git a/app/models.py b/app/models.py
index 9c17da6..545a7f1 100644
--- a/app/models.py
+++ b/app/models.py
@@ -78,6 +78,7 @@ class Permission(enum.Enum):
 	EDIT_EDITREQUEST   = "EDIT_EDITREQUEST"
 	SEE_THREAD         = "SEE_THREAD"
 	CREATE_THREAD      = "CREATE_THREAD"
+	UNAPPROVE_PACKAGE  = "UNAPPROVE_PACKAGE"
 
 	# Only return true if the permission is valid for *all* contexts
 	# See Package.checkPerm for package-specific contexts
@@ -449,8 +450,8 @@ class Package(db.Model):
 		return url_for("approve_package_page",
 				author=self.author.username, name=self.name)
 
-	def getDeleteURL(self):
-		return url_for("delete_package_page",
+	def getRemoveURL(self):
+		return url_for("remove_package_page",
 				author=self.author.username, name=self.name)
 
 	def getNewScreenshotURL(self):
@@ -505,7 +506,8 @@ class Package(db.Model):
 			return user.rank.atLeast(UserRank.TRUSTED_MEMBER if isOwner else UserRank.EDITOR)
 
 		# Moderators can delete packages
-		elif perm == Permission.DELETE_PACKAGE or perm == Permission.CHANGE_RELEASE_URL:
+		elif perm == Permission.DELETE_PACKAGE or perm == Permission.UNAPPROVE_PACKAGE \
+				or perm == Permission.CHANGE_RELEASE_URL:
 			return user.rank.atLeast(UserRank.MODERATOR)
 
 		else:
diff --git a/app/templates/packages/delete.html b/app/templates/packages/remove.html
index 96f37f3..fd20637 100644
--- a/app/templates/packages/delete.html
+++ b/app/templates/packages/remove.html
@@ -6,13 +6,14 @@
 
 {% block content %}
 	<form method="POST" action="" class="box box_grey ">
-		<h3>Delete Package</h3>
+		<h3>Remove Package</h3>
 
 		<div class="box-body">
-			<p>This action can be undone by the admin, but he'll be very annoyed!</p>
+			<p>Deleting a package can be undone by the admin, but he'll be very annoyed!</p>
 
 			<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
-			<input type="submit" value="Delete" class="btn-danger" />
+			<input type="submit" name="delete" value="Delete" class="btn btn-danger" />
+			<input type="submit" name="unapprove" value="Unapprove" class="btn btn-warning" />
 		</div>
 	</form>
 {% endblock %}
diff --git a/app/templates/packages/view.html b/app/templates/packages/view.html
index 71cbbaf..d97e376 100644
--- a/app/templates/packages/view.html
+++ b/app/templates/packages/view.html
@@ -130,8 +130,8 @@
 					{# {% if current_user.is_authenticated %}
 						<a class="btn btn-default btn-sm mx-1" href="{{ package.getCreateEditRequestURL() }}">Suggest Changes</a>
 					{% endif %} #}
-					{% if package.checkPerm(current_user, "DELETE_PACKAGE") %}
-						<a class="btn btn-danger btn-sm mx-1" href="{{ package.getDeleteURL() }}">Delete</a>
+					{% if package.checkPerm(current_user, "DELETE_PACKAGE") or package.checkPerm(current_user, "UNAPPROVE_PACKAGE") %}
+						<a class="btn btn-danger btn-sm mx-1" href="{{ package.getRemoveURL() }}">Remove</a>
 					{% endif %}
 					</div>
 
diff --git a/app/views/packages/__init__.py b/app/views/packages/__init__.py
index db6753b..0d96830 100644
--- a/app/views/packages/__init__.py
+++ b/app/views/packages/__init__.py
@@ -402,25 +402,44 @@ def approve_package_page(package):
 	return redirect(package.getDetailsURL())
 
 
-@app.route("/packages/<author>/<name>/delete/", methods=["GET", "POST"])
+@app.route("/packages/<author>/<name>/remove/", methods=["GET", "POST"])
 @login_required
 @is_package_page
-def delete_package_page(package):
+def remove_package_page(package):
 	if request.method == "GET":
-		return render_template("packages/delete.html", package=package)
+		return render_template("packages/remove.html", package=package)
 
-	if not package.checkPerm(current_user, Permission.DELETE_PACKAGE):
-		flash("You don't have permission to do that.", "error")
+	if "delete" in request.form:
+		if not package.checkPerm(current_user, Permission.DELETE_PACKAGE):
+			flash("You don't have permission to do that.", "error")
+			return redirect(package.getDetailsURL())
 
-	package.soft_deleted = True
+		package.soft_deleted = True
 
-	url = url_for("user_profile_page", username=package.author.username)
-	triggerNotif(package.author, current_user,
-			"{} deleted".format(package.title), url)
-	db.session.commit()
+		url = url_for("user_profile_page", username=package.author.username)
+		triggerNotif(package.author, current_user,
+				"{} deleted".format(package.title), url)
+		db.session.commit()
+
+		flash("Deleted package", "success")
+
+		return redirect(url)
+	elif "unapprove" in request.form:
+		if not package.checkPerm(current_user, Permission.UNAPPROVE_PACKAGE):
+			flash("You don't have permission to do that.", "error")
+			return redirect(package.getDetailsURL())
 
-	flash("Deleted package", "success")
+		package.approved = False
+
+		triggerNotif(package.author, current_user,
+				"{} deleted".format(package.title), package.getDetailsURL())
+		db.session.commit()
+
+		flash("Unapproved package", "success")
+
+		return redirect(package.getDetailsURL())
+	else:
+		abort(400)
 
-	return redirect(url)
 
 from . import todo, screenshots, releases