Create symmetry between IsAdmin/Mod/SuperMod and AtleastSuperMod permissions

flaskbb/management/views.py

@@ -56,7 +56,7 @@ def overview():
 
 @management.route("/settings", methods=["GET", "POST"])
 @management.route("/settings/<path:slug>", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def settings(slug=None):
     slug = slug if slug else "general"
 
@@ -160,7 +160,7 @@ def edit_user(user_id):
 
 @management.route("/users/delete", methods=["POST"])
 @management.route("/users/<int:user_id>/delete", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def delete_user(user_id=None):
     # ajax request
     if request.is_xhr:
@@ -199,7 +199,7 @@ def delete_user(user_id=None):
 
 
 @management.route("/users/add", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def add_user():
     form = AddUserForm()
     if form.validate_on_submit():
@@ -416,7 +416,7 @@ def report_markread(report_id=None):
 
 # Groups
 @management.route("/groups")
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def groups():
     page = request.args.get("page", 1, type=int)
 
@@ -428,7 +428,7 @@ def groups():
 
 
 @management.route("/groups/<int:group_id>/edit", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def edit_group(group_id):
     group = Group.query.filter_by(id=group_id).first_or_404()
 
@@ -450,7 +450,7 @@ def edit_group(group_id):
 
 @management.route("/groups/<int:group_id>/delete", methods=["POST"])
 @management.route("/groups/delete", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def delete_group(group_id=None):
     if request.is_xhr:
         ids = request.get_json()["ids"]
@@ -495,7 +495,7 @@ def delete_group(group_id=None):
 
 
 @management.route("/groups/add", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def add_group():
     form = AddGroupForm()
     if form.validate_on_submit():
@@ -509,14 +509,14 @@ def add_group():
 
 # Forums and Categories
 @management.route("/forums")
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def forums():
     categories = Category.query.order_by(Category.position.asc()).all()
     return render_template("management/forums.html", categories=categories)
 
 
 @management.route("/forums/<int:forum_id>/edit", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def edit_forum(forum_id):
     forum = Forum.query.filter_by(id=forum_id).first_or_404()
 
@@ -538,7 +538,7 @@ def edit_forum(forum_id):
 
 
 @management.route("/forums/<int:forum_id>/delete", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def delete_forum(forum_id):
     forum = Forum.query.filter_by(id=forum_id).first_or_404()
 
@@ -553,7 +553,7 @@ def delete_forum(forum_id):
 
 @management.route("/forums/add", methods=["GET", "POST"])
 @management.route("/forums/<int:category_id>/add", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def add_forum(category_id=None):
     form = AddForumForm()
 
@@ -572,7 +572,7 @@ def add_forum(category_id=None):
 
 
 @management.route("/category/add", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def add_category():
     form = CategoryForm()
 
@@ -586,7 +586,7 @@ def add_category():
 
 
 @management.route("/category/<int:category_id>/edit", methods=["GET", "POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def edit_category(category_id):
     category = Category.query.filter_by(id=category_id).first_or_404()
 
@@ -602,7 +602,7 @@ def edit_category(category_id):
 
 
 @management.route("/category/<int:category_id>/delete", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def delete_category(category_id):
     category = Category.query.filter_by(id=category_id).first_or_404()
 
@@ -617,14 +617,14 @@ def delete_category(category_id):
 
 # Plugins
 @management.route("/plugins")
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def plugins():
     plugins = get_all_plugins()
     return render_template("management/plugins.html", plugins=plugins)
 
 
 @management.route("/plugins/<path:plugin>/enable", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def enable_plugin(plugin):
     plugin = get_plugin_from_all(plugin)
     if not plugin.enabled:
@@ -656,7 +656,7 @@ def enable_plugin(plugin):
 
 
 @management.route("/plugins/<path:plugin>/disable", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def disable_plugin(plugin):
     try:
         plugin = get_plugin(plugin)
@@ -684,7 +684,7 @@ def disable_plugin(plugin):
 
 
 @management.route("/plugins/<path:plugin>/uninstall", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def uninstall_plugin(plugin):
     plugin = get_plugin_from_all(plugin)
     if plugin.uninstallable:
@@ -699,7 +699,7 @@ def uninstall_plugin(plugin):
 
 
 @management.route("/plugins/<path:plugin>/install", methods=["POST"])
-@allows.requires(IsAdmin())
+@allows.requires(IsAdmin)
 def install_plugin(plugin):
     plugin = get_plugin_from_all(plugin)
     if plugin.installable and not plugin.uninstallable:

flaskbb/utils/requirements.py

@@ -13,27 +13,17 @@ from flaskbb.exceptions import FlaskBBError
 from flaskbb.forum.models import Post, Topic, Forum
 
 
-class IsAuthed(Requirement):
-    def fulfill(self, user, request):
-        return user.is_authenticated()
-
-
-class IsMod(IsAuthed):
-    def fulfill(self, user, request):
-        return (super(IsMod, self).fulfill(user, request) and
-                user.permissions.get('mod'))
-
+class Has(Requirement):
+    def __init__(self, permission):
+        self.permission = permission
 
-class IsSuperMod(IsAuthed):
     def fulfill(self, user, request):
-        return (super(IsSuperMod, self).fulfill(user, request) and
-                user.permissions.get('super_mod'))
+        return user.permissions.get(self.permission, False)
 
 
-class IsAdmin(IsAuthed):
+class IsAuthed(Requirement):
     def fulfill(self, user, request):
-        return (super(IsAdmin, self).fulfill(user, request) and
-                user.permissions.get('admin'))
+        return user.is_authenticated()
 
 
 class IsModeratorInForum(IsAuthed):
@@ -75,14 +65,6 @@ class IsSameUser(IsAuthed):
             raise FlaskBBError
 
 
-class Has(Requirement):
-    def __init__(self, permission):
-        self.permission = permission
-
-    def fulfill(self, user, request):
-        return user.permissions.get(self.permission)
-
-
 class TopicNotLocked(Requirement):
     def fulfill(self, user, request):
         return not self._is_topic_or_forum_locked(request)
@@ -118,9 +100,13 @@ class ForumNotLocked(Requirement):
             return Forum.query.get(view_args['forum_id'])
 
 
-IsAtleastModerator = Or(IsAdmin(), IsSuperMod(), IsMod())
+IsMod = And(IsAuthed(), Has('mod'))
+IsSuperMod = And(IsAuthed(), Has('super_mod'))
+IsAdmin = And(IsAuthed(), Has('admin'))
+
+IsAtleastModerator = Or(IsAdmin, IsSuperMod, IsMod)
 
-IsAtleastSuperModerator = Or(IsAdmin(), IsSuperMod())
+IsAtleastSuperModerator = Or(IsAdmin, IsSuperMod)
 
 CanBanUser = Or(IsAtleastSuperModerator, Has('mod_banuser'))
 

tests/unit/test_requirements.py

@@ -1,51 +1,50 @@
 from flaskbb.utils import requirements as r
 from flaskbb.utils.datastructures import SimpleNamespace
-from flaskbb.user.models import User
 
 
 def test_Fred_IsNotAdmin(Fred):
-    assert not r.IsAdmin().fulfill(Fred, None)
+    assert not r.IsAdmin(Fred, None)
 
 
 def test_IsAdmin_with_admin(admin_user):
-    assert r.IsAdmin().fulfill(admin_user, None)
+    assert r.IsAdmin(admin_user, None)
 
 
 def test_IsAtleastModerator_with_mod(moderator_user):
-    assert r.IsAtleastModerator.fulfill(moderator_user, None)
+    assert r.IsAtleastModerator(moderator_user, None)
 
 
 def test_IsAtleastModerator_with_supermod(super_moderator_user):
-    assert r.IsAtleastModerator.fulfill(super_moderator_user, None)
+    assert r.IsAtleastModerator(super_moderator_user, None)
 
 
 def test_IsAtleastModerator_with_admin(admin_user):
-    assert r.IsAtleastModerator.fulfill(admin_user, None)
+    assert r.IsAtleastModerator(admin_user, None)
 
 
 def test_IsAtleastSuperModerator_with_not_smod(moderator_user):
-    assert not r.IsAtleastSuperModerator.fulfill(moderator_user, None)
+    assert not r.IsAtleastSuperModerator(moderator_user, None)
 
 
 def test_CanBanUser_with_admin(admin_user):
-    assert r.CanBanUser.fulfill(admin_user, None)
+    assert r.CanBanUser(admin_user, None)
 
 
 def test_CanBanUser_with_smod(super_moderator_user):
-    assert r.CanBanUser.fulfill(super_moderator_user, None)
+    assert r.CanBanUser(super_moderator_user, None)
 
 
 def test_CanBanUser_with_mod(moderator_user):
-    assert r.CanBanUser.fulfill(moderator_user, None)
+    assert r.CanBanUser(moderator_user, None)
 
 
 def test_Fred_CannotBanUser(Fred):
-    assert not r.CanBanUser.fulfill(Fred, None)
+    assert not r.CanBanUser(Fred, None)
 
 
 def test_CanEditTopic_with_member(user, topic):
     request = SimpleNamespace(view_args={'topic_id': topic.id})
-    assert r.CanEditPost.fulfill(user, request)
+    assert r.CanEditPost(user, request)
 
 
 def test_Fred_cannot_edit_other_members_post(user, Fred, topic):
@@ -55,30 +54,30 @@ def test_Fred_cannot_edit_other_members_post(user, Fred, topic):
 
 def test_Fred_CannotEditLockedTopic(Fred, topic_locked):
     request = SimpleNamespace(view_args={'topic_id': topic_locked.id})
-    assert not r.CanEditPost.fulfill(Fred, request)
+    assert not r.CanEditPost(Fred, request)
 
 
 def test_Moderator_in_Forum_CanEditLockedTopic(moderator_user, topic_locked):
     request = SimpleNamespace(view_args={'topic_id': topic_locked.id})
-    assert r.CanEditPost.fulfill(moderator_user, request)
+    assert r.CanEditPost(moderator_user, request)
 
 
 def test_FredIsAMod_but_still_cant_edit_topic_in_locked_forum(Fred, topic_locked, default_groups):
     request = SimpleNamespace(view_args={'topic_id': topic_locked.id})
     Fred.primary_group = default_groups[2]
-    assert not r.CanEditPost.fulfill(Fred, request)
+    assert not r.CanEditPost(Fred, request)
 
 
 def test_Fred_cannot_reply_to_locked_topic(Fred, topic_locked):
     request = SimpleNamespace(view_args={'topic_id': topic_locked.id})
-    assert not r.CanPostReply.fulfill(Fred, request)
+    assert not r.CanPostReply(Fred, request)
 
 
 def test_Fred_cannot_delete_others_post(Fred, topic):
     request = SimpleNamespace(view_args={'post_id': topic.first_post.id})
-    assert not r.CanDeletePost.fulfill(Fred, request)
+    assert not r.CanDeletePost(Fred, request)
 
 
 def test_Mod_can_delete_others_post(moderator_user, topic):
     request = SimpleNamespace(view_args={'post_id': topic.first_post.id})
-    assert r.CanDeletePost.fulfill(moderator_user, request)
+    assert r.CanDeletePost(moderator_user, request)