Home Explore Help
Sign In
221V
/
flaskbb
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Locked thread checks moved to permission checking functions - allows moderators to post in locked threads among other thigns Banned users are devoid of any permissions Some permission checking functions changed to take more appropriate parameters

novist 10 years ago
parent
915ab12a8d
commit
e480d6b011
4 changed files with 28 additions and 60 deletions
Split View Show Diff Stats
  1. 10 48
      flaskbb/forum/views.py
  2. 2 2
      flaskbb/templates/forum/topic.html
  3. 1 2
      flaskbb/templates/forum/topic_controls.html
  4. 15 8
      flaskbb/utils/permissions.py

+ 10 - 48
flaskbb/forum/views.py
View File 

@@ -113,15 +113,11 @@ def view_topic(topic_id, slug=None):
 
 
     form = None
 
 
-    if not topic.locked \
 
-        and not topic.forum.locked \
 
-        and can_post_reply(user=current_user,
 
-                           forum=topic.forum):
 
-
 
-            form = QuickreplyForm()
 
-            if form.validate_on_submit():
 
-                post = form.save(current_user, topic)
 
-                return view_post(post.id)
 
+    if can_post_reply(user=current_user, topic=topic):
 
+        form = QuickreplyForm()
 
+        if form.validate_on_submit():
 
+            post = form.save(current_user, topic)
 
+            return view_post(post.id)
 
 
     return render_template("forum/topic.html", topic=topic, posts=posts,
 
                            last_seen=time_diff(), form=form)
 
@@ -147,14 +143,8 @@ def view_post(post_id):
 
 def new_topic(forum_id, slug=None):
 
     forum = Forum.query.filter_by(id=forum_id).first_or_404()
 
 
-    if forum.locked:
 
-        flash("This forum is locked; you cannot submit new topics or posts.",
 
-              "danger")
 
-        return redirect(forum.url)
 
-
 
     if not can_post_topic(user=current_user, forum=forum):
 
-        flash("You do not have the permissions to create a new topic.",
 
-              "danger")
 
+        flash("You do not have the permissions to create a new topic.", "danger")
 
         return redirect(forum.url)
 
 
     form = NewTopicForm()
 
@@ -270,17 +260,8 @@ def merge_topic(old_id, new_id, old_slug=None, new_slug=None):
 
 def new_post(topic_id, slug=None):
 
     topic = Topic.query.filter_by(id=topic_id).first_or_404()
 
 
-    if topic.forum.locked:
 
-        flash("This forum is locked; you cannot submit new topics or posts.",
 
-              "danger")
 
-        return redirect(topic.forum.url)
 
-
 
-    if topic.locked:
 
-        flash("The topic is locked.", "danger")
 
-        return redirect(topic.forum.url)
 
-
 
-    if not can_post_reply(user=current_user, forum=topic.forum):
 
-        flash("You do not have the permissions to delete the topic", "danger")
 
+    if not can_post_reply(user=current_user, topic=topic):
 
+        flash("You do not have the permissions to post here", "danger")
 
         return redirect(topic.forum.url)
 
 
     form = ReplyForm()
 
@@ -300,16 +281,7 @@ def reply_post(topic_id, post_id):
 
     topic = Topic.query.filter_by(id=topic_id).first_or_404()
 
     post = Post.query.filter_by(id=post_id).first_or_404()
 
 
-    if post.topic.forum.locked:
 
-        flash("This forum is locked; you cannot submit new topics or posts.",
 
-              "danger")
 
-        return redirect(post.topic.forum.url)
 
-
 
-    if post.topic.locked:
 
-        flash("The topic is locked.", "danger")
 
-        return redirect(post.topic.forum.url)
 
-
 
-    if not can_post_reply(user=current_user, forum=topic.forum):
 
+    if not can_post_reply(user=current_user, topic=topic):
 
         flash("You do not have the permissions to post in this topic", "danger")
 
         return redirect(topic.forum.url)
 
 
@@ -331,17 +303,7 @@ def reply_post(topic_id, post_id):
 
 def edit_post(post_id):
 
     post = Post.query.filter_by(id=post_id).first_or_404()
 
 
-    if post.topic.forum.locked:
 
-        flash("This forum is locked; you cannot submit new topics or posts.",
 
-              "danger")
 
-        return redirect(post.topic.forum.url)
 
-
 
-    if post.topic.locked:
 
-        flash("The topic is locked.", "danger")
 
-        return redirect(post.topic.forum.url)
 
-
 
-    if not can_edit_post(user=current_user, forum=post.topic.forum,
 
-                         post_user_id=post.user_id):
 
+    if not can_edit_post(user=current_user, post=post):
 
         flash("You do not have the permissions to edit this post", "danger")
 
         return redirect(post.topic.url)

+ 2 - 2
flaskbb/templates/forum/topic.html
View File 

@@ -116,7 +116,7 @@
 
                         Report
 
                     </a> |
 
                     {% endif %}
 
-                    {% if current_user|edit_post(post.user_id, topic.forum) %}
 
+                    {% if current_user|edit_post(post) %}
 
                     <a href="{{ url_for('forum.edit_post', post_id=post.id) }}">Edit</a> |
 
                     {% endif %}
 
                     {% if topic.first_post_id == post.id %}
 
@@ -128,7 +128,7 @@
 
                         <a href="{{ url_for('forum.delete_post', post_id=post.id) }}">Delete</a> |
 
                         {% endif %}
 
                     {% endif %}
 
-                    {% if current_user|post_reply(topic.forum) and not (topic.locked or topic.forum.locked) %}
 
+                    {% if current_user|post_reply(topic) %}
 
                         <!-- Quick quote -->
 
                         <a href="#" class="quote_btn" data-post-id="pid{{ post.id }}">Quote</a> |
 
                         <!-- Full quote/reply -->

+ 1 - 2
flaskbb/templates/forum/topic_controls.html
View File 

@@ -1,4 +1,3 @@
 
-
 
 <div class="pull-left" style="padding-bottom: 10px">
 
     {{ render_pagination(posts, topic.url) }}
 
 </div> <!-- end span pagination -->
 
@@ -35,7 +34,7 @@
 
         </a>
 
         {% endif %}
 
 
-        {% if current_user|post_reply(topic.forum) and not (topic.locked or topic.forum.locked) %}
 
+        {% if current_user|post_reply(topic) %}
 
         <a href="{{ url_for('forum.new_post', topic_id=topic.id, slug=topic.slug) }}" class="btn btn-primary">
 
             <span class="fa fa-pencil"></span> Reply
 
         </a>

+ 15 - 8
flaskbb/utils/permissions.py
View File 

@@ -29,7 +29,7 @@ def check_perm(user, perm, forum, post_user_id=None):
 
         return True
 
     if post_user_id and user.is_authenticated():
 
         return user.permissions[perm] and user.id == post_user_id
 
-    return user.permissions[perm]
 
+    return not user.permissions['banned'] and user.permissions[perm]
 
 
 
 def is_moderator(user):
 
@@ -92,11 +92,15 @@ def can_moderate(user, forum=None, perm=None):
 
     return user.permissions['super_mod'] or user.permissions['admin']
 
 
 
-def can_edit_post(user, post_user_id, forum):
 
+def can_edit_post(user, post):
 
     """Check if the post can be edited by the user"""
 
-
 
-    return check_perm(user=user, perm='editpost', forum=forum,
 
-                      post_user_id=post_user_id)
 
+    topic = post.topic
 
+    if can_moderate(user, topic.forum):
 
+        return True
 
+    if topic.locked or topic.forum.locked:
 
+        return False
 
+    return check_perm(user=user, perm='editpost', forum=post.topic.forum,
 
+                      post_user_id=post.user_id)
 
 
 
 def can_delete_post(user, post_user_id, forum):
 
@@ -113,10 +117,13 @@ def can_delete_topic(user, post_user_id, forum):
 
                       post_user_id=post_user_id)
 
 
 
-def can_post_reply(user, forum):
 
+def can_post_reply(user, topic):
 
     """Check if the user is allowed to post in the forum"""
 
-
 
-    return check_perm(user=user, perm='postreply', forum=forum)
 
+    if can_moderate(user, topic.forum):
 
+        return True
 
+    if topic.locked or topic.forum.locked:
 
+        return False
 
+    return check_perm(user=user, perm='postreply', forum=topic.forum)
 
 
 
 def can_post_topic(user, forum):