Moved the permission checks in a new file

flaskbb/app.py

@@ -24,13 +24,17 @@ from flaskbb.auth.views import auth
 from flaskbb.admin.views import admin
 # Import the forum blueprint
 from flaskbb.forum.views import forum
-
-from flaskbb.extensions import (db, login_manager, mail, cache, redis,
-                                debugtoolbar, migrate, themes)
+# extenesions
+from flaskbb.extensions import db, login_manager, mail, cache, redis, \
+    debugtoolbar, migrate, themes
+# various helpers
 from flaskbb.utils.helpers import format_date, time_since, crop_title, \
-    can_post_reply, can_post_topic, can_delete_topic, can_delete_post, \
-    is_online, can_edit_post, can_lock_topic, can_move_topic, render_markup, \
-    mark_online, forum_is_unread, topic_is_unread, render_template
+    is_online, render_markup, mark_online, forum_is_unread, topic_is_unread, \
+    render_template
+# permission checks (here they are used for the jinja filters)
+from flaskbb.utils.permissions import can_post_reply, can_post_topic, \
+    can_delete_topic, can_delete_post, can_edit_post, can_lock_topic, \
+    can_move_topic, can_moderate
 
 
 def create_app(config=None):

flaskbb/forum/views.py

@@ -17,10 +17,11 @@ from flask import (Blueprint, redirect, url_for, current_app,
 from flask.ext.login import login_required, current_user
 
 from flaskbb.extensions import db
-from flaskbb.utils.helpers import (can_post_reply, can_delete_topic,
-                                   can_edit_post, can_post_topic,
-                                   can_delete_post, can_lock_topic,
-                                   get_online_users, time_diff, render_template)
+from flaskbb.utils.helpers import get_online_users, time_diff, render_template
+from flaskbb.utils.permissions import (can_post_reply, can_post_topic,
+                                       can_delete_topic, can_delete_post,
+                                       can_edit_post, can_lock_topic,
+                                       can_move_topic)
 from flaskbb.forum.models import (Category, Forum, Topic, Post, ForumsRead,
                                   TopicsRead)
 from flaskbb.forum.forms import QuickreplyForm, ReplyForm, NewTopicForm

flaskbb/utils/helpers.py

@@ -177,83 +177,6 @@ def get_online_users(guest=False):
                          for x in minutes])
 
 
-def check_perm(user, perm, forum, post_user_id=None):
-    """Checks if the `user` has a specified `perm` in the `forum`
-    If post_user_id is provided, it will also check if the user
-    has created the post
-
-    :param user: The user for whom we should check the permission
-
-    :param perm: The permission. You can find a full list of available
-                 permissions here: <INSERT LINK TO DOCS>
-
-    :param forum: The forum where we should check the permission against
-
-    :param post_user_id: If post_user_id is given, it will also perform an
-                         check if the user is the owner of this topic or post.
-    """
-    if can_moderate(user, forum):
-        return True
-    if post_user_id and user.is_authenticated():
-        return user.permissions[perm] and user.id == post_user_id
-    return user.permissions[perm]
-
-
-def can_moderate(user, forum):
-    """Checks if a user can moderate a forum
-    He needs to be super moderator or a moderator of the
-    specified forum
-    """
-    if user.permissions['mod'] and user.id in forum.moderators:
-        return True
-    return user.permissions['super_mod'] or user.permissions['admin']
-
-
-def can_edit_post(user, post_user_id, forum):
-    """Check if the post can be edited by the user"""
-
-    return check_perm(user=user, perm='editpost', forum=forum,
-                      post_user_id=post_user_id)
-
-
-def can_delete_post(user, post_user_id, forum):
-    """Check if the post can be deleted by the user"""
-
-    return check_perm(user=user, perm='deletepost', forum=forum,
-                      post_user_id=post_user_id)
-
-
-def can_delete_topic(user, post_user_id, forum):
-    """Check if the topic can be deleted by the user"""
-
-    return check_perm(user=user, perm='deletetopic', forum=forum,
-                      post_user_id=post_user_id)
-
-
-def can_lock_topic(user, forum):
-    """ Check if the user is allowed to lock a topic in the forum"""
-
-    return check_perm(user=user, perm='locktopic', forum=forum)
-
-
-def can_move_topic(user, forum):
-    """Check if the user is allowed to move a topic in the forum"""
-
-    return check_perm(user=user, perm='movetopic', forum=forum)
-
-
-def can_post_reply(user, forum):
-    """Check if the user is allowed to post in the forum"""
-
-    return check_perm(user=user, perm='postreply', forum=forum)
-
-
-def can_post_topic(user, forum):
-    """Checks if the user is allowed to create a new topic in the forum"""
-
-    return check_perm(user=user, perm='posttopic', forum=forum)
-
-
 def crop_title(title):
     """Crops the title to a specified length
 

flaskbb/utils/permissions.py

@@ -0,0 +1,91 @@
+# -*- coding: utf-8 -*-
+"""
+    flaskbb.utils.permissions
+    ~~~~~~~~~~~~~~~~~~~~~~~~~
+
+    A place for all permission checks
+
+    :copyright: (c) 2014 by the FlaskBB Team.
+    :license: BSD, see LICENSE for more details.
+"""
+
+
+def check_perm(user, perm, forum, post_user_id=None):
+    """Checks if the `user` has a specified `perm` in the `forum`
+    If post_user_id is provided, it will also check if the user
+    has created the post
+
+    :param user: The user for whom we should check the permission
+
+    :param perm: The permission. You can find a full list of available
+                 permissions here: <INSERT LINK TO DOCS>
+
+    :param forum: The forum where we should check the permission against
+
+    :param post_user_id: If post_user_id is given, it will also perform an
+                         check if the user is the owner of this topic or post.
+    """
+    if can_moderate(user, forum):
+        return True
+    if post_user_id and user.is_authenticated():
+        return user.permissions[perm] and user.id == post_user_id
+    return user.permissions[perm]
+
+
+def can_moderate(user, forum):
+    """Checks if a user can moderate a forum
+    He needs to be super moderator or a moderator of the
+    specified forum
+
+    :param user: The user for whom we should check the permission.
+
+    :param forum: The forum that should be checked.
+    """
+    if user.permissions['mod'] and user in forum.moderators:
+        return True
+    return user.permissions['super_mod'] or user.permissions['admin']
+
+
+def can_edit_post(user, post_user_id, forum):
+    """Check if the post can be edited by the user"""
+
+    return check_perm(user=user, perm='editpost', forum=forum,
+                      post_user_id=post_user_id)
+
+
+def can_delete_post(user, post_user_id, forum):
+    """Check if the post can be deleted by the user"""
+
+    return check_perm(user=user, perm='deletepost', forum=forum,
+                      post_user_id=post_user_id)
+
+
+def can_delete_topic(user, post_user_id, forum):
+    """Check if the topic can be deleted by the user"""
+
+    return check_perm(user=user, perm='deletetopic', forum=forum,
+                      post_user_id=post_user_id)
+
+
+def can_lock_topic(user, forum):
+    """ Check if the user is allowed to lock a topic in the forum"""
+
+    return check_perm(user=user, perm='locktopic', forum=forum)
+
+
+def can_move_topic(user, forum):
+    """Check if the user is allowed to move a topic in the forum"""
+
+    return check_perm(user=user, perm='movetopic', forum=forum)
+
+
+def can_post_reply(user, forum):
+    """Check if the user is allowed to post in the forum"""
+
+    return check_perm(user=user, perm='postreply', forum=forum)
+
+
+def can_post_topic(user, forum):
+    """Checks if the user is allowed to create a new topic in the forum"""
+
+    return check_perm(user=user, perm='posttopic', forum=forum)