summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--apioforum/__init__.py2
-rw-r--r--apioforum/forum.py42
-rw-r--r--apioforum/roles.py9
-rw-r--r--apioforum/templates/view_forum.html10
4 files changed, 49 insertions, 14 deletions
diff --git a/apioforum/__init__.py b/apioforum/__init__.py
index 30dd813..7c99c0c 100644
--- a/apioforum/__init__.py
+++ b/apioforum/__init__.py
@@ -48,6 +48,8 @@ def create_app():
return dict(path_for_next=p)
app.jinja_env.globals.update(forum_path=forum.forum_path)
+ from .roles import has_permission, is_bureaucrat,
+ app.jinja_env.globals.update(has_permission=has_permission,is_bureaucrat=is_bureaucrat)
from .mdrender import render
@app.template_filter('md')
diff --git a/apioforum/forum.py b/apioforum/forum.py
index ed7e2b7..5c6f5bf 100644
--- a/apioforum/forum.py
+++ b/apioforum/forum.py
@@ -8,8 +8,7 @@ from flask import (
from .db import get_db
from .mdrender import render
-from .roles import get_forum_roles
-from .roles import permissions as role_permissions
+from .roles import get_forum_roles,has_permission,is_bureaucrat
from sqlite3 import OperationalError
import datetime
@@ -32,10 +31,30 @@ def forum_path(forum_id):
ancestors.reverse()
return ancestors
-@bp.route("/<int:forum_id>")
-def view_forum(forum_id):
+def forum_route(relative_path, **kwargs):
+ def decorator(f):
+ path = "/<int:forum_id>"
+ if relative_path != "":
+ path += "/" + relative_path
+
+ @bp.route(path, **kwargs)
+ def wrapper(forum_id, *args, **kwargs):
+ db = get_db()
+ forum = db.execute("SELECT * FROM forums WHERE id = ?",
+ (forum_id,)).fetchone()
+ if forum == None:
+ abort(404)
+ return f(forum, *args, **kwargs)
+
+def requires_permission(permission):
+ def decorator(f):
+ def wrapper(forum, *args, **kwargs):
+ if not has_permission(forum['id'], g.user, permission):
+ abort(403)
+
+@forum_route("")
+def view_forum(forum):
db = get_db()
- forum = db.execute("SELECT * FROM forums WHERE id = ?",(forum_id,)).fetchone()
threads = db.execute(
"""SELECT
threads.id, threads.title, threads.creator, threads.created,
@@ -49,7 +68,7 @@ def view_forum(forum_id):
INNER JOIN number_of_posts ON number_of_posts.thread = threads.id
WHERE threads.forum = ?
ORDER BY threads.updated DESC;
- """,(forum_id,)).fetchall()
+ """,(forum['id'],)).fetchall()
thread_tags = {}
#todo: somehow optimise this
for thread in threads:
@@ -66,7 +85,7 @@ def view_forum(forum_id):
WHERE parent = ?
GROUP BY forums.id
ORDER BY name ASC
- """,(forum_id,)).fetchall()
+ """,(forum['id'],)).fetchall()
subforums = []
for s in subforums_rows:
a={}
@@ -75,7 +94,6 @@ def view_forum(forum_id):
a['updated'] = datetime.datetime.fromisoformat(a['updated'])
subforums.append(a)
-
return render_template("view_forum.html",
forum=forum,
subforums=subforums,
@@ -83,10 +101,10 @@ def view_forum(forum_id):
thread_tags=thread_tags,
)
-@bp.route("/<int:forum_id>/create_thread",methods=("GET","POST"))
-def create_thread(forum_id):
+@forum_route("create_thread",methods=("GET","POST"))
+def create_thread(forum):
db = get_db()
- forum = db.execute("SELECT * FROM forums WHERE id = ?",(forum_id,)).fetchone()
+ forum = db.execute("SELECT * FROM forums WHERE id = ?",(forum['id'],)).fetchone()
if forum is None:
flash("that forum doesn't exist")
return redirect(url_for('index'))
@@ -106,7 +124,7 @@ def create_thread(forum_id):
cur = db.cursor()
cur.execute(
"INSERT INTO threads (title,creator,created,updated,forum) VALUES (?,?,current_timestamp,current_timestamp,?);",
- (title,g.user,forum_id)
+ (title,g.user,forum['id'])
)
thread_id = cur.lastrowid
cur.execute(
diff --git a/apioforum/roles.py b/apioforum/roles.py
index ae193a7..ab273c8 100644
--- a/apioforum/roles.py
+++ b/apioforum/roles.py
@@ -65,3 +65,12 @@ def get_forum_roles(forum_id):
SELECT * FROM role_config WHERE forum = ?
""",(a['id'],)).fetchall()
return set(r['role'] for r in configs)
+
+def has_permission(forum_id, user, permission):
+ role = get_user_role(forum_id, user) if user != None else "other"
+ config = get_role_config(forum_id, role)
+ return config[permission]
+
+def is_bureaucrat(forum_id, user):
+ if user == None: return False
+ return get_user_role(forum_id, user) == "bureaucrat"
diff --git a/apioforum/templates/view_forum.html b/apioforum/templates/view_forum.html
index d3d09e1..98d2110 100644
--- a/apioforum/templates/view_forum.html
+++ b/apioforum/templates/view_forum.html
@@ -8,10 +8,11 @@
{%endblock%}
{%block content%}
-{% if forum.description %}
{{forum.description|md|safe}}
-<hr/>
+{% if is_bureaucrat(forum.id, g.user) %}
+ <p><a class="actionbutton" href="{{url_for('forum.edit_roles')}}">role/permission settings</a></p>
{% endif %}
+<hr/>
{% if subforums %}
<h2>subforæ</h2>
@@ -43,6 +44,8 @@
{% else %}
<p>please log in to create a new thread</p>
{% endif %}
+
+{% if has_permission(forum.id, g.user, "p_view_threads") %}
<div class="thread-list">
{%for thread in threads%}
<div class="listing">
@@ -80,5 +83,8 @@
</div>
{%endfor%}
</div>
+{% else %}
+<p>you do not have permission to view threads in this forum</p>
+{% endif %}
{%endblock%}