diff options
-rw-r--r-- | apioforum/roles.py | 5 | ||||
-rw-r--r-- | apioforum/templates/view_forum.html | 2 | ||||
-rw-r--r-- | apioforum/thread.py | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/apioforum/roles.py b/apioforum/roles.py index ae47e31..1e9b206 100644 --- a/apioforum/roles.py +++ b/apioforum/roles.py @@ -72,8 +72,9 @@ def get_forum_roles(forum_id): """,(a['id'],)).fetchall() return set(r['role'] for r in configs) -def has_permission(forum_id, user, permission): - role = get_user_role(forum_id, user) if user != None else "other" +def has_permission(forum_id, user, permission, login_required=True): + if user == None and login_required: return False + role = get_user_role(forum_id, user) if user else "other" if role == "bureaucrat": return True config = get_role_config(forum_id, role) return config[permission] diff --git a/apioforum/templates/view_forum.html b/apioforum/templates/view_forum.html index ff1af9b..a4ffac6 100644 --- a/apioforum/templates/view_forum.html +++ b/apioforum/templates/view_forum.html @@ -76,7 +76,7 @@ please log in to create a new thread {% endif %} -{% if has_permission(forum.id, g.user, "p_view_threads") %} +{% if has_permission(forum.id, g.user, "p_view_threads", login_required=False) %} <div class="thread-list"> {%for thread in threads%} <div class="listing"> diff --git a/apioforum/thread.py b/apioforum/thread.py index 0b0804e..a3a122a 100644 --- a/apioforum/thread.py +++ b/apioforum/thread.py @@ -21,7 +21,7 @@ def view_thread(thread_id): thread = db.execute("SELECT * FROM threads WHERE id = ?;",(thread_id,)).fetchone() if thread is None: abort(404) - if not has_permission(thread['forum'], g.user, "p_view_threads"): + if not has_permission(thread['forum'], g.user, "p_view_threads", False): abort(403) posts = db.execute(""" SELECT * FROM posts |