This has been an update to clean out the code a little bit. The primary change
I made was I added the method has_privilege (which takes a variable amount of unicode privilege names as an argument) to the User model. This method allowed for much cleaner checks as to whether or not a user has a privilege. Other- wise, I also made it impossible for moderators to punish admins. I created a new url path and three new pages for Users to look at filed reports and the code of conduct for the mg instance. === Made reports on admins not resolvable by moderators: --\ mediagoblin/moderation/views.py --\ mediagoblin/templates/mediagoblin/moderation/report.html === Created new files for the new pages: --\ mediagoblin/meta/__init__.py --\ mediagoblin/meta/routing.py --\ mediagoblin/meta/views.py --\ mediagoblin/templates/mediagoblin/meta/code_of_conduct.html --\ mediagoblin/templates/mediagoblin/meta/reports_details.html --\ mediagoblin/templates/mediagoblin/meta/reports_panel.html --\ mediagoblin/routing.py --\ mediagoblin/static/css/base.css === Replaced vestigial methods of checking a user's privilege with the more ====== effective method has_privilege(u'privilege_name'): --\ mediagoblin/db/models.py --| Added in the has_privilege method to the User class --\ mediagoblin/db/migrations.py --\ mediagoblin/db/models.py --\ mediagoblin/decorators.py --\ mediagoblin/edit/lib.py --\ mediagoblin/edit/views.py --\ mediagoblin/gmg_commands/users.py --\ mediagoblin/moderation/views.py --\ mediagoblin/templates/mediagoblin/base.html --\ mediagoblin/templates/mediagoblin/user_pages/collection.html --\ mediagoblin/templates/mediagoblin/user_pages/media.html --\ mediagoblin/templates/mediagoblin/user_pages/user.html --\ mediagoblin/templates/mediagoblin/utils/collection_gallery.html --\ mediagoblin/user_pages/views.py === Minor UI changes --\ mediagoblin/templates/mediagoblin/moderation/report_panel.html --\ mediagoblin/templates/mediagoblin/moderation/user.html === Other Bugs: --\ mediagoblin/tools/response.py --\ mediagoblin/db/migrations.py
This commit is contained in:
tilly-Q
@@ -19,6 +19,6 @@ def may_edit_media(request, media):
|
||||
"""Check, if the request's user may edit the media details"""
|
||||
if media.uploader == request.user.id:
|
||||
return True
|
||||
if request.user.is_admin:
|
||||
if request.user.has_privilege(u'admin'):
|
||||
return True
|
||||
return False
|
||||
|
||||
@@ -83,7 +83,7 @@ def edit_media(request, media):
|
||||
|
||||
return redirect_obj(request, media)
|
||||
|
||||
if request.user.is_admin \
|
||||
if request.user.has_privilege(u'admin') \
|
||||
and media.uploader != request.user.id \
|
||||
and request.method != 'POST':
|
||||
messages.add_message(
|
||||
@@ -184,7 +184,7 @@ def legacy_edit_profile(request):
|
||||
def edit_profile(request, url_user=None):
|
||||
# admins may edit any user profile
|
||||
if request.user.username != url_user.username:
|
||||
if not request.user.is_admin:
|
||||
if not request.user.has_privilege(u'admin'):
|
||||
raise Forbidden(_("You can only edit your own profile."))
|
||||
|
||||
# No need to warn again if admin just submitted an edited profile
|
||||
@@ -326,7 +326,7 @@ def edit_collection(request, collection):
|
||||
|
||||
return redirect_obj(request, collection)
|
||||
|
||||
if request.user.is_admin \
|
||||
if request.user.has_privilege(u'admin') \
|
||||
and collection.creator != request.user.id \
|
||||
and request.method != 'POST':
|
||||
messages.add_message(
|
||||
|
||||
Reference in New Issue
Block a user