PCv5/app/templates/widgets/thread.html

{% import "widgets/user.html" as widget_user %}
{% import "widgets/attachments.html" as widget_attachments %}

{% macro thread(comments, top_comment) %}
<table class="thread {{ 'topcomment' if top_comment == None else ''}} ">
{% if top_comment == None %}
    <tr></tr>
{% endif %}
{% for c in comments %}
    {% if c != top_comment %}
    <tr id="{{ c.id }}">
        <td class="author">{{ widget_user.profile(c.author) }}</td>
        <td class="message">
            <div class="info">
                <div>Posté le <a href="{{ request.path }}#{{ c.id }}">{{ c.date_created | dyndate }}</a></div>
                {% if c.date_created != c.date_modified %}
                    <div>Modifié le <a href="{{ request.path }}#{{ c.id }}">{{ c.date_modified | dyndate }}</a></div>
                {% endif %}

                {# TODO: Let guests edit their posts #}
                {% set can_edit   = current_user.is_authenticated and current_user.can_edit_post(c) %}
                {% set can_delete = current_user.is_authenticated and current_user.can_delete_post(c) %}
                {% set can_punish = current_user.is_authenticated and current_user.priv("delete.posts") %}

                {% if can_edit or can_delete or can_punish %}
                <details>
                    <summary><b>⋮</b></summary>
                    <div class='context-menu'>
                        {% if can_edit %}
                            <a href="{{ url_for('edit_post', postid=c.id, r=request.path) }}">Modifier</a>
                        {% endif %}
                        {% if can_punish %}
                            <a href="{{ url_for('delete_post', postid=c.id, penalty=False, csrf_token=csrf_token()) }}" onclick="return confirm('Le message sera supprimé.')">Supprimer (normal)</a>
                            <a href="{{ url_for('delete_post', postid=c.id, penalty=True, csrf_token=csrf_token()) }}" onclick="return confirm('Le message sera supprimé avec pénalité d\'XP.')">Supprimer (pénalité)</a>
                        {% elif can_delete %}
                            <a href="{{ url_for('delete_post', postid=c.id, penalty=False, csrf_token=csrf_token()) }}" onclick="return confirm('Le message sera supprimé !')">Supprimer</a>
                        {% endif %}
                    </div>
                </details>
                {% endif %}
            </div>

            {{ c.text|md }}

            {{ widget_attachments.attachments(c) }}

            {% if c.author.signature %}
              <hr class="signature">
              {{ c.author.signature|md }}
            {% endif %}
        </td>
    </tr>
    {% elif loop.index0 != 0 %}
    <tr id="{{ c.id }}">
        <div>Ce message est le top comment</div>
    </tr>
    {% endif %}
    </tr>
{% endfor %}
</table>
{% endmacro %}
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`{% import "widgets/user.html" as widget_user %}`
			`{% import "widgets/attachments.html" as widget_attachments %}`

thread: use the thread widget for top comments This allows the top comment to be permalinked and edited as any comment, following the intent of pinning normal comments to the top. 2020-10-31 15:33:29 +01:00			`{% macro thread(comments, top_comment) %}`
			`<table class="thread {{ 'topcomment' if top_comment == None else ''}} ">`
forum: minor improvements to thread display 2021-07-12 15:18:54 +02:00			`{% if top_comment == None %}`
			`<tr></tr>`
			`{% endif %}`
thread: use the thread widget for top comments This allows the top comment to be permalinked and edited as any comment, following the intent of pinning normal comments to the top. 2020-10-31 15:33:29 +01:00			`{% for c in comments %}`
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`{% if c != top_comment %}`
forum: minor improvements to thread display 2021-07-12 15:18:54 +02:00			`<tr id="{{ c.id }}">`
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`<td class="author">{{ widget_user.profile(c.author) }}</td>`
forum: random improvements to overflows on the forum * Wrap long usernames * Prevent images from overflowing to the right 2021-03-05 13:52:55 +01:00			`<td class="message">`
threads: improve layout and flow of messages * When there is enough space, put links and date on the right * On small screens, compact profile information * On small screens, leave links and date on the right to maximize message width 2020-10-31 15:15:44 +01:00			`<div class="info">`
forum: replace comment action links with contextual menu The menu works with HTML/CSS only, and JS support will also allow closing it by clicking outside of it (instead of closing allow when clicking on the menu icon again). 2021-07-10 21:43:41 +02:00			`<div>Posté le <a href="{{ request.path }}#{{ c.id }}">{{ c.date_created \| dyndate }}</a></div>`
threads: improve layout and flow of messages * When there is enough space, put links and date on the right * On small screens, compact profile information * On small screens, leave links and date on the right to maximize message width 2020-10-31 15:15:44 +01:00			`{% if c.date_created != c.date_modified %}`
forum: replace comment action links with contextual menu The menu works with HTML/CSS only, and JS support will also allow closing it by clicking outside of it (instead of closing allow when clicking on the menu icon again). 2021-07-10 21:43:41 +02:00			`<div>Modifié le <a href="{{ request.path }}#{{ c.id }}">{{ c.date_modified \| dyndate }}</a></div>`
threads: improve layout and flow of messages * When there is enough space, put links and date on the right * On small screens, compact profile information * On small screens, leave links and date on the right to maximize message width 2020-10-31 15:15:44 +01:00			`{% endif %}`
forum: replace comment action links with contextual menu The menu works with HTML/CSS only, and JS support will also allow closing it by clicking outside of it (instead of closing allow when clicking on the menu icon again). 2021-07-10 21:43:41 +02:00
review of privileges and forum permissions * Sorted privileges into categories, similar to the v4.3 style Added privilege check utilities: * Forum: is_news(), is_default_accessible() and is_default_postable() * Member: can_access_forum(), can_post_in_forum(), can_edit_post(), and can_delete_post() Unfortunately current_user is not a Guest when logged out, so one cannot usually write current_user.can_() without checking for authentication first, so the checks are still somewhat verbose. Reviewed forum permissions; the following permission issues have been fixed (I have tested most but not all of them prior to fixing): app/routes/forum/index.py: Users that were not meant to access a forum could still obtain a listing of the topics * app/routes/forum/topic.py: Users that were not meant to see topics could still read them by browsing the URL * app/routes/forum/topic.py: Authenticated users could post in any topic, including ones that they should not have access to * app/routes/posts/edit.py: Users with edit.posts (eg. mods) could edit and delete messages in forums they can't access (eg. creativecalc) * app/templates/account/user.html: Users with admin panel access would see account editing links they can't use (affects developers) * app/templates/base/navbar/forum.html: The "Forum" tab would list all forums including ones the user doesn't have access to * app/templates/forum/index.html: Users would see every single forum, including ones they can't access * app/template/widgets/thread.html: Anyone would see Edit/Delete links on every message, even though most were unusable Miscellaneous changes: * app/routes/forum/topic.py: Ordered comments by date as intended, which I assume worked by chance until now * Removed the old assets/privs.txt files which is now superseded by the list implemented in app/data/groups.yaml This commit changes group and forum information, run master.py with: @> forums update @> groups update 2021-02-26 18:29:25 +01:00			`{# TODO: Let guests edit their posts #}`
forum: replace comment action links with contextual menu The menu works with HTML/CSS only, and JS support will also allow closing it by clicking outside of it (instead of closing allow when clicking on the menu icon again). 2021-07-10 21:43:41 +02:00			`{% set can_edit = current_user.is_authenticated and current_user.can_edit_post(c) %}`
			`{% set can_delete = current_user.is_authenticated and current_user.can_delete_post(c) %}`
			`{% set can_punish = current_user.is_authenticated and current_user.priv("delete.posts") %}`

			`{% if can_edit or can_delete or can_punish %}`
			`<details>`
			`<summary><b>⋮</b></summary>`
			`<div class='context-menu'>`
			`{% if can_edit %}`
			`<a href="{{ url_for('edit_post', postid=c.id, r=request.path) }}">Modifier</a>`
			`{% endif %}`
			`{% if can_punish %}`
			`<a href="{{ url_for('delete_post', postid=c.id, penalty=False, csrf_token=csrf_token()) }}" onclick="return confirm('Le message sera supprimé.')">Supprimer (normal)</a>`
			`<a href="{{ url_for('delete_post', postid=c.id, penalty=True, csrf_token=csrf_token()) }}" onclick="return confirm('Le message sera supprimé avec pénalité d\'XP.')">Supprimer (pénalité)</a>`
			`{% elif can_delete %}`
			`<a href="{{ url_for('delete_post', postid=c.id, penalty=False, csrf_token=csrf_token()) }}" onclick="return confirm('Le message sera supprimé !')">Supprimer</a>`
			`{% endif %}`
			`</div>`
			`</details>`
review of privileges and forum permissions * Sorted privileges into categories, similar to the v4.3 style Added privilege check utilities: * Forum: is_news(), is_default_accessible() and is_default_postable() * Member: can_access_forum(), can_post_in_forum(), can_edit_post(), and can_delete_post() Unfortunately current_user is not a Guest when logged out, so one cannot usually write current_user.can_() without checking for authentication first, so the checks are still somewhat verbose. Reviewed forum permissions; the following permission issues have been fixed (I have tested most but not all of them prior to fixing): app/routes/forum/index.py: Users that were not meant to access a forum could still obtain a listing of the topics * app/routes/forum/topic.py: Users that were not meant to see topics could still read them by browsing the URL * app/routes/forum/topic.py: Authenticated users could post in any topic, including ones that they should not have access to * app/routes/posts/edit.py: Users with edit.posts (eg. mods) could edit and delete messages in forums they can't access (eg. creativecalc) * app/templates/account/user.html: Users with admin panel access would see account editing links they can't use (affects developers) * app/templates/base/navbar/forum.html: The "Forum" tab would list all forums including ones the user doesn't have access to * app/templates/forum/index.html: Users would see every single forum, including ones they can't access * app/template/widgets/thread.html: Anyone would see Edit/Delete links on every message, even though most were unusable Miscellaneous changes: * app/routes/forum/topic.py: Ordered comments by date as intended, which I assume worked by chance until now * Removed the old assets/privs.txt files which is now superseded by the list implemented in app/data/groups.yaml This commit changes group and forum information, run master.py with: @> forums update @> groups update 2021-02-26 18:29:25 +01:00			`{% endif %}`
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`</div>`
templates: added <hr> separation between comment and signature 2020-09-26 12:31:17 +02:00
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`{{ c.text\|md }}`
templates: added <hr> separation between comment and signature 2020-09-26 12:31:17 +02:00
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`{{ widget_attachments.attachments(c) }}`
templates: added <hr> separation between comment and signature 2020-09-26 12:31:17 +02:00
Vérification de l'existence d'une signature pour l'afficher 2021-02-21 12:15:29 +01:00			`{% if c.author.signature %}`
			`<hr class="signature">`
threads: hide signature delimiter if there is no signature 2020-10-31 10:11:07 +01:00			`{{ c.author.signature\|md }}`
			`{% endif %}`
threads: fix misplaced </td> in template 2020-11-01 15:59:07 +01:00			`</td>`
forum: minor improvements to thread display 2021-07-12 15:18:54 +02:00			`</tr>`
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`{% elif loop.index0 != 0 %}`
forum: minor improvements to thread display 2021-07-12 15:18:54 +02:00			`<tr id="{{ c.id }}">`
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`<div>Ce message est le top comment</div>`
forum: minor improvements to thread display 2021-07-12 15:18:54 +02:00			`</tr>`
templates: added a widget for threads It will be used for program comments, etc. 2020-09-26 11:56:07 +02:00			`{% endif %}`
			`</tr>`
			`{% endfor %}`
			`</table>`
			`{% endmacro %}`