Tituya
/
PCv5
forked from devs/PCv5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
La version 5 de Planète Casio. Regroupe le forum, les programmes, les tutoriel, les sprites et tous les autres outils développés par nos soins.
438 Commits 3 Branches 0 Tags 20 MiB
Python 59.7%
HTML 24.1%
CSS 12%
JavaScript 3.9%
Mako 0.2%
Go to file
Lephe 6f98cba65e
review of privileges and forum permissions 
* Sorted privileges into categories, similar to the v4.3 style

Added privilege check utilities:
* Forum: is_news(), is_default_accessible() and is_default_postable()
* Member: can_access_forum(), can_post_in_forum(), can_edit_post(),
  and can_delete_post()

Unfortunately current_user is not a Guest when logged out, so one
cannot usually write current_user.can_*() without checking for
authentication first, so the checks are still somewhat verbose.

Reviewed forum permissions; the following permission issues have been
fixed (I have tested most but not all of them prior to fixing):

* app/routes/forum/index.py: Users that were not meant to access a
  forum could still obtain a listing of the topics
* app/routes/forum/topic.py: Users that were not meant to see topics
  could still read them by browsing the URL
* app/routes/forum/topic.py: Authenticated users could post in any
  topic, including ones that they should not have access to
* app/routes/posts/edit.py: Users with edit.posts (eg. mods) could edit
  and delete messages in forums they can't access (eg. creativecalc)

* app/templates/account/user.html: Users with admin panel access would
  see account editing links they can't use (affects developers)
* app/templates/base/navbar/forum.html: The "Forum" tab would list all
  forums including ones the user doesn't have access to
* app/templates/forum/index.html: Users would see every single forum,
  including ones they can't access
* app/template/widgets/thread.html: Anyone would see Edit/Delete links
  on every message, even though most were unusable

Miscellaneous changes:
* app/routes/forum/topic.py: Ordered comments by date as intended,
  which I assume worked by chance until now
* Removed the old assets/privs.txt files which is now superseded by the
  list implemented in app/data/groups.yaml

This commit changes group and forum information, run master.py with:
@> forums update
@> groups update
 		2021-02-26 18:32:45 +01:00
app review of privileges and forum permissions 2021-02-26 18:32:45 +01:00
assets review of privileges and forum permissions 2021-02-26 18:32:45 +01:00
migrations polls: added migration 2021-02-19 22:07:43 +01:00
scripts Updating .env, run_dev script and REQUIREMENT.md file 2019-02-06 12:10:26 +01:00
.env Updating .env, run_dev script and REQUIREMENT.md file 2019-02-06 12:10:26 +01:00
.gitignore dev: added support for local development test files 2020-11-13 01:45:55 +01:00
README.md Quelques changements pour respecter la PEP8 2019-06-05 01:44:38 +02:00
REQUIREMENTS.md registration: ADD email validation 2020-07-21 21:06:00 +02:00
V5.py fix: better PEP8 2020-08-05 22:52:56 +02:00
config.py forum: fix #84 2021-02-21 20:17:48 +01:00
local_config.py.default Ajout de l'exemple d'activation/désactivation de l'envoi des mails 2020-09-17 15:08:36 +02:00
master.py master: fix groups not fully updating 2021-02-26 18:31:10 +01:00

README.md

Planète Casio v5

Code de conduite

Don't be an asshole.

Style de code

  • On respecte la PEP8. Je sais c'est relou d'indenter avec des espaces, mais au moins le reste est consistant.
  • La seule exception concerne la longueur des lignes. Merci d'essayer de respecter les 79 colonnes, mais dans certains cas c'est plus crade de revenir à la ligne, donc blc.
  • Je conseille d'utiliser Flake8 qui permet de vérifier les erreurs de syntaxe, de style, etc. en live.