2019-02-09 11:32:08 +01:00
|
|
|
{% extends "base/base.html" %}
|
2019-04-04 21:31:14 +02:00
|
|
|
{% import "widgets/user.html" as widget_member %}
|
2019-02-05 23:21:46 +01:00
|
|
|
|
2023-06-06 22:27:17 +02:00
|
|
|
{% set tabtitle = "Profil de " + member.name %}
|
|
|
|
|
2019-03-31 09:40:33 +02:00
|
|
|
{% block title %}
|
2019-04-04 21:31:14 +02:00
|
|
|
<h1>Profil de {{ member.name }}</h1>
|
2019-03-31 09:40:33 +02:00
|
|
|
{% endblock %}
|
|
|
|
|
2019-02-05 23:21:46 +01:00
|
|
|
{% block content %}
|
|
|
|
<section>
|
2020-07-19 21:14:34 +02:00
|
|
|
<div style="display:flex;flex-wrap:wrap;align-items:center;">
|
|
|
|
<div>
|
|
|
|
{{ widget_member.profile(member) }}
|
|
|
|
{% if current_user.is_authenticated %}
|
|
|
|
{% if current_user == member %}
|
|
|
|
<div><a href="{{ url_for('edit_account') }}">Modifier le compte</a></div>
|
review of privileges and forum permissions
* Sorted privileges into categories, similar to the v4.3 style
Added privilege check utilities:
* Forum: is_news(), is_default_accessible() and is_default_postable()
* Member: can_access_forum(), can_post_in_forum(), can_edit_post(),
and can_delete_post()
Unfortunately current_user is not a Guest when logged out, so one
cannot usually write current_user.can_*() without checking for
authentication first, so the checks are still somewhat verbose.
Reviewed forum permissions; the following permission issues have been
fixed (I have tested most but not all of them prior to fixing):
* app/routes/forum/index.py: Users that were not meant to access a
forum could still obtain a listing of the topics
* app/routes/forum/topic.py: Users that were not meant to see topics
could still read them by browsing the URL
* app/routes/forum/topic.py: Authenticated users could post in any
topic, including ones that they should not have access to
* app/routes/posts/edit.py: Users with edit.posts (eg. mods) could edit
and delete messages in forums they can't access (eg. creativecalc)
* app/templates/account/user.html: Users with admin panel access would
see account editing links they can't use (affects developers)
* app/templates/base/navbar/forum.html: The "Forum" tab would list all
forums including ones the user doesn't have access to
* app/templates/forum/index.html: Users would see every single forum,
including ones they can't access
* app/template/widgets/thread.html: Anyone would see Edit/Delete links
on every message, even though most were unusable
Miscellaneous changes:
* app/routes/forum/topic.py: Ordered comments by date as intended,
which I assume worked by chance until now
* Removed the old assets/privs.txt files which is now superseded by the
list implemented in app/data/groups.yaml
This commit changes group and forum information, run master.py with:
@> forums update
@> groups update
2021-02-26 18:29:25 +01:00
|
|
|
{% elif current_user.priv('edit.accounts') %}
|
2020-07-19 21:14:34 +02:00
|
|
|
<div><a href="{{ url_for('adm_edit_account', user_id=member.id) }}">Modifier le compte</a></div>
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
</div>
|
|
|
|
<div style="padding:30px;">
|
|
|
|
<div style="font-size:115%;font-style:italic;margin-bottom:15px;">
|
2020-09-18 19:43:10 +02:00
|
|
|
{{ member.signature|md }}
|
2020-07-19 21:14:34 +02:00
|
|
|
</div>
|
|
|
|
<div>
|
|
|
|
Membre depuis le {{ member.register_date|date('%Y-%m-%d') }}
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<h2>Présentation</h2>
|
|
|
|
<div>
|
2020-09-18 19:43:10 +02:00
|
|
|
{{ member.bio|md }}
|
2020-07-19 21:14:34 +02:00
|
|
|
</div>
|
|
|
|
|
|
|
|
<h2>Groupes</h2>
|
2019-06-11 00:15:23 +02:00
|
|
|
<div>
|
|
|
|
<ul>
|
2020-07-19 21:14:34 +02:00
|
|
|
{% for g in member.groups %}
|
|
|
|
<li><a href="{# url_for('group', group=g.name) #}">{{ g.name }}</a></li>
|
2019-06-11 00:15:23 +02:00
|
|
|
{% endfor %}
|
|
|
|
</ul>
|
2020-07-19 21:14:34 +02:00
|
|
|
</div>
|
|
|
|
|
|
|
|
<h2>Trophées</h2>
|
|
|
|
<div class="trophies">
|
2020-07-20 19:35:05 +02:00
|
|
|
{% for t in trophies if t in member.trophies or t.hidden == False %}
|
2020-07-19 21:14:34 +02:00
|
|
|
<div class="trophy {{ '' if t in member.trophies else 'disabled' }}">
|
2020-07-22 10:44:56 +02:00
|
|
|
<img src="{{ url_for('static', filename='images/trophies/'+slugify(t.name))+'.png' }}">
|
2020-07-19 21:14:34 +02:00
|
|
|
<div>
|
|
|
|
<em>{{ t.name }}</em>
|
2020-07-19 22:27:00 +02:00
|
|
|
<span>{{ t.description }}</span>
|
2020-07-19 21:14:34 +02:00
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
{% endfor %}
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<h2>Programmes</h2>
|
|
|
|
<div>
|
|
|
|
Ici y'aura les programmes
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<h2>Topics</h2>
|
|
|
|
<div>
|
|
|
|
<table style="width:100%;">
|
|
|
|
<tr>
|
|
|
|
<th>Titre</th>
|
|
|
|
<th>Forum</th>
|
|
|
|
<th>Création</th>
|
|
|
|
</tr>
|
2022-04-25 18:03:27 +02:00
|
|
|
{% for t in member.topics() %}
|
2020-07-19 21:14:34 +02:00
|
|
|
<tr>
|
|
|
|
<td><a href="{{ url_for('forum_topic', f=t.forum, page=(t, 1)) }}">{{ t.title }}</a></td>
|
|
|
|
<td><a href="{{ url_for('forum_page', f=t.forum) }}">{{ t.forum.name }}</a></td>
|
|
|
|
<td>Le {{ t.date_created|date }}</td>
|
|
|
|
</tr>
|
|
|
|
{% endfor %}
|
|
|
|
</table>
|
|
|
|
</div>
|
2019-02-05 23:21:46 +01:00
|
|
|
</section>
|
|
|
|
{% endblock %}
|