2019-09-05 23:42:47 +02:00
|
|
|
|
{% extends "base/base.html" %}
|
|
|
|
|
|
|
|
|
|
{% block title %}
|
|
|
|
|
<h1>Forum de Planète Casio</h1>
|
|
|
|
|
{% endblock %}
|
|
|
|
|
|
|
|
|
|
{% block content %}
|
|
|
|
|
<section>
|
2019-12-02 00:00:04 +01:00
|
|
|
|
<p>
|
|
|
|
|
Bienvenue sur le forum de Planète Casio ! Vous pouvez créer des
|
|
|
|
|
nouveaux sujets ou poster des réponses avec un compte
|
2021-02-20 19:30:18 +01:00
|
|
|
|
{%- if not current_user.is_authenticated %}
|
2019-12-02 00:00:04 +01:00
|
|
|
|
ou en postant en tant qu'invité
|
2021-02-20 19:30:18 +01:00
|
|
|
|
{%- endif -%}
|
2019-12-02 00:00:04 +01:00
|
|
|
|
.
|
|
|
|
|
</p>
|
2019-09-05 23:42:47 +02:00
|
|
|
|
|
2020-08-01 15:09:07 +02:00
|
|
|
|
{% if main_forum == None %}
|
2019-09-05 23:42:47 +02:00
|
|
|
|
<p>Il n'y a aucun forum.</p>
|
2020-08-01 15:09:07 +02:00
|
|
|
|
{% else %}
|
2019-09-05 23:42:47 +02:00
|
|
|
|
|
2020-08-01 15:09:07 +02:00
|
|
|
|
{% for l1 in main_forum.sub_forums %}
|
review of privileges and forum permissions
* Sorted privileges into categories, similar to the v4.3 style
Added privilege check utilities:
* Forum: is_news(), is_default_accessible() and is_default_postable()
* Member: can_access_forum(), can_post_in_forum(), can_edit_post(),
and can_delete_post()
Unfortunately current_user is not a Guest when logged out, so one
cannot usually write current_user.can_*() without checking for
authentication first, so the checks are still somewhat verbose.
Reviewed forum permissions; the following permission issues have been
fixed (I have tested most but not all of them prior to fixing):
* app/routes/forum/index.py: Users that were not meant to access a
forum could still obtain a listing of the topics
* app/routes/forum/topic.py: Users that were not meant to see topics
could still read them by browsing the URL
* app/routes/forum/topic.py: Authenticated users could post in any
topic, including ones that they should not have access to
* app/routes/posts/edit.py: Users with edit.posts (eg. mods) could edit
and delete messages in forums they can't access (eg. creativecalc)
* app/templates/account/user.html: Users with admin panel access would
see account editing links they can't use (affects developers)
* app/templates/base/navbar/forum.html: The "Forum" tab would list all
forums including ones the user doesn't have access to
* app/templates/forum/index.html: Users would see every single forum,
including ones they can't access
* app/template/widgets/thread.html: Anyone would see Edit/Delete links
on every message, even though most were unusable
Miscellaneous changes:
* app/routes/forum/topic.py: Ordered comments by date as intended,
which I assume worked by chance until now
* Removed the old assets/privs.txt files which is now superseded by the
list implemented in app/data/groups.yaml
This commit changes group and forum information, run master.py with:
@> forums update
@> groups update
2021-02-26 18:29:25 +01:00
|
|
|
|
{% if l1.is_default_accessible() or
|
|
|
|
|
(current_user.is_authenticated and current_user.can_access_forum(l1)) %}
|
|
|
|
|
<table class=forumlist>
|
|
|
|
|
<tr><th>{{ l1.name }}</th><th>Nombre de sujets</th></tr>
|
|
|
|
|
|
|
|
|
|
{% if l1.sub_forums == [] %}
|
|
|
|
|
<tr><td><a href='/forum{{ l1.url }}'>{{ l1.name }}</a></td>
|
|
|
|
|
<td>{{ l1.topics.count() }}</td></tr>
|
|
|
|
|
<tr><td>{{ l1.descr }}</td><td></td></tr>
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
|
|
{% for l2 in l1.sub_forums %}
|
|
|
|
|
{% if l2.is_default_accessible() or
|
|
|
|
|
(current_user.is_authenticated and current_user.can_access_forum(l2)) %}
|
|
|
|
|
<tr><td><a href='/forum{{ l2.url }}'>{{ l2.name }}</td>
|
|
|
|
|
<td>{{ l2.topics.count() }}</td></tr>
|
|
|
|
|
<tr><td>{{ l2.descr }}</td><td></td></tr>
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
|
|
</table>
|
|
|
|
|
{% endif %}
|
2019-09-05 23:42:47 +02:00
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
|
|
{% endif %}
|
|
|
|
|
</section>
|
|
|
|
|
{% endblock %}
|