Ajout des conditions de création de topics

– L'utilisateur a le droit 'write-everywhere'
– C'est un topic de news et l'utilisateur a le droit 'write-news'
— Ce n'est pas un topic de news et le topic est une feuille de l'arbre 
du forum

Je me rends compte que c'est foireux pour la gestion des permissions. 
Faudra reprendre ça pour faire quelque chose de plus modulable…
This commit is contained in:
Darks 2019-12-10 23:01:40 +01:00
parent bf8f766131
commit 415cfd8d8f
Signed by: Darks
GPG Key ID: F61F10FA138E797C
3 changed files with 14 additions and 5 deletions

View File

@ -2,7 +2,7 @@
name: Administrateur
css: "color: #ee0000;"
descr: "Vous voyez Chuck Norris? Pareil."
privs: access-admin-board access-assoc-board write-news
privs: access-admin-board access-assoc-board write-news write-anywhere
upload-shared-files delete-shared-files
edit-posts delete-posts scheduled-posting
delete-content move-public-content move-private-content showcase-content

View File

@ -19,8 +19,15 @@ def forum_index():
def forum_page(f):
form = TopicCreationForm()
if form.validate_on_submit():
# TODO: Check user privileges for this specific forum!
# TODO: do not hardcode name of news forums
if form.validate_on_submit() and (
# User can write anywhere
(current_user.is_authenticated and current_user.priv('write-anywhere'))
# Forum is news forum TODO: add good condition to check if it's news
or ("/news" in f.url and current_user.is_authenticated
and current_user.priv('write-news'))
# Forum is not news and is a leaf:
or ("/news" not in f.name and not f.sub_forums)):
# First create the thread, then the comment, then the topic
th = Thread()
@ -41,7 +48,7 @@ def forum_page(f):
# Update member's xp and trophies
current_user.add_xp(V5Config.XP_POINTS['topic'])
current_user.update_trophies('new-post')
flash('Le sujet a bien été créé', 'ok')
return redirect(url_for('forum_topic', f=f, t=t))

View File

@ -41,7 +41,9 @@
</table>
{% endif %}
{% if (not f.sub_forums) == 0 or (current_user.is_authenticated and current_user.priv('access-admin-board')) %}
{% if (current_user.is_authenticated and current_user.priv('write-anywhere'))
or ("/news" in f.url and current_user.is_authenticated and current_user.priv('write-news'))
or ("/news" not in f.name and not f.sub_forums) %}
<div class=form>
<h2>Créer un nouveau sujet</h2>
<form action="" method="post" enctype="multipart/form-data">