devs/PCv5
devs
/
PCv5
7
10
Fork 4
Code Issues 25 Pull Requests Releases Wiki Activity
669 Commits 10 Branches 0 Tags 59 MiB
Commit Graph

12 Commits

Author SHA1 Message Date
Darks 3f8f8ab225
templates: added tabtitles to all relevant templates 2023-06-06 22:43:35 +02:00
Lephe db5e613f7e
model: use methods to access a user's typed posts (#104) 2022-04-25 17:05:17 +01:00
Lephe 6f98cba65e
review of privileges and forum permissions 
* Sorted privileges into categories, similar to the v4.3 style

Added privilege check utilities:
* Forum: is_news(), is_default_accessible() and is_default_postable()
* Member: can_access_forum(), can_post_in_forum(), can_edit_post(),
  and can_delete_post()

Unfortunately current_user is not a Guest when logged out, so one
cannot usually write current_user.can_*() without checking for
authentication first, so the checks are still somewhat verbose.

Reviewed forum permissions; the following permission issues have been
fixed (I have tested most but not all of them prior to fixing):

* app/routes/forum/index.py: Users that were not meant to access a
  forum could still obtain a listing of the topics
* app/routes/forum/topic.py: Users that were not meant to see topics
  could still read them by browsing the URL
* app/routes/forum/topic.py: Authenticated users could post in any
  topic, including ones that they should not have access to
* app/routes/posts/edit.py: Users with edit.posts (eg. mods) could edit
  and delete messages in forums they can't access (eg. creativecalc)

* app/templates/account/user.html: Users with admin panel access would
  see account editing links they can't use (affects developers)
* app/templates/base/navbar/forum.html: The "Forum" tab would list all
  forums including ones the user doesn't have access to
* app/templates/forum/index.html: Users would see every single forum,
  including ones they can't access
* app/template/widgets/thread.html: Anyone would see Edit/Delete links
  on every message, even though most were unusable

Miscellaneous changes:
* app/routes/forum/topic.py: Ordered comments by date as intended,
  which I assume worked by chance until now
* Removed the old assets/privs.txt files which is now superseded by the
  list implemented in app/data/groups.yaml

This commit changes group and forum information, run master.py with:
@> forums update
@> groups update
 2021-02-26 18:32:45 +01:00
Darks 9409113167
markdown: add markdown rendering 2020-09-18 19:43:10 +02:00
Darks 4117ec4b15
user: FIX problème de perf à l'affichage 
Le serveur aime pas devoir recalculer à chaque fois le nombre de 
commentaires de chaque topic
 2020-07-23 20:46:30 +02:00
Darks 3a46f8046c
topics: ADD une relationship dans `Member` 
Et une relation `comments` vers les commentaires. Moins utile, mais ça 
coute rien.
Corrige par la même occasion les problèmes de perfs
 2020-07-23 20:19:03 +02:00
Lephe 6b280c6901
trophies: add icons 2020-07-22 10:44:56 +02:00
Darks 1b17234623
trophies: ADD hidden parameter, FIX admin panel 2020-07-20 19:35:05 +02:00
Lephe c4bfef4765
trophies: add descriptions 
DATABASE UPDATE: run [flask db upgrade], then use the [create-trophies]
command of the master script to recreate trophies.
 2020-07-19 22:27:00 +02:00
Darks 4d3e1a14f3
profil: complétion de la page de profil (#9) 2020-07-19 21:14:34 +02:00
Darks 9f5b607c45
Correction d'un petit bug de routage du bouton mofidier un compte 2019-12-10 10:00:20 +01:00
Darks d4e1b05c29
Divers correctifs 
- Le menu est utilisable sans Js (penser à mettre à jour les endpoints)
- Réorganisation des templates
- Ajout d'une page listant les outils
 2019-11-28 14:14:35 +01:00
Renamed from app/templates/user.html (Browse further)