* Sorted privileges into categories, similar to the v4.3 style
Added privilege check utilities:
* Forum: is_news(), is_default_accessible() and is_default_postable()
* Member: can_access_forum(), can_post_in_forum(), can_edit_post(),
and can_delete_post()
Unfortunately current_user is not a Guest when logged out, so one
cannot usually write current_user.can_*() without checking for
authentication first, so the checks are still somewhat verbose.
Reviewed forum permissions; the following permission issues have been
fixed (I have tested most but not all of them prior to fixing):
* app/routes/forum/index.py: Users that were not meant to access a
forum could still obtain a listing of the topics
* app/routes/forum/topic.py: Users that were not meant to see topics
could still read them by browsing the URL
* app/routes/forum/topic.py: Authenticated users could post in any
topic, including ones that they should not have access to
* app/routes/posts/edit.py: Users with edit.posts (eg. mods) could edit
and delete messages in forums they can't access (eg. creativecalc)
* app/templates/account/user.html: Users with admin panel access would
see account editing links they can't use (affects developers)
* app/templates/base/navbar/forum.html: The "Forum" tab would list all
forums including ones the user doesn't have access to
* app/templates/forum/index.html: Users would see every single forum,
including ones they can't access
* app/template/widgets/thread.html: Anyone would see Edit/Delete links
on every message, even though most were unusable
Miscellaneous changes:
* app/routes/forum/topic.py: Ordered comments by date as intended,
which I assume worked by chance until now
* Removed the old assets/privs.txt files which is now superseded by the
list implemented in app/data/groups.yaml
This commit changes group and forum information, run master.py with:
@> forums update
@> groups update
Javascript :
Supression du javascript inutile, l'entièreté du bloc du flash.
CSS :
Alignement plus correct des notifications flash, fini le fixed, 15%
place au margin auto.
Ajout d'une marge pour éviter l'effet «bloc».
Héritage des propriétés de couleur du texte et du fond de la classe supèrieure.
Modification des templates :
Les messages sont désormais chargés avant le contenu et après le header.
This works by bundling the topic object and page number in a pair during
conversion to/from URL, so that the slug can be computed effortlessly
and put in all links.
This changes fixes#25 by restructuring the forum models in a way
compatible with the polymorphic behavior of SQLAlchemy. Incidentally,
the new form turns out to be more appropriate for our use than the
polymorphic one originally used.
The migration for this task is non-trivial because the Thread class was
created with a foreign-key id which thus had no auto-increment or
associated sequence. The most reliable way of getting it back was to
recreate the table because SQLAlchemy ony performs automated sequence
introduction at table creation time. Four separate migration files
perform the whole change.
This commit also adds views and forms to create topics, and the
boilerplate for an advanced markup editor that can be used as a widget.
Dans User.valid_name, ajout de caractères non autorisés. Voir #19 pour
faire quelque chose de vraiment propre et safe.
Dans privs, j'ai shooté des règles en double. Répercussion sur les
autres routes.
Ajout du champ username dans le formulaire admin de modif d'un compte.
The groups-privileges page takes care of removing privileges
before deleting groups and users; this is to be moved soon to a
proper group/user deletion API.
This includes loading the common style sheets at low resolutions
and removing the undescribable redundancy in light.css.
The harder part was getting the navbar right, because it relied
heavily on the distinction between navbar.css and light.css.
This is still a work in progress.