finish mod routes
This commit is contained in:
@@ -1,8 +1,10 @@
|
||||
from flask import Blueprint, abort, redirect, url_for, request, render_template, flash
|
||||
from ..constants import InfoboxKind
|
||||
from ..constants import InfoboxKind, PermissionLevel
|
||||
from ..auth import is_logged_in, get_active_user, csrf_verified
|
||||
from ..models import Topics, Threads
|
||||
from ..models import Topics, Threads, Users
|
||||
from slugify import slugify
|
||||
from functools import wraps
|
||||
import time
|
||||
bp = Blueprint('mod', __name__, url_prefix='/mod/')
|
||||
|
||||
@bp.before_request
|
||||
@@ -12,6 +14,14 @@ def mod_only():
|
||||
if not get_active_user().is_mod():
|
||||
abort(403)
|
||||
|
||||
def admin_only(view_func):
|
||||
@wraps(view_func)
|
||||
def wrapper(*args, **kwargs):
|
||||
if not get_active_user().is_admin():
|
||||
abort(403)
|
||||
return view_func(*args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
@bp.get('/')
|
||||
def index():
|
||||
return 'stub'
|
||||
@@ -97,14 +107,62 @@ def sticky_thread(thread_id):
|
||||
@bp.post('/users/<int:user_id>/make-guest/')
|
||||
@csrf_verified
|
||||
def make_user_guest(user_id):
|
||||
return 'stub'
|
||||
mod = get_active_user()
|
||||
target_user = Users.find({'id': user_id})
|
||||
if not target_user:
|
||||
abort(404)
|
||||
|
||||
if target_user.is_admin() or target_user.is_system():
|
||||
abort(403)
|
||||
|
||||
if int(target_user.permission) >= int(mod.permission):
|
||||
abort(403)
|
||||
|
||||
target_user.update({
|
||||
'permission': PermissionLevel.GUEST.value,
|
||||
'confirmed_on': None,
|
||||
})
|
||||
|
||||
return redirect(url_for('users.user_page', username=target_user.username))
|
||||
|
||||
@bp.post('/users/<int:user_id>/make-user/')
|
||||
@csrf_verified
|
||||
def make_user_regular(user_id):
|
||||
return 'stub'
|
||||
mod = get_active_user()
|
||||
target_user = Users.find({'id': user_id})
|
||||
if not target_user:
|
||||
abort(404)
|
||||
|
||||
if target_user.is_admin() or target_user.is_system():
|
||||
abort(403)
|
||||
|
||||
# mod -> regular user, abort if not admin
|
||||
if int(target_user.permission) >= int(mod.permission):
|
||||
abort(403)
|
||||
|
||||
update_dict = {'permission': PermissionLevel.USER.value}
|
||||
# set approved date if the user was guest
|
||||
if target_user.is_guest():
|
||||
update_dict['confirmed_on'] = int(time.time())
|
||||
|
||||
target_user.update(update_dict)
|
||||
|
||||
return redirect(url_for('users.user_page', username=target_user.username))
|
||||
|
||||
@bp.post('/users/<int:user_id>/make-mod/')
|
||||
@admin_only
|
||||
@csrf_verified
|
||||
def make_user_mod(user_id):
|
||||
return 'stub'
|
||||
mod = get_active_user()
|
||||
target_user = Users.find({'id': user_id})
|
||||
if not target_user:
|
||||
abort(404)
|
||||
|
||||
if target_user.is_admin() or target_user.is_system():
|
||||
abort(403)
|
||||
|
||||
if int(target_user.permission) >= int(mod.permission):
|
||||
abort(403)
|
||||
|
||||
target_user.update({'permission': PermissionLevel.MODERATOR.value})
|
||||
return redirect(url_for('users.user_page', username=target_user.username))
|
||||
|
||||
Reference in New Issue
Block a user