From 52f6484db1850bdefccd73414d5f6e6eb62b6369 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lera=20Elvo=C3=A9?= Date: Tue, 1 Jul 2025 21:26:52 +0300 Subject: [PATCH] add all mod actions on users --- app/routes/users.py | 95 ++++++++++++++++++++++++++++++++++- app/templates/users/user.html | 17 +++++++ 2 files changed, 111 insertions(+), 1 deletion(-) diff --git a/app/routes/users.py b/app/routes/users.py index 30e9479..cce6b8b 100644 --- a/app/routes/users.py +++ b/app/routes/users.py @@ -96,6 +96,28 @@ def mod_only(*args, **kwargs): return decorator +def admin_only(*args, **kwargs): + def decorator(view_func): + @wraps(view_func) + def wrapper(*view_args, **view_kwargs): + if not get_active_user().is_admin(): + # resolve callables + processed_kwargs = { + k: v(**view_kwargs) if callable(v) else v + for k, v in kwargs.items() + } + endpoint = args[0] if args else processed_kwargs.get("endpoint") + if endpoint.startswith("."): + blueprint = current_app.blueprints.get(view_func.__name__.split(".")[0]) + if blueprint: + endpoint = endpoint.lstrip(".") + return redirect(url_for(f"{blueprint.name}.{endpoint}", **processed_kwargs)) + return redirect(url_for(*args, **processed_kwargs)) + return view_func(*view_args, **view_kwargs) + return wrapper + return decorator + + @bp.get("/log_in") @redirect_if_logged_in(".page", username = lambda: get_active_user().username) def log_in(): @@ -187,5 +209,76 @@ def inbox(username): @bp.post("/log_out") +@login_required def log_out(): - pass + user = get_active_user() + session_obj = Sessions.find({"key": session['pyrom_session_key']}) + session_obj.delete() + + session.clear() + return redirect(url_for(".log_in")) + + +@bp.post("/confirm_user/") +@login_required +@mod_only("topics.all_topics") +def confirm_user(user_id): + target_user = Users.find({"id": user_id}) + if not target_user: + return "no" + if int(target_user.permission) > PermissionLevel.GUEST.value: + return "no" + + target_user.update({ + "permission": PermissionLevel.USER.value, + "confirmed_on": int(time.time()), + }) + return redirect(url_for(".page", username=target_user.username)) + + +@bp.post("/mod_user/") +@login_required +@admin_only("topics.all_topics") +def mod_user(user_id): + target_user = Users.find({"id": user_id}) + if not target_user: + return "no" + if target_user.is_mod(): + return "no" + + target_user.update({ + "permission": PermissionLevel.MODERATOR.value, + }) + return redirect(url_for(".page", username=target_user.username)) + + +@bp.post("/demod_user/") +@login_required +@admin_only("topics.all_topics") +def demod_user(user_id): + target_user = Users.find({"id": user_id}) + if not target_user: + return "no" + if not target_user.is_mod(): + return "no" + + target_user.update({ + "permission": PermissionLevel.USER.value, + }) + return redirect(url_for(".page", username=target_user.username)) + + +@bp.post("/guest_user/") +@login_required +@admin_only("topics.all_topics") +def guest_user(user_id): + target_user = Users.find({"id": user_id}) + if not target_user: + return "no" + if target_user.is_mod(): + return "no" + + target_user.update({ + "permission": PermissionLevel.GUEST.value, + }) + return redirect(url_for(".page", username=target_user.username)) diff --git a/app/templates/users/user.html b/app/templates/users/user.html index 99efe01..97b3d40 100644 --- a/app/templates/users/user.html +++ b/app/templates/users/user.html @@ -19,8 +19,25 @@

Moderation controls

{% if target_user.is_guest() %}

This user is a guest. They signed up on {{ timestamp(target_user['created_at']) }}

+
+ +
{% else %}

This user signed up on {{ timestamp(target_user['created_at']) }} and was confirmed on {{ timestamp(target_user['confirmed_on']) }}

+ {% if (target_user.permission | int) < (active_user.permission | int) %} +
+ +
+ {% endif %} + {% if active_user.is_admin() and not target_user.is_mod() %} +
+ +
+ {% elif target_user.is_mod() and (target_user.permission | int) < (active_user.permission | int) %} +
+ +
+ {% endif %} {% endif %} {% endif %}