add all mod actions on users

2025-07-01 21:26:52 +03:00
parent df239fb130
commit 52f6484db1
2 changed files with 111 additions and 1 deletions
--- a/app/routes/users.py
+++ b/app/routes/users.py
@ -96,6 +96,28 @@ def mod_only(*args, **kwargs):
    return decorator


+def admin_only(*args, **kwargs):
+    def decorator(view_func):
+        @wraps(view_func)
+        def wrapper(*view_args, **view_kwargs):
+            if not get_active_user().is_admin():
+                # resolve callables
+                processed_kwargs = {
+                    k: v(**view_kwargs) if callable(v) else v
+                    for k, v in kwargs.items()
+                }
+                endpoint = args[0] if args else processed_kwargs.get("endpoint")
+                if endpoint.startswith("."):
+                    blueprint = current_app.blueprints.get(view_func.__name__.split(".")[0])
+                    if blueprint:
+                        endpoint = endpoint.lstrip(".")
+                        return redirect(url_for(f"{blueprint.name}.{endpoint}", **processed_kwargs))
+                return redirect(url_for(*args, **processed_kwargs))
+            return view_func(*view_args, **view_kwargs)
+        return wrapper
+    return decorator
+
+
@bp.get("/log_in")
@redirect_if_logged_in(".page", username = lambda: get_active_user().username)
 def log_in():
@ -187,5 +209,76 @@ def inbox(username):


@bp.post("/log_out")
+@login_required
 def log_out():
-    pass
+    user = get_active_user()
+    session_obj = Sessions.find({"key": session['pyrom_session_key']})
+    session_obj.delete()
+
+    session.clear()
+    return redirect(url_for(".log_in"))
+
+
+@bp.post("/confirm_user/<user_id>")
+@login_required
+@mod_only("topics.all_topics")
+def confirm_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if int(target_user.permission) > PermissionLevel.GUEST.value:
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.USER.value,
+        "confirmed_on": int(time.time()),
+    })
+    return redirect(url_for(".page", username=target_user.username))
+
+
+@bp.post("/mod_user/<user_id>")
+@login_required
+@admin_only("topics.all_topics")
+def mod_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if target_user.is_mod():
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.MODERATOR.value,
+    })
+    return redirect(url_for(".page", username=target_user.username))
+
+
+@bp.post("/demod_user/<user_id>")
+@login_required
+@admin_only("topics.all_topics")
+def demod_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if not target_user.is_mod():
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.USER.value,
+    })
+    return redirect(url_for(".page", username=target_user.username))
+
+
+@bp.post("/guest_user/<user_id>")
+@login_required
+@admin_only("topics.all_topics")
+def guest_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if target_user.is_mod():
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.GUEST.value,
+    })
+    return redirect(url_for(".page", username=target_user.username))