add all mod actions on users

2025-07-01 21:26:52 +03:00 · 2025-07-01 21:26:52 +03:00 · 52f6484db1
commit 52f6484db1
parent df239fb130
2 changed files with 111 additions and 1 deletions
--- a/app/routes/users.py
+++ b/app/routes/users.py
@ -96,6 +96,28 @@ def mod_only(*args, **kwargs):
    return decorator


+def admin_only(*args, **kwargs):
+    def decorator(view_func):
+        @wraps(view_func)
+        def wrapper(*view_args, **view_kwargs):
+            if not get_active_user().is_admin():
+                # resolve callables
+                processed_kwargs = {
+                    k: v(**view_kwargs) if callable(v) else v
+                    for k, v in kwargs.items()
+                }
+                endpoint = args[0] if args else processed_kwargs.get("endpoint")
+                if endpoint.startswith("."):
+                    blueprint = current_app.blueprints.get(view_func.__name__.split(".")[0])
+                    if blueprint:
+                        endpoint = endpoint.lstrip(".")
+                        return redirect(url_for(f"{blueprint.name}.{endpoint}", **processed_kwargs))
+                return redirect(url_for(*args, **processed_kwargs))
+            return view_func(*view_args, **view_kwargs)
+        return wrapper
+    return decorator
+
+
@bp.get("/log_in")
@redirect_if_logged_in(".page", username = lambda: get_active_user().username)
 def log_in():
@ -187,5 +209,76 @@ def inbox(username):


@bp.post("/log_out")
+@login_required
 def log_out():
-    pass
+    user = get_active_user()
+    session_obj = Sessions.find({"key": session['pyrom_session_key']})
+    session_obj.delete()
+
+    session.clear()
+    return redirect(url_for(".log_in"))
+
+
+@bp.post("/confirm_user/<user_id>")
+@login_required
+@mod_only("topics.all_topics")
+def confirm_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if int(target_user.permission) > PermissionLevel.GUEST.value:
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.USER.value,
+        "confirmed_on": int(time.time()),
+    })
+    return redirect(url_for(".page", username=target_user.username))
+
+
+@bp.post("/mod_user/<user_id>")
+@login_required
+@admin_only("topics.all_topics")
+def mod_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if target_user.is_mod():
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.MODERATOR.value,
+    })
+    return redirect(url_for(".page", username=target_user.username))
+
+
+@bp.post("/demod_user/<user_id>")
+@login_required
+@admin_only("topics.all_topics")
+def demod_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if not target_user.is_mod():
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.USER.value,
+    })
+    return redirect(url_for(".page", username=target_user.username))
+
+
+@bp.post("/guest_user/<user_id>")
+@login_required
+@admin_only("topics.all_topics")
+def guest_user(user_id):
+    target_user = Users.find({"id": user_id})
+    if not target_user:
+        return "no"
+    if target_user.is_mod():
+        return "no"
+
+    target_user.update({
+        "permission": PermissionLevel.GUEST.value,
+    })
+    return redirect(url_for(".page", username=target_user.username))
--- a/app/templates/users/user.html
+++ b/app/templates/users/user.html
@ -19,8 +19,25 @@
    <h1 class="thread-title">Moderation controls</h1>
    {% if target_user.is_guest() %}
      <p>This user is a guest. They signed up on {{ timestamp(target_user['created_at']) }}</p>
+      <form class="modform" method="post" action="{{ url_for("users.confirm_user", user_id=target_user.id) }}">
+        <input type="submit" value="Confirm user">
+      </form>
    {% else %}
      <p>This user signed up on {{ timestamp(target_user['created_at']) }} and was confirmed on {{ timestamp(target_user['confirmed_on']) }}</p>
+      {% if (target_user.permission | int) < (active_user.permission | int) %}
+        <form class="modform" method="post" action="{{ url_for("users.guest_user", user_id=target_user.id) }}">
+          <input class="warn" type="submit" value="Demote user to guest (soft ban)">
+        </form>
+      {% endif %}
+      {% if active_user.is_admin() and not target_user.is_mod() %}
+        <form class="modform" method="post" action="{{ url_for("users.mod_user", user_id=target_user.id) }}">
+          <input class="warn" type="submit" value="Promote user to moderator">
+        </form>
+      {% elif target_user.is_mod() and (target_user.permission | int) < (active_user.permission | int) %}
+        <form class="modform" method="post" action="{{ url_for("users.demod_user", user_id=target_user.id) }}">
+          <input class="critical" type="submit" value="Demote user to regular user">
+        </form>
+      {% endif %}
    {% endif %}
  {% endif %}
 </div>