Browse Source

Enable user-history viewing for logged-in users

Until now, users have only been able to view the full posting history of
themselves (with pagination only being available on your own user page).
This extends the view_history permission to all logged-in users, so
everyone logged into an account will be able to see the full history of
any user.
merge-requests/55/head
Deimos 6 years ago
parent
commit
424f85b2b2
  1. 4
      tildes/tildes/models/user/user.py
  2. 2
      tildes/tildes/views/user.py

4
tildes/tildes/models/user/user.py

@ -142,6 +142,10 @@ class User(DatabaseModel):
# - everyone can view all users # - everyone can view all users
acl.append((Allow, Everyone, "view")) acl.append((Allow, Everyone, "view"))
# view_history:
# - only allow logged-in users to look through user history
acl.append((Allow, Authenticated, "view_history"))
# message: # message:
# - deleted and banned users can't be messaged # - deleted and banned users can't be messaged
# - otherwise, logged-in users can message anyone except themselves # - otherwise, logged-in users can message anyone except themselves

2
tildes/tildes/views/user.py

@ -34,6 +34,8 @@ def get_user(
"""Generate the main user history page.""" """Generate the main user history page."""
user = request.context user = request.context
# if the viewer doesn't have permission to view history, clear all the variables
# related to pagination (in case they set them manually in query vars)
if not request.has_permission("view_history", user): if not request.has_permission("view_history", user):
post_type = None post_type = None
after = None after = None

Loading…
Cancel
Save