Browse Source

Enable granting ability to remove topics/comments

merge-requests/53/head
Deimos 6 years ago
parent
commit
6e5a8b68b0
  1. 4
      tildes/tests/test_comment.py
  2. 8
      tildes/tests/test_topic_permissions.py
  3. 6
      tildes/tildes/models/comment/comment.py
  4. 10
      tildes/tildes/models/topic/topic.py

4
tildes/tests/test_comment.py

@ -83,10 +83,10 @@ def test_deleted_comment_permissions_removed(comment):
def test_removed_comment_view_permission(comment): def test_removed_comment_view_permission(comment):
"""Ensure a removed comment can only be viewed by its author and admins."""
"""Ensure a removed comment can only be viewed by certain users."""
comment.is_removed = True comment.is_removed = True
principals = principals_allowed_by_permission(comment, "view") principals = principals_allowed_by_permission(comment, "view")
assert principals == {"admin", comment.user_id}
assert principals == {"admin", comment.user_id, "comment.remove"}
def test_edit_grace_period(comment): def test_edit_grace_period(comment):

8
tildes/tests/test_topic_permissions.py

@ -46,10 +46,10 @@ def test_topic_view_author_permission(text_topic):
def test_removed_topic_view_author_permission(topic): def test_removed_topic_view_author_permission(topic):
"""Ensure only admins and the author can view a removed topic's author."""
"""Ensure only a removed topic's author can only be viewed by certain users."""
topic.is_removed = True topic.is_removed = True
principals = principals_allowed_by_permission(topic, "view_author") principals = principals_allowed_by_permission(topic, "view_author")
assert principals == {"admin", topic.user_id}
assert principals == {"admin", topic.user_id, "topic.remove"}
def test_topic_view_content_permission(text_topic): def test_topic_view_content_permission(text_topic):
@ -59,10 +59,10 @@ def test_topic_view_content_permission(text_topic):
def test_removed_topic_view_content_permission(topic): def test_removed_topic_view_content_permission(topic):
"""Ensure only admins and the author can view a removed topic's content."""
"""Ensure a removed topic's content can only be viewed by certain users."""
topic.is_removed = True topic.is_removed = True
principals = principals_allowed_by_permission(topic, "view_content") principals = principals_allowed_by_permission(topic, "view_content")
assert principals == {"admin", topic.user_id}
assert principals == {"admin", topic.user_id, "topic.remove"}
def test_topic_comment_permission(text_topic): def test_topic_comment_permission(text_topic):

6
tildes/tildes/models/comment/comment.py

@ -147,11 +147,13 @@ class Comment(DatabaseModel):
acl.append(DENY_ALL) acl.append(DENY_ALL)
# view: # view:
# - removed comments can only be viewed by admins and the author
# - removed comments can only be viewed by admins, the author, and users with
# remove permission
# - otherwise, everyone can view # - otherwise, everyone can view
if self.is_removed: if self.is_removed:
acl.append((Allow, "admin", "view")) acl.append((Allow, "admin", "view"))
acl.append((Allow, self.user_id, "view")) acl.append((Allow, self.user_id, "view"))
acl.append((Allow, "comment.remove", "view"))
acl.append((Deny, Everyone, "view")) acl.append((Deny, Everyone, "view"))
acl.append((Allow, Everyone, "view")) acl.append((Allow, Everyone, "view"))
@ -209,6 +211,8 @@ class Comment(DatabaseModel):
# tools that require specifically granted permissions # tools that require specifically granted permissions
acl.append((Allow, "admin", "remove")) acl.append((Allow, "admin", "remove"))
acl.append((Allow, "comment.remove", "remove"))
acl.append((Allow, "admin", "view_labels")) acl.append((Allow, "admin", "view_labels"))
acl.append(DENY_ALL) acl.append(DENY_ALL)

10
tildes/tildes/models/topic/topic.py

@ -230,21 +230,25 @@ class Topic(DatabaseModel):
acl.append((Allow, Everyone, "view")) acl.append((Allow, Everyone, "view"))
# view_author: # view_author:
# - removed topics' author is only visible to the author and admins
# - removed topics' author is only visible to the author, admins, and users
# with remove permission
# - otherwise, everyone can view the author # - otherwise, everyone can view the author
if self.is_removed: if self.is_removed:
acl.append((Allow, "admin", "view_author")) acl.append((Allow, "admin", "view_author"))
acl.append((Allow, self.user_id, "view_author")) acl.append((Allow, self.user_id, "view_author"))
acl.append((Allow, "topic.remove", "view_author"))
acl.append((Deny, Everyone, "view_author")) acl.append((Deny, Everyone, "view_author"))
acl.append((Allow, Everyone, "view_author")) acl.append((Allow, Everyone, "view_author"))
# view_content: # view_content:
# - removed topics' content is only visible to the author and admins
# - removed topics' content is only visible to the author, admins and users
# with remove permissions
# - otherwise, everyone can view the content # - otherwise, everyone can view the content
if self.is_removed: if self.is_removed:
acl.append((Allow, "admin", "view_content")) acl.append((Allow, "admin", "view_content"))
acl.append((Allow, self.user_id, "view_content")) acl.append((Allow, self.user_id, "view_content"))
acl.append((Allow, "topic.remove", "view_content"))
acl.append((Deny, Everyone, "view_content")) acl.append((Deny, Everyone, "view_content"))
acl.append((Allow, Everyone, "view_content")) acl.append((Allow, Everyone, "view_content"))
@ -289,8 +293,10 @@ class Topic(DatabaseModel):
# tools that require specifically granted permissions # tools that require specifically granted permissions
acl.append((Allow, "admin", "lock")) acl.append((Allow, "admin", "lock"))
acl.append((Allow, "topic.lock", "lock"))
acl.append((Allow, "admin", "remove")) acl.append((Allow, "admin", "remove"))
acl.append((Allow, "topic.remove", "remove"))
acl.append((Allow, "admin", "move")) acl.append((Allow, "admin", "move"))
acl.append((Allow, "topic.move", "move")) acl.append((Allow, "topic.move", "move"))

Loading…
Cancel
Save