Browse Source

Enable granting ability to remove topics/comments

merge-requests/53/head
Deimos 6 years ago
parent
commit
6e5a8b68b0
  1. 4
      tildes/tests/test_comment.py
  2. 8
      tildes/tests/test_topic_permissions.py
  3. 6
      tildes/tildes/models/comment/comment.py
  4. 10
      tildes/tildes/models/topic/topic.py

4
tildes/tests/test_comment.py

@ -83,10 +83,10 @@ def test_deleted_comment_permissions_removed(comment):
def test_removed_comment_view_permission(comment):
"""Ensure a removed comment can only be viewed by its author and admins."""
"""Ensure a removed comment can only be viewed by certain users."""
comment.is_removed = True
principals = principals_allowed_by_permission(comment, "view")
assert principals == {"admin", comment.user_id}
assert principals == {"admin", comment.user_id, "comment.remove"}
def test_edit_grace_period(comment):

8
tildes/tests/test_topic_permissions.py

@ -46,10 +46,10 @@ def test_topic_view_author_permission(text_topic):
def test_removed_topic_view_author_permission(topic):
"""Ensure only admins and the author can view a removed topic's author."""
"""Ensure only a removed topic's author can only be viewed by certain users."""
topic.is_removed = True
principals = principals_allowed_by_permission(topic, "view_author")
assert principals == {"admin", topic.user_id}
assert principals == {"admin", topic.user_id, "topic.remove"}
def test_topic_view_content_permission(text_topic):
@ -59,10 +59,10 @@ def test_topic_view_content_permission(text_topic):
def test_removed_topic_view_content_permission(topic):
"""Ensure only admins and the author can view a removed topic's content."""
"""Ensure a removed topic's content can only be viewed by certain users."""
topic.is_removed = True
principals = principals_allowed_by_permission(topic, "view_content")
assert principals == {"admin", topic.user_id}
assert principals == {"admin", topic.user_id, "topic.remove"}
def test_topic_comment_permission(text_topic):

6
tildes/tildes/models/comment/comment.py

@ -147,11 +147,13 @@ class Comment(DatabaseModel):
acl.append(DENY_ALL)
# view:
# - removed comments can only be viewed by admins and the author
# - removed comments can only be viewed by admins, the author, and users with
# remove permission
# - otherwise, everyone can view
if self.is_removed:
acl.append((Allow, "admin", "view"))
acl.append((Allow, self.user_id, "view"))
acl.append((Allow, "comment.remove", "view"))
acl.append((Deny, Everyone, "view"))
acl.append((Allow, Everyone, "view"))
@ -209,6 +211,8 @@ class Comment(DatabaseModel):
# tools that require specifically granted permissions
acl.append((Allow, "admin", "remove"))
acl.append((Allow, "comment.remove", "remove"))
acl.append((Allow, "admin", "view_labels"))
acl.append(DENY_ALL)

10
tildes/tildes/models/topic/topic.py

@ -230,21 +230,25 @@ class Topic(DatabaseModel):
acl.append((Allow, Everyone, "view"))
# view_author:
# - removed topics' author is only visible to the author and admins
# - removed topics' author is only visible to the author, admins, and users
# with remove permission
# - otherwise, everyone can view the author
if self.is_removed:
acl.append((Allow, "admin", "view_author"))
acl.append((Allow, self.user_id, "view_author"))
acl.append((Allow, "topic.remove", "view_author"))
acl.append((Deny, Everyone, "view_author"))
acl.append((Allow, Everyone, "view_author"))
# view_content:
# - removed topics' content is only visible to the author and admins
# - removed topics' content is only visible to the author, admins and users
# with remove permissions
# - otherwise, everyone can view the content
if self.is_removed:
acl.append((Allow, "admin", "view_content"))
acl.append((Allow, self.user_id, "view_content"))
acl.append((Allow, "topic.remove", "view_content"))
acl.append((Deny, Everyone, "view_content"))
acl.append((Allow, Everyone, "view_content"))
@ -289,8 +293,10 @@ class Topic(DatabaseModel):
# tools that require specifically granted permissions
acl.append((Allow, "admin", "lock"))
acl.append((Allow, "topic.lock", "lock"))
acl.append((Allow, "admin", "remove"))
acl.append((Allow, "topic.remove", "remove"))
acl.append((Allow, "admin", "move"))
acl.append((Allow, "topic.move", "move"))

Loading…
Cancel
Save