Limit visibility of unapproved packages to maintainers and approvers

Fixes #338
2022-01-21 21:48:15 +00:00
parent 80d534a53f
commit 727db52c19
6 changed files with 33 additions and 7 deletions
--- a/app/models/packages.py
+++ b/app/models/packages.py
@@ -607,7 +607,10 @@ class Package(db.Model):
 		isMaintainer = isOwner or user.rank.atLeast(UserRank.EDITOR) or user in self.maintainers
 		isApprover = user.rank.atLeast(UserRank.APPROVER)

-		if perm == Permission.CREATE_THREAD:
+		if perm == Permission.SEE_PACKAGE:
+			return self.state == PackageState.APPROVED or isMaintainer or isApprover
+
+		elif perm == Permission.CREATE_THREAD:
 			return user.rank.atLeast(UserRank.MEMBER)

 		# Members can edit their own packages, and editors can edit any packages