Allow editors and approvers to see package audit log descriptions

This commit is contained in:
rubenwardy
2023-05-12 00:55:44 +01:00
parent 84d379d490
commit f03746f5ad
4 changed files with 24 additions and 4 deletions

View File

@@ -106,6 +106,20 @@ class AuditLogEntry(db.Model):
self.package = package
self.description = description
def checkPerm(self, user, perm):
if not user.is_authenticated:
return False
if type(perm) == str:
perm = Permission[perm]
elif type(perm) != Permission:
raise Exception("Unknown permission given to AuditLogEntry.checkPerm()")
if perm == Permission.VIEW_AUDIT_DESCRIPTION:
return user.rank.atLeast(UserRank.APPROVER if self.package is not None else UserRank.MODERATOR)
else:
raise Exception("Permission {} is not related to audit log entries".format(perm.name))
REPO_BLACKLIST = [".zip", "mediafire.com", "dropbox.com", "weebly.com",
"minetest.net", "dropboxusercontent.com", "4shared.com",

View File

@@ -90,6 +90,7 @@ class Permission(enum.Enum):
DELETE_REVIEW = "DELETE_REVIEW"
CHANGE_PROFILE_URLS = "CHANGE_PROFILE_URLS"
CHANGE_DISPLAY_NAME = "CHANGE_DISPLAY_NAME"
VIEW_AUDIT_DESCRIPTION = "VIEW_AUDIT_DESCRIPTION"
# Only return true if the permission is valid for *all* contexts
# See Package.checkPerm for package-specific contexts