~sircmpwn/lists.sr.ht

13b5e9499884086760f61ccb8b83f0e636117d65 — Drew DeVault 4 months ago a2410e6 0.39.0
Implement ListAccess.moderate
M listssrht/blueprints/archives.py => listssrht/blueprints/archives.py +2 -1
@@ 198,6 198,7 @@ def thread(owner_name, list_name, message_id):
        return f"mailto:{post_address(msg.list)}?{urlencode(params, quote_via=quote)}"

    return render_template("thread.html", view="archives", owner=owner,
            access=access, ListAccess=ListAccess,
            ml=ml, thread=thread, messages=messages,
            parseaddr=email.utils.parseaddr,
            parse_auth_result=parse_auth_result,


@@ 247,7 248,7 @@ def remove_message(owner_name, list_name, message_id):
    owner, ml, access = get_list(owner_name, list_name)
    if not ml:
        abort(404)
    if ml.owner_id != current_user.id:
    if ListAccess.moderate not in access:
        abort(401)
    message = (Email.query
            .filter(Email.message_id == message_id)

M listssrht/blueprints/patches.py => listssrht/blueprints/patches.py +1 -1
@@ 138,7 138,7 @@ def patchset_update(owner_name, list_name, patchset_id):
    owner, ml, access = get_list(owner_name, list_name)
    if not ml:
        abort(404)
    if ml.owner_id != current_user.id:
    if ListAccess.moderate not in access:
        abort(403)
    patchset = (Patchset.query
            .filter(Patchset.id == patchset_id)

M listssrht/blueprints/settings.py => listssrht/blueprints/settings.py +3 -1
@@ 23,7 23,9 @@ access_help_map = {
    ListAccess.reply:
        "Permission to reply to threads submitted by an authorized user.",
    ListAccess.post:
        "Permission to submit new threads."
        "Permission to submit new threads.",
    ListAccess.moderate:
        "Permission to moderate threads and patches.",
}

@settings.route("/<owner_name>/<list_name>/settings/info")

M listssrht/templates/patchset.html => listssrht/templates/patchset.html +1 -2
@@ 124,8 124,7 @@
          >Learn more about email &amp; git {{icon('caret-right')}}</a>
        </details>
      </div>
      {% if current_user and current_user.id == ml.owner_id %}
      {# TODO: Better ACLs so non-owners can do this too #}
      {% if ListAccess.moderate in access %}
      <div class="event-list" style="margin-top: 1rem">
        <form
          class="event"

M listssrht/templates/thread.html => listssrht/templates/thread.html +1 -1
@@ 112,7 112,7 @@
                  list_name=ml.name,
                  message_id=msg.message_id
                ) }}" target="_blank">Download raw message</a>
              {% if current_user and current_user.id == ml.owner_id %}
              {% if ListAccess.moderate in access %}
              <h4 style="margin-top: 1rem">Moderation tools</h4>
              <form
                method="POST"

M listssrht/types/listaccess.py => listssrht/types/listaccess.py +4 -1
@@ 12,4 12,7 @@ class ListAccess(IntFlag):
    """Permission to reply to threads submitted by an authorized user."""
    post = 4
    """Permission to submit new threads."""
    all = browse | reply | post
    moderate = 8
    """Permission to moderate the list."""

    all = browse | reply | post | moderate