diff options
-rw-r--r-- | python/fatcat_web/auth.py | 1 | ||||
-rw-r--r-- | python/fatcat_web/routes.py | 69 | ||||
-rw-r--r-- | python/fatcat_web/templates/editgroup_view.html | 50 |
3 files changed, 113 insertions, 7 deletions
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py index 20c11855..79e7b19e 100644 --- a/python/fatcat_web/auth.py +++ b/python/fatcat_web/auth.py @@ -139,5 +139,6 @@ def load_user(editor_id): user.id = editor_id user.editor_id = editor_id user.username = editor['username'] + user.is_admin = editor['is_admin'] user.token = token return user diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py index ba86fc6a..57b5d5af 100644 --- a/python/fatcat_web/routes.py +++ b/python/fatcat_web/routes.py @@ -311,11 +311,74 @@ def work_view(ident): @app.route('/editgroup/<ident>', methods=['GET']) def editgroup_view(ident): try: - entity = api.get_editgroup(str(ident)) - entity.editor = api.get_editor(entity.editor_id) + eg = api.get_editgroup(str(ident)) + eg.editor = api.get_editor(eg.editor_id) except ApiException as ae: abort(ae.status) - return render_template('editgroup_view.html', editgroup=entity) + # TODO: idomatic check for login? + auth_to_submit = False + auth_to_accept = False + if session.get('editor'): + user = load_user(session['editor']['editor_id']) + if user.is_admin or user.editor_id == eg.editor_id: + auth_to_submit = True + if user.is_admin: + auth_to_accept = True + return render_template('editgroup_view.html', editgroup=eg, + auth_to_submit=auth_to_submit, auth_to_accept=auth_to_accept) + +@app.route('/editgroup/<ident>/accept', methods=['POST']) +@login_required +def editgroup_accept(ident): + app.csrf.protect() + # on behalf of user... + user_api = auth_api(session['api_token']) + try: + eg = user_api.get_editgroup(str(ident)) + if eg.changelog_index: + flash("Editgroup already accepted") + abort(400) + user_api.accept_editgroup(str(ident)) + except ApiException as ae: + app.logger.info(ae) + abort(ae.status) + return redirect('/editgroup/{}'.format(ident)) + +@app.route('/editgroup/<ident>/unsubmit', methods=['POST']) +@login_required +def editgroup_unsubmit(ident): + app.csrf.protect() + # on behalf of user... + user_api = auth_api(session['api_token']) + try: + eg = user_api.get_editgroup(str(ident)) + if eg.changelog_index: + flash("Editgroup already accepted") + abort(400) + user_api.update_editgroup(eg.editgroup_id, eg, submit=False) + except ApiException as ae: + app.logger.info(ae) + abort(ae.status) + return redirect('/editgroup/{}'.format(ident)) + +@app.route('/editgroup/<ident>/submit', methods=['POST']) +@login_required +def editgroup_submit(ident): + app.csrf.protect() + # on behalf of user... + print("submitting...") + user_api = auth_api(session['api_token']) + try: + eg = user_api.get_editgroup(str(ident)) + if eg.changelog_index: + flash("Editgroup already accepted") + abort(400) + user_api.update_editgroup(eg.editgroup_id, eg, submit=True) + except ApiException as ae: + print(ae) + app.logger.info(ae) + abort(ae.status) + return redirect('/editgroup/{}'.format(ident)) @app.route('/editor/<ident>', methods=['GET']) def editor_view(ident): diff --git a/python/fatcat_web/templates/editgroup_view.html b/python/fatcat_web/templates/editgroup_view.html index 2341f06a..f5a65be0 100644 --- a/python/fatcat_web/templates/editgroup_view.html +++ b/python/fatcat_web/templates/editgroup_view.html @@ -35,13 +35,55 @@ {# extended by changelog_entry #} {% block editgroupheader %} -<h1 class="ui header">Edit Group +{% if not editgroup.changelog_index %} + <div class="ui right floated center aligned segment"> + {% if auth_to_accept %} + <form id="submit_editgroup_form" method="POST" action="/editgroup/{{ editgroup.editgroup_id }}/accept"> + <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/> + <button class="ui orange button">Accept Edits</button> + </form><br> + {% endif %} + {% if auth_to_submit %} + {% if editgroup.submitted %} + <form id="submit_editgroup_form" method="POST" action="/editgroup/{{ editgroup.editgroup_id }}/unsubmit"> + <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/> + <button class="ui button">Un-Submit</button> + </form><br> + <form id="submit_editgroup_form" method="POST" action="/editgroup/{{ editgroup.editgroup_id }}/submit"> + <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/> + <button class="ui button">Re-Submit</button> + </form> + {% else %} + <form id="submit_editgroup_form" method="POST" action="/editgroup/{{ editgroup.editgroup_id }}/submit"> + <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/> + <button class="ui primary button">Submit</button> + </form> + {% endif %} + {% endif %} + </div> +{% endif %} + +<h1 class="ui header">Editgroup <div class="sub header"><code>editgroup {{ editgroup.editgroup_id }}</code></div></h1> {% endblock %} -<b>Editor:</b> <a href="/editor/{{editgroup.editor_id}}">{{ editgroup.editor.username }}</a> -<br><b>Description:</b> {{ editgroup.description }} -<br><br> +<br><b>Status:</b> +{% if editgroup.changelog_index %} + Merged (<a href="/changelog/{{ editgroup.changelog_index }}">Changelog #{{ editgroup.changelog_index }}</a>) +{% elif editgroup.submitted %} + Submitted ({{ editgroup.submitted }}) +{% else %} + Not Submitted +{% endif %} + +<br><b>Editor:</b> <a href="/editor/{{editgroup.editor_id}}">{{ editgroup.editor.username }}</a> +<br><b>Description:</b> +{% if editgroup.description %} + {{ editgroup.description }} +{% else %} + <i>none</i> +{% endif %} +<br><br clear="all"> <div class="ui styled fluid accordion"> {{ edit_list(editgroup.edits.works, "work", "Work") }} |