michael/pyfedi
1
0
Fork 0
mirror of https://codeberg.org/rimu/pyfedi synced 2025-01-23 19:36:56 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

limit admin user editing power #116

Browse source
This commit is contained in:
rimu 2024-03-23 07:08:28 +13:00
parent 2e2406c0d6
commit c374f65a27
3 changed files with 22 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/admin/forms.py
View file

@ -167,26 +167,16 @@ class AddUserForm(FlaskForm):
class EditUserForm(FlaskForm): class EditUserForm(FlaskForm):
about = TextAreaField(_l('Bio'), validators=[Optional(), Length(min=3, max=5000)])
email = StringField(_l('Email address'), validators=[Optional(), Length(max=255)])
matrix_user_id = StringField(_l('Matrix User ID'), validators=[Optional(), Length(max=255)])
profile_file = FileField(_l('Avatar image'))
banner_file = FileField(_l('Top banner image'))
bot = BooleanField(_l('This profile is a bot')) bot = BooleanField(_l('This profile is a bot'))
verified = BooleanField(_l('Email address is verified')) verified = BooleanField(_l('Email address is verified'))
banned = BooleanField(_l('Banned')) banned = BooleanField(_l('Banned'))
newsletter = BooleanField(_l('Subscribe to email newsletter'))
ignore_bots = BooleanField(_l('Hide posts by bots'))
nsfw = BooleanField(_l('Show NSFW posts'))
nsfl = BooleanField(_l('Show NSFL posts'))
searchable = BooleanField(_l('Show profile in user list'))
indexable = BooleanField(_l('Allow search engines to index this profile'))
manually_approves_followers = BooleanField(_l('Manually approve followers'))
role_options = [(2, _l('User')), role_options = [(2, _l('User')),
(3, _l('Staff')), (3, _l('Staff')),
(4, _l('Admin')), (4, _l('Admin')),
] ]
role = SelectField(_l('Role'), choices=role_options, default=2, coerce=int) role = SelectField(_l('Role'), choices=role_options, default=2, coerce=int)
remove_avatar = BooleanField(_l('Remove avatar'))
remove_banner = BooleanField(_l('Remove banner'))
submit = SubmitField(_l('Save')) submit = SubmitField(_l('Save'))

56
app/admin/routes.py
View file

@ -535,46 +535,20 @@ def admin_user_edit(user_id):
form = EditUserForm() form = EditUserForm()
user = User.query.get_or_404(user_id) user = User.query.get_or_404(user_id)
if form.validate_on_submit(): if form.validate_on_submit():
user.about = form.about.data
user.email = form.email.data
user.about_html = markdown_to_html(form.about.data)
user.matrix_user_id = form.matrix_user_id.data
user.bot = form.bot.data user.bot = form.bot.data
user.verified = form.verified.data user.verified = form.verified.data
user.banned = form.banned.data user.banned = form.banned.data
profile_file = request.files['profile_file'] if form.remove_avatar.data and user.avatar_id:
if profile_file and profile_file.filename != '': file = File.query.get(user.avatar_id)
# remove old avatar file.delete_from_disk()
if user.avatar_id: user.avatar_id = None
file = File.query.get(user.avatar_id) db.session.delete(file)
file.delete_from_disk()
user.avatar_id = None
db.session.delete(file)
# add new avatar if form.remove_banner.data and user.cover_id:
file = save_icon_file(profile_file, 'users') file = File.query.get(user.cover_id)
if file: file.delete_from_disk()
user.avatar = file user.cover_id = None
banner_file = request.files['banner_file'] db.session.delete(file)
if banner_file and banner_file.filename != '':
# remove old cover
if user.cover_id:
file = File.query.get(user.cover_id)
file.delete_from_disk()
user.cover_id = None
db.session.delete(file)
# add new cover
file = save_banner_file(banner_file, 'users')
if file:
user.cover = file
user.newsletter = form.newsletter.data
user.ignore_bots = form.ignore_bots.data
user.show_nsfw = form.nsfw.data
user.show_nsfl = form.nsfl.data
user.searchable = form.searchable.data
user.indexable = form.indexable.data
user.ap_manually_approves_followers = form.manually_approves_followers.data
# Update user roles. The UI only lets the user choose 1 role but the DB structure allows for multiple roles per user. # Update user roles. The UI only lets the user choose 1 role but the DB structure allows for multiple roles per user.
db.session.execute(text('DELETE FROM user_role WHERE user_id = :user_id'), {'user_id': user.id}) db.session.execute(text('DELETE FROM user_role WHERE user_id = :user_id'), {'user_id': user.id})
@ -589,19 +563,9 @@ def admin_user_edit(user_id):
else: else:
if not user.is_local(): if not user.is_local():
flash(_('This is a remote user - most settings here will be regularly overwritten with data from the original server.'), 'warning') flash(_('This is a remote user - most settings here will be regularly overwritten with data from the original server.'), 'warning')
form.about.data = user.about
form.email.data = user.email
form.matrix_user_id.data = user.matrix_user_id
form.newsletter.data = user.newsletter
form.bot.data = user.bot form.bot.data = user.bot
form.verified.data = user.verified form.verified.data = user.verified
form.banned.data = user.banned form.banned.data = user.banned
form.ignore_bots.data = user.ignore_bots
form.nsfw.data = user.show_nsfw
form.nsfl.data = user.show_nsfl
form.searchable.data = user.searchable
form.indexable.data = user.indexable
form.manually_approves_followers.data = user.ap_manually_approves_followers
if user.roles and user.roles.count() > 0: if user.roles and user.roles.count() > 0:
form.role.data = user.roles[0].id form.role.data = user.roles[0].id

23
app/templates/admin/edit_user.html
View file

@ -17,29 +17,26 @@
<h3>{{ _('Edit %(user_name)s (%(display_name)s)', user_name=user.user_name, display_name=user.display_name()) }}</h3> <h3>{{ _('Edit %(user_name)s (%(display_name)s)', user_name=user.user_name, display_name=user.display_name()) }}</h3>
<form method="post" enctype="multipart/form-data" id="add_local_user_form"> <form method="post" enctype="multipart/form-data" id="add_local_user_form">
{{ form.csrf_token() }} {{ form.csrf_token() }}
{{ render_field(form.about) }} {{ user.about_html|safe if user.about_html }}
{{ render_field(form.email) }} <p>Email: <a href="mailto:{{ user.email }}">{{ user.email }}</a></p>
{{ render_field(form.matrix_user_id) }} <p>Matrix: {{ user.matrix_user_id if user.matrix_user_id }}</p>
{% if user.avatar_id %} {% if user.avatar_id %}
<img class="user_icon_big rounded-circle" src="{{ user.avatar_image() }}" width="120" height="120" /> <img class="user_icon_big rounded-circle" src="{{ user.avatar_image() }}" width="120" height="120" />
{% endif %} {% endif %}
{{ render_field(form.profile_file) }}
<small class="field_hint">Provide a square image that looks good when small.</small>
{% if user.cover_id %} {% if user.cover_id %}
<a href="{{ user.cover_image() }}"><img class="user_icon_big" src="{{ user.cover_image() }}" style="width: 300px; height: auto;" /></a> <a href="{{ user.cover_image() }}"><img class="user_icon_big" src="{{ user.cover_image() }}" style="width: 300px; height: auto;" /></a>
{% endif %} {% endif %}
{{ render_field(form.banner_file) }}
<small class="field_hint">Provide a wide image - letterbox orientation.</small>
{{ render_field(form.bot) }} {{ render_field(form.bot) }}
{{ render_field(form.verified) }} {{ render_field(form.verified) }}
{{ render_field(form.banned) }} {{ render_field(form.banned) }}
{{ render_field(form.newsletter) }} <p>receive newsletter: {{ user.newsletter }}</p>
{{ render_field(form.nsfw) }} <p>view nsfw: {{ user.nsfw }}</p>
{{ render_field(form.nsfl) }} <p>view nsfl: {{ user.nsfl }}</p>
{{ render_field(form.searchable) }} <p>searchable: {{ user.searchable }}</p>
{{ render_field(form.indexable) }} <p>indexable: {{ user.indexable }}</p>
{{ render_field(form.manually_approves_followers) }}
{{ render_field(form.role) }} {{ render_field(form.role) }}
{{ render_field(form.remove_avatar) }}
{{ render_field(form.remove_banner) }}
{{ render_field(form.submit) }} {{ render_field(form.submit) }}
</form> </form>
<p class="mt-4"> <p class="mt-4">