do more permissions

This commit is contained in:
Luna D 2019-12-19 19:00:09 -05:00
parent 3bf4372f0f
commit 85f70f88af
No known key found for this signature in database
GPG key ID: D0F46C94720BAA4B
4 changed files with 100 additions and 58 deletions

View file

@ -1,6 +1,8 @@
defimpl Canada.Can, for: [Atom, Philomena.Users.User] do defimpl Canada.Can, for: [Atom, Philomena.Users.User] do
alias Philomena.Users.User alias Philomena.Users.User
alias Philomena.Roles.Role
alias Philomena.Badges.Award alias Philomena.Badges.Award
alias Philomena.Badges.Badge
alias Philomena.Channels.Channel alias Philomena.Channels.Channel
alias Philomena.Comments.Comment alias Philomena.Comments.Comment
alias Philomena.Commissions.Commission alias Philomena.Commissions.Commission
@ -19,6 +21,8 @@ defimpl Canada.Can, for: [Atom, Philomena.Users.User] do
alias Philomena.Tags.Tag alias Philomena.Tags.Tag
alias Philomena.Reports.Report alias Philomena.Reports.Report
alias Philomena.StaticPages.StaticPage alias Philomena.StaticPages.StaticPage
alias Philomena.Adverts.Advert
alias Philomena.SiteNotices.SiteNotice
alias Philomena.Bans.User, as: UserBan alias Philomena.Bans.User, as: UserBan
alias Philomena.Bans.Subnet, as: SubnetBan alias Philomena.Bans.Subnet, as: SubnetBan
@ -31,8 +35,9 @@ defimpl Canada.Can, for: [Atom, Philomena.Users.User] do
# Moderators can... # Moderators can...
# #
# Show details of profiles # Show details of profiles and view user list
def can?(%User{role: "moderator"}, :show_details, %User{}), do: true def can?(%User{role: "moderator"}, :show_details, %User{}), do: true
def can?(%User{role: "moderator"}, :index, User), do: true
# View filters # View filters
def can?(%User{role: "moderator"}, :show, %Filter{}), do: true def can?(%User{role: "moderator"}, :show, %Filter{}), do: true
@ -69,6 +74,7 @@ defimpl Canada.Can, for: [Atom, Philomena.Users.User] do
def can?(%User{role: "moderator"}, :edit_links, %User{}), do: true def can?(%User{role: "moderator"}, :edit_links, %User{}), do: true
def can?(%User{role: "moderator"}, :edit, %UserLink{}), do: true def can?(%User{role: "moderator"}, :edit, %UserLink{}), do: true
def can?(%User{role: "moderator"}, :index, UserLink), do: true def can?(%User{role: "moderator"}, :index, UserLink), do: true
def can?(%User{role: "moderator"}, :show, %UserLink{}), do: true
# Reveal anon users # Reveal anon users
def can?(%User{role: "moderator"}, :reveal_anon, _object), do: true def can?(%User{role: "moderator"}, :reveal_anon, _object), do: true
@ -95,9 +101,8 @@ defimpl Canada.Can, for: [Atom, Philomena.Users.User] do
def can?(%User{role: "moderator"}, :show, %Topic{}), do: true def can?(%User{role: "moderator"}, :show, %Topic{}), do: true
def can?(%User{role: "moderator"}, :hide, %Topic{}), do: true def can?(%User{role: "moderator"}, :hide, %Topic{}), do: true
# Edit and alias tags # Edit tags
def can?(%User{role: "moderator"}, :edit, %Tag{}), do: true def can?(%User{role: "moderator"}, :edit, %Tag{}), do: true
def can?(%User{role: "moderator"}, :alias, %Tag{}), do: true
# Award badges # Award badges
def can?(%User{role: "moderator"}, :create, %Award{}), do: true def can?(%User{role: "moderator"}, :create, %Award{}), do: true
@ -105,6 +110,37 @@ defimpl Canada.Can, for: [Atom, Philomena.Users.User] do
# Create mod notes # Create mod notes
def can?(%User{role: "moderator"}, :index, ModNote), do: true def can?(%User{role: "moderator"}, :index, ModNote), do: true
# And some privileged moderators can...
# Manage site notices
def can?(%User{role: "moderator", role_map: %{"SiteNotice" => "admin"}}, _action, SiteNotice), do: true
def can?(%User{role: "moderator", role_map: %{"SiteNotice" => "admin"}}, _action, %SiteNotice{}), do: true
# Manage badges
def can?(%User{role: "moderator", role_map: %{"Badge" => "admin"}}, _action, Award), do: true
def can?(%User{role: "moderator", role_map: %{"Badge" => "admin"}}, _action, %Award{}), do: true
def can?(%User{role: "moderator", role_map: %{"Badge" => "admin"}}, _action, Badge), do: true
def can?(%User{role: "moderator", role_map: %{"Badge" => "admin"}}, _action, %Badge{}), do: true
# Manage tags
def can?(%User{role: "moderator", role_map: %{"Tag" => "admin"}}, _action, Tag), do: true
def can?(%User{role: "moderator", role_map: %{"Tag" => "admin"}}, _action, %Tag{}), do: true
# Manage user roles
def can?(%User{role: "moderator", role_map: %{"Role" => "admin"}}, _action, %Role{}), do: true
# Manage users
def can?(%User{role: "moderator", role_map: %{"User" => "moderator"}}, _action, User), do: true
def can?(%User{role: "moderator", role_map: %{"User" => "moderator"}}, _action, %User{}), do: true
# Manage advertisements
def can?(%User{role: "moderator", role_map: %{"Advert" => "admin"}}, _action, Advert), do: true
def can?(%User{role: "moderator", role_map: %{"Advert" => "admin"}}, _action, %Advert{}), do: true
# Manage static pages
def can?(%User{role: "moderator", role_map: %{"StaticPage" => "admin"}}, _action, StaticPage), do: true
def can?(%User{role: "moderator", role_map: %{"StaticPage" => "admin"}}, _action, %StaticPage{}), do: true
# #
# Assistants can... # Assistants can...
# #

View file

@ -72,53 +72,59 @@ a.label.label--primary.label--block href="#" data-click-toggle=".js-admin__optio
span.admin__button Potential Aliases span.admin__button Potential Aliases
ul.profile-admin__options__column ul.profile-admin__options__column
= if can?(@conn, :edit, @user) do
li
= link to: Routes.admin_user_path(@conn, :edit, @user) do
i.fas.fa-fw.fa-edit
span.admin__button Edit User
= if @user.deleted_at do
li li
= link to: Routes.admin_user_activation_path(@conn, :create, @user), data: [confirm: "Are you really, really sure?", method: "post"] do = link to: Routes.admin_user_path(@conn, :edit, @user) do
i.fa.fa-fw.fa-check i.fas.fa-fw.fa-edit
span.admin__button Reactivate Account span.admin__button Edit User
- else
= if @user.deleted_at do
li
= link to: Routes.admin_user_activation_path(@conn, :create, @user), data: [confirm: "Are you really, really sure?", method: "post"] do
i.fa.fa-fw.fa-check
span.admin__button Reactivate Account
- else
li
= link to: Routes.admin_user_activation_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do
i.fa.fa-fw.fa-times
span.admin__button Deactivate Account
li li
= link to: Routes.admin_user_activation_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do = link to: Routes.admin_user_wipe_path(@conn, :create, @user), data: [confirm: "This is irreversible, destroying all identifying information including email. Are you sure?", method: "post"] do
i.fa.fa-fw.fa-times i.fas.fa-fw.fa-eraser
span.admin__button Deactivate Account span.admin__button Wipe PII
li
= link to: Routes.admin_donation_user_path(@conn, :show, @user) do
i.fas.fa-fw.fa-dollar-sign
span.admin__button Donations
li = if can?(@conn, :index, Philomena.Users.User) do
= link to: Routes.profile_user_link_path(@conn, :new, @user) do li
i.fa.fa-fw.fa-link = link to: Routes.admin_user_vote_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do
span.admin__button Add User Link i.far.fa-fw.fa-file-excel
span.admin__button Remove All Votes/Faves
li li
= link to: Routes.admin_user_vote_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do = link to: Routes.admin_user_downvote_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do
i.far.fa-fw.fa-file-excel i.fa.fa-fw.fa-arrow-down
span.admin__button Remove All Votes/Faves span.admin__button Remove All Downvotes
li = if can?(@conn, :index, %Philomena.Donations.Donation{}) do
= link to: Routes.admin_user_downvote_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do li
i.fa.fa-fw.fa-arrow-down = link to: Routes.admin_donation_user_path(@conn, :show, @user) do
span.admin__button Remove All Downvotes i.fas.fa-fw.fa-dollar-sign
span.admin__button Donations
li = if can?(@conn, :edit, %Philomena.UserLinks.UserLink{}) do
= link to: Routes.admin_user_ban_path(@conn, :new, username: @user.name) do li
i.fa.fa-fw.fa-ban = link to: Routes.profile_user_link_path(@conn, :new, @user) do
span.admin__button Ban this sucker i.fa.fa-fw.fa-link
span.admin__button Add User Link
li = if can?(@conn, :create, Philomena.Bans.User) do
= link to: Routes.admin_user_wipe_path(@conn, :create, @user), data: [confirm: "This is irreversible, destroying all identifying information including email. Are you sure?", method: "post"] do li
i.fas.fa-fw.fa-eraser = link to: Routes.admin_user_ban_path(@conn, :new, username: @user.name) do
span.admin__button Wipe PII i.fa.fa-fw.fa-ban
span.admin__button Ban this sucker
li = if can?(@conn, :index, Philomena.Users.User) do
= link to: Routes.admin_user_api_key_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do li
i.fas.fa-fw.fa-key = link to: Routes.admin_user_api_key_path(@conn, :delete, @user), data: [confirm: "Are you really, really sure?", method: "delete"] do
span.admin__button Reset API key i.fas.fa-fw.fa-key
span.admin__button Reset API key

View file

@ -38,9 +38,9 @@
= if can_index_user?(@conn) do = if can_index_user?(@conn) do
= render PhilomenaWeb.ProfileView, "_admin_block.html", assigns = render PhilomenaWeb.ProfileView, "_admin_block.html", assigns
= if (current?(@user, @conn.assigns.current_user) or can?(@conn, :index, UserBan)) and Enum.any?(@bans) do = if (current?(@user, @conn.assigns.current_user) or can?(@conn, :index, Philomena.Bans.User)) and Enum.any?(@bans) do
.block .block
.block__header .block__header--single-item
' Ban History ' Ban History
.block__content .block__content
= render PhilomenaWeb.BanView, "_bans.html", bans: @bans, conn: @conn = render PhilomenaWeb.BanView, "_bans.html", bans: @bans, conn: @conn

View file

@ -90,26 +90,26 @@ defmodule PhilomenaWeb.LayoutView do
do: can?(conn, :index, Philomena.SiteNotices.SiteNotice) do: can?(conn, :index, Philomena.SiteNotices.SiteNotice)
def manages_tags?(conn), def manages_tags?(conn),
do: can?(conn, :index, Philomena.Tags.Tag) do: can?(conn, :edit, %Philomena.Tags.Tag{})
def manages_users?(conn), def manages_users?(conn),
do: can?(conn, :index, Philomena.Users.User) do: can?(conn, :index, Philomena.Users.User)
def manages_forums?(conn), def manages_forums?(conn),
do: conn.assigns.current_user.role == "admin" do: can?(conn, :edit, Philomena.Forums.Forum)
def manages_ads?(conn), def manages_ads?(conn),
do: conn.assigns.current_user.role == "admin" do: can?(conn, :index, Philomena.Adverts.Advert)
def manages_badges?(conn), def manages_badges?(conn),
do: can?(conn, :index, Philomena.Badges.Badge) do: can?(conn, :index, Philomena.Badges.Badge)
def manages_static_pages?(conn), def manages_static_pages?(conn),
do: conn.assigns.current_user.role == "admin" do: can?(conn, :edit, %Philomena.StaticPages.StaticPage{})
def manages_mod_notes?(conn), def manages_mod_notes?(conn),
do: conn.assigns.current_user.role in ["admin", "moderator"] do: can?(conn, :index, Philomena.ModNotes.ModNote)
def manages_bans?(conn), def manages_bans?(conn),
do: conn.assigns.current_user.role in ["admin", "moderator"] do: can?(conn, :create, Philomena.Bans.User)
end end