Пример #1
0
    def post(self, user_id=None):
        if not Permission(CanBanUser, identity=current_user):
            flash(
                _("You do not have the permissions to ban this user."),
                "danger"
            )
            return redirect(url_for("management.overview"))

        json = request.get_json()
        if json:
            ids = json["ids"]

            data = []
            users = User.query.filter(User.id.in_(ids)).all()
            for user in users:
                # don't let a user ban himself and do not allow a moderator
                # to ban a admin user
                if (current_user.id == user.id or
                        Permission(IsAdmin, identity=user) and
                        Permission(Not(IsAdmin), current_user)):
                    continue

                elif user.ban():
                    data.append(
                        {
                            "id":
                            user.id,
                            "type":
                            "ban",
                            "reverse":
                            "unban",
                            "reverse_name":
                            _("Unban"),
                            "reverse_url":
                            url_for("management.unban_user", user_id=user.id)
                        }
                    )

            return jsonify(
                message="{} users banned.".format(len(data)),
                category="success",
                data=data,
                status=200
            )

        user = User.query.filter_by(id=user_id).first_or_404()
        # Do not allow moderators to ban admins
        if Permission(IsAdmin, identity=user) and Permission(
                Not(IsAdmin), identity=current_user):
            flash(_("A moderator cannot ban an admin user."), "danger")
            return redirect(url_for("management.overview"))

        if not current_user.id == user.id and user.ban():
            flash(_("User is now banned."), "success")
        else:
            flash(_("Could not ban user."), "danger")
        return redirect(url_for("management.banned_users"))
Пример #2
0
def test_NotConditional_defaults(always):
    Cond = Not(always)

    assert (Cond.requirements, Cond.op, Cond.until, Cond.negated) == \
        ((always,), operator.and_, None, True)
Пример #3
0
def block_banned():
    allows.additional.current.add(Not(HasLevel(AuthLevels.banned)))
Пример #4
0
def test_NotConditional_many_mixed(always, never, member, request):
    assert Not(always, never)(member, request)
Пример #5
0
def test_NotConditional_many_all_false(never, member, request):
    assert Not(never, never)(member, request)
Пример #6
0
def test_NotConditional_many_all_true(always, member, request):
    assert not Not(always, always)(member, request)
Пример #7
0
def test_NotConditional_singular_false(never, member, request):
    assert Not(never)(member, request)
Пример #8
0
def test_NotConditional_singular_true(always, member, request):
    assert not Not(always)(member, request)